From: Evgenii Shatokhin <eugene.shatokhin@yandex.ru>
To: Kees Cook <keescook@chromium.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Pavel Machek <pavel@ucw.cz>,
linux-doc@vger.kernel.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] hibernation: on 32-bit x86, disabled in favor of KASLR
Date: Thu, 23 Mar 2017 16:23:45 +0300 [thread overview]
Message-ID: <58D3CC61.8080609@yandex.ru> (raw)
In-Reply-To: <20170323002701.GA90470@beast>
On 23.03.2017 03:27, Kees Cook wrote:
> This is a modified revert of commit 65fe935dd238 ("x86/KASLR, x86/power:
> Remove x86 hibernation restrictions"), since it appears that 32-bit
> hibernation still can't support KASLR. 64-bit is fine. Since people have
> been running with KASLR by default on 32-bit since v4.8, this disables
> hibernation (with a warning). Booting with "nokaslr" will disable KASLR
> and enable hibernation.
>
> Reported-by: Evgenii Shatokhin <eugene.shatokhin@yandex.ru>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Cc: stable@vger.kernel.org # v4.8+
The patch does not work as intended on my system, unfortunately.
I tried the mainline kernel v4.11-rc3 and added this patch. With
"nokaslr" in the kernel command line, the system fails to hibernate. It
complains this way in the log:
<...>
kernel: PM: writing image.
kernel: PM: Cannot find swap device, try swapon -a.
kernel: PM: Cannot get swap writer
kernel: PM: Basic memory bitmaps freed
kernel: Restarting tasks ... done.
systemd[1]: Time has been changed
systemd[3948]: Time has been changed
systemd[14825]: Time has been changed
systemd[1]: systemd-hibernate.service: main process exited, code=exited,
status=1/FAILURE
systemd[1]: Failed to start Hibernate.
<...>
The swap device (swap file, actually) is available, however:
-------------
# swapon -s
Filename Type Size Used Priority
/swap file 6297596 0 -1
-------------
I built the same kernel without this patch then, added "nokaslr" in the
kernel command line again, and the system hibernates and resumes fine.
> ---
> Documentation/admin-guide/kernel-parameters.txt | 5 +++++
> arch/x86/boot/compressed/kaslr.c | 3 +++
> kernel/power/hibernate.c | 18 +++++++++++++++++-
> 3 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 2ba45caabada..6f899c7f587d 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1725,6 +1725,11 @@
> kernel and module base offset ASLR (Address Space
> Layout Randomization).
>
> + On 32-bit x86 with CONFIG_HIBERNATION, hibernation
> + is disabled if KASLR is enabled. If "nokaslr" is
> + specified, KASLR will be diabled and hibernation
> + will be enabled.
> +
> keepinitrd [HW,ARM]
>
> kernelcore= [KNL,X86,IA-64,PPC]
> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index 8b7c9e75edcb..b694af45f1e0 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -572,6 +572,9 @@ void choose_random_location(unsigned long input,
> return;
> }
>
> + if (IS_ENABLED(CONFIG_X86_32) && IS_ENABLED(CONFIG_HIBERNATION))
> + warn("KASLR active: hibernation disabled on 32-bit x86.");
> +
> boot_params->hdr.loadflags |= KASLR_FLAG;
>
> /* Prepare to add new identity pagetables on demand. */
> diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> index a8b978c35a6a..1d8f1fe1b7f4 100644
> --- a/kernel/power/hibernate.c
> +++ b/kernel/power/hibernate.c
> @@ -37,9 +37,14 @@
> #include "power.h"
>
>
> -static int nocompress;
> +#if defined(CONFIG_X86_32) && defined(CONFIG_RANDOMIZE_BASE)
> +static int noresume = 1;
> +static int nohibernate = 1;
> +#else
> static int noresume;
> static int nohibernate;
> +#endif
> +static int nocompress;
> static int resume_wait;
> static unsigned int resume_delay;
> static char resume_file[256] = CONFIG_PM_STD_PARTITION;
> @@ -1194,3 +1199,14 @@ __setup("hibernate=", hibernate_setup);
> __setup("resumewait", resumewait_setup);
> __setup("resumedelay=", resumedelay_setup);
> __setup("nohibernate", nohibernate_setup);
> +
> +/* Allow hibernation to be disabled in favor of KASLR on 32-bit x86. */
> +#if defined(CONFIG_X86_32) && defined(CONFIG_RANDOMIZE_BASE)
> +static int __init nokaslr_hibernate_setup(char *str)
> +{
> + noresume = 0;
> + nohibernate = 0;
> + return 1;
> +}
> +__setup("nokaslr", nokaslr_hibernate_setup);
> +#endif
>
next prev parent reply other threads:[~2017-03-23 13:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-23 0:27 [PATCH] hibernation: on 32-bit x86, disabled in favor of KASLR Kees Cook
2017-03-23 1:10 ` Rafael J. Wysocki
2017-03-23 13:23 ` Evgenii Shatokhin [this message]
2017-03-23 15:30 ` Rafael J. Wysocki
2017-03-25 14:54 ` Evgenii Shatokhin
2017-03-25 17:02 ` Kees Cook
2017-03-23 16:38 ` Yu Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58D3CC61.8080609@yandex.ru \
--to=eugene.shatokhin@yandex.ru \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.