From: Baoquan He <bhe@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "x86@kernel.org" <x86@kernel.org>,
"Kees Cook <keescook@chromium.org,
Yinghai Lu" <yinghai@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Thomas Garnier <thgarnie@google.com>
Subject: Re: [PATCH] x86/boot/KASLR: Skip relocation handling in no kaslr case
Date: Thu, 6 Jul 2017 21:54:13 +0800 [thread overview]
Message-ID: <20170706135413.GL19994@x1> (raw)
In-Reply-To: <20170706132827.GJ19994@x1>
On 07/06/17 at 09:28pm, Baoquan He wrote:
> > > Do you mean the handling in boot/compressed/head_64.S? Whatever it does,
> > > it's only for physical address. The virtual address mapping is not
> > > touched. Here virt_addr respresents the offset between
> > > 0xffffffff80000000, 0xffffffffc0000000. And if skip the relocation
> > > handling, we can see that the '_text' will be mapped to
> > > 0xffffffff81000000 forever, no matter where physical address of '_text'
> > > is. So here LOAD_PHYSICAL_ADDR is default value of 'virt_addr'.
> >
> > So, this isn't always true. The output address is the address assigned
> > by head_*.S for the extraction destination. We can't just change that,
> > since it's based on where to perform the extraction, etc. All the
> > logic in there is designed to make sure we're actually >=
> > LOAD_PHYSICAL_ADDR:
> >
> > cmpl $LOAD_PHYSICAL_ADDR, %ebx
> > jge 1f
> > #endif
> > movl $LOAD_PHYSICAL_ADDR, %ebx
> > 1:
>
> Yes, here it's trying to do an adjustment. To align the original loading
> address if it's not aligned to CONFIG_PHYSICAL_ALIGN, and to make it be
> LOAD_PHYSICAL_ADDR if it's smaller than LOAD_PHYSICAL_ADDR. Other than
> those, nothing else be done. So let me conclude the possible original
> 'output' value:
> 1) default case
> It's LOAD_PHYSICAL_ADDR Which is the default loading address.
> 2) kexec/kdump
> The output will be at the top of the available physical ram.
> 3) Modified bootloader
> Which could put kernel anywhere by modifying code of bootloader. This
> is the case that we need do above alignment and adjustment to avoid
> unpleasant kernel error.
>
> Except of above 3 cases, physical address of kernel could be changed by
> physical address randomization.
> 4) physical address randomization
>
> However, for virtual address, there are only two chances to decide:
> 1) arch/x86/kernel/vmlinux.lds.S
> we just map .text at __START_KERNEL
> #define __PHYSICAL_START ALIGN(CONFIG_PHYSICAL_START, \
> CONFIG_PHYSICAL_ALIGN)
>
> #define __START_KERNEL (__START_KERNEL_map + __PHYSICAL_START)
> 2) handle_relocations :: boot/compressed/misc.c
> In handle_relocations(), we DO pass in the physical 'output', but that
> is used to calculate 'map' which is used to position those memory
> unit where the referenced address need be relocated.
>
> So later, in arch/x86/kernel/head_64.S, we will store the delta which is
> between 16M and the actual kernel loading address into phys_base. So as
Here I was wrong about phys_base. It has been changed in the latest code
in Linus's tree. Please check arch/x86/kernel/head64.c:
void __head __startup_64(unsigned long physaddr)
{
...
load_delta = physaddr - (unsigned long)(_text - __START_KERNEL_map);
...
/* Fixup phys_base */
p = fixup_pointer(&phys_base, physaddr);
*p += load_delta;
}
Here physaddr should be 'output' which is the place kernel decompressed
at.
> long as we can translate physical address and virtual address of kernel
> by below formula, everything is going very well.
>
> y = x - __START_KERNEL_map + phys_base.
>
> We really don't need to tie physical address and virtual address of
> kernel together in any cases. They can be randomized or not randomized
> completely separately. As long as we keep above translation formula
> working well, everything need not be worried.
next prev parent reply other threads:[~2017-07-06 13:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1498314309-18502-1-git-send-email-bhe@redhat.com>
2017-06-26 9:47 ` [PATCH] x86/boot/KASLR: Skip relocation handling in no kaslr case Ingo Molnar
2017-06-26 10:43 ` Baoquan He
2017-06-27 8:34 ` Ingo Molnar
2017-06-27 8:55 ` Baoquan He
2017-06-27 22:42 ` Kees Cook
2017-06-27 23:24 ` Baoquan He
2017-06-27 23:33 ` Baoquan He
2017-07-05 19:06 ` Kees Cook
2017-07-06 13:28 ` Baoquan He
2017-07-06 13:54 ` Baoquan He [this message]
2017-06-24 14:16 Baoquan He
2017-06-24 14:23 ` Baoquan He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170706135413.GL19994@x1 \
--to=bhe@redhat.com \
--cc=arnd@arndb.de \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=x86@kernel.org \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.