diff options
author | AKASHI Takahiro <takahiro.akashi@linaro.org> | 2018-11-15 06:52:55 +0100 |
---|---|---|
committer | Will Deacon <will.deacon@arm.com> | 2018-12-06 16:16:57 +0100 |
commit | 884143f60c89acf8f2d06de4113d5e3057791701 (patch) | |
tree | 1711c309cfce523ab26484172bd10adb62c68cc6 | |
parent | arm64: kexec_file: add kernel signature verification support (diff) | |
download | linux-884143f60c89acf8f2d06de4113d5e3057791701.tar.xz linux-884143f60c89acf8f2d06de4113d5e3057791701.zip |
arm64: kexec_file: add kaslr support
Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual
address randomization, at secondary kernel boot. We always do this as
it will have no harm on kaslr-incapable kernel.
We don't have any "switch" to turn off this feature directly, but still
can suppress it by passing "nokaslr" as a kernel boot argument.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
[will: Use rng_is_initialized()]
Signed-off-by: Will Deacon <will.deacon@arm.com>
-rw-r--r-- | arch/arm64/kernel/machine_kexec_file.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c index 7e9d5ed3e238..0972c6d2c5bb 100644 --- a/arch/arm64/kernel/machine_kexec_file.c +++ b/arch/arm64/kernel/machine_kexec_file.c @@ -16,6 +16,7 @@ #include <linux/libfdt.h> #include <linux/memblock.h> #include <linux/of_fdt.h> +#include <linux/random.h> #include <linux/string.h> #include <linux/types.h> #include <asm/byteorder.h> @@ -24,6 +25,7 @@ #define FDT_PSTR_INITRD_STA "linux,initrd-start" #define FDT_PSTR_INITRD_END "linux,initrd-end" #define FDT_PSTR_BOOTARGS "bootargs" +#define FDT_PSTR_KASLR_SEED "kaslr-seed" const struct kexec_file_ops * const kexec_file_loaders[] = { &kexec_image_ops, @@ -82,11 +84,26 @@ static int setup_dtb(struct kimage *image, return -EINVAL; } + /* add kaslr-seed */ + ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED); + if (ret && (ret != -FDT_ERR_NOTFOUND)) + return -EINVAL; + + if (rng_is_initialized()) { + u64 r = get_random_u64(); + ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED, r); + if (ret) + return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL); + } else { + pr_notice("RNG is not initialised: omitting \"%s\" property\n", + FDT_PSTR_KASLR_SEED); + } + return 0; } /* - * More space needed so that we can add initrd and bootargs. + * More space needed so that we can add initrd, bootargs and kaslr-seed. */ #define DTB_EXTRA_SPACE 0x1000 |