From: Charlie Jenkins <charlie@rivosinc.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>,
Conor Dooley <conor.dooley@microchip.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Ard Biesheuvel <ardb@kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v6 0/5] riscv: Introduce KASLR
Date: Wed, 6 Sep 2023 16:27:56 -0700 [thread overview]
Message-ID: <ZPkK/MNGKZIW2mvc@ghost> (raw)
In-Reply-To: <CABCJKucj78p4TBtXYmMdJ=vYK69XC=XU06uB+_fyfZLRnC4h0A@mail.gmail.com>
On Wed, Aug 30, 2023 at 02:30:31PM -0700, Sami Tolvanen wrote:
> Hi Alexandre,
>
> On Sat, Jul 22, 2023 at 5:39 AM Alexandre Ghiti <alexghiti@rivosinc.com> wrote:
> >
> > The following KASLR implementation allows to randomize the kernel mapping:
> >
> > - virtually: we expect the bootloader to provide a seed in the device-tree
> > - physically: only implemented in the EFI stub, it relies on the firmware to
> > provide a seed using EFI_RNG_PROTOCOL. arm64 has a similar implementation
> > hence the patch 3 factorizes KASLR related functions for riscv to take
> > advantage.
> >
> > The new virtual kernel location is limited by the early page table that only
> > has one PUD and with the PMD alignment constraint, the kernel can only take
> > < 512 positions.
> >
> > base-commit-tag: v6.5-rc1
>
> Thanks for continuing to work on this!
>
> I reviewed the patches and the code looks correct to me. I also
> applied the series on top of v6.5 and after patching qemu to provide a
> kaslr-seed, I confirmed that the virtual offset appears to be random
> and is printed out when I panic the machine:
>
> # echo PANIC > /sys/kernel/debug/provoke-crash/DIRECT
> [ 17.510012] lkdtm: Performing direct entry PANIC
> [ 17.510411] Kernel panic - not syncing: dumptest
> [...]
> [ 17.518693] Kernel Offset: 0x32c00000 from 0xffffffff80000000
>
> For the series:
> Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
>
> I didn't test the EFI bits, but the rest of the series:
> Tested-by: Sami Tolvanen <samitolvanen@google.com>
>
> Conor, in another reply you mentioned you're planning on reviewing the
> patches as well. Did you have any feedback or concerns?
>
> Sami
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
In addition to testing this patch in QEMU by patching like Sami did, I
also booted this with a Debian kernel and tested it with EFI. I was able
to use lkdtm as Sami did to force a panic and see the kernel offset
changing in both scenarios.
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
- Charlie
WARNING: multiple messages have this Message-ID (diff)
From: Charlie Jenkins <charlie@rivosinc.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>,
Conor Dooley <conor.dooley@microchip.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Ard Biesheuvel <ardb@kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v6 0/5] riscv: Introduce KASLR
Date: Wed, 6 Sep 2023 16:27:56 -0700 [thread overview]
Message-ID: <ZPkK/MNGKZIW2mvc@ghost> (raw)
In-Reply-To: <CABCJKucj78p4TBtXYmMdJ=vYK69XC=XU06uB+_fyfZLRnC4h0A@mail.gmail.com>
On Wed, Aug 30, 2023 at 02:30:31PM -0700, Sami Tolvanen wrote:
> Hi Alexandre,
>
> On Sat, Jul 22, 2023 at 5:39 AM Alexandre Ghiti <alexghiti@rivosinc.com> wrote:
> >
> > The following KASLR implementation allows to randomize the kernel mapping:
> >
> > - virtually: we expect the bootloader to provide a seed in the device-tree
> > - physically: only implemented in the EFI stub, it relies on the firmware to
> > provide a seed using EFI_RNG_PROTOCOL. arm64 has a similar implementation
> > hence the patch 3 factorizes KASLR related functions for riscv to take
> > advantage.
> >
> > The new virtual kernel location is limited by the early page table that only
> > has one PUD and with the PMD alignment constraint, the kernel can only take
> > < 512 positions.
> >
> > base-commit-tag: v6.5-rc1
>
> Thanks for continuing to work on this!
>
> I reviewed the patches and the code looks correct to me. I also
> applied the series on top of v6.5 and after patching qemu to provide a
> kaslr-seed, I confirmed that the virtual offset appears to be random
> and is printed out when I panic the machine:
>
> # echo PANIC > /sys/kernel/debug/provoke-crash/DIRECT
> [ 17.510012] lkdtm: Performing direct entry PANIC
> [ 17.510411] Kernel panic - not syncing: dumptest
> [...]
> [ 17.518693] Kernel Offset: 0x32c00000 from 0xffffffff80000000
>
> For the series:
> Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
>
> I didn't test the EFI bits, but the rest of the series:
> Tested-by: Sami Tolvanen <samitolvanen@google.com>
>
> Conor, in another reply you mentioned you're planning on reviewing the
> patches as well. Did you have any feedback or concerns?
>
> Sami
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
In addition to testing this patch in QEMU by patching like Sami did, I
also booted this with a Debian kernel and tested it with EFI. I was able
to use lkdtm as Sami did to force a panic and see the kernel offset
changing in both scenarios.
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
- Charlie
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Charlie Jenkins <charlie@rivosinc.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>,
Conor Dooley <conor.dooley@microchip.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Ard Biesheuvel <ardb@kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v6 0/5] riscv: Introduce KASLR
Date: Wed, 6 Sep 2023 16:27:56 -0700 [thread overview]
Message-ID: <ZPkK/MNGKZIW2mvc@ghost> (raw)
In-Reply-To: <CABCJKucj78p4TBtXYmMdJ=vYK69XC=XU06uB+_fyfZLRnC4h0A@mail.gmail.com>
On Wed, Aug 30, 2023 at 02:30:31PM -0700, Sami Tolvanen wrote:
> Hi Alexandre,
>
> On Sat, Jul 22, 2023 at 5:39 AM Alexandre Ghiti <alexghiti@rivosinc.com> wrote:
> >
> > The following KASLR implementation allows to randomize the kernel mapping:
> >
> > - virtually: we expect the bootloader to provide a seed in the device-tree
> > - physically: only implemented in the EFI stub, it relies on the firmware to
> > provide a seed using EFI_RNG_PROTOCOL. arm64 has a similar implementation
> > hence the patch 3 factorizes KASLR related functions for riscv to take
> > advantage.
> >
> > The new virtual kernel location is limited by the early page table that only
> > has one PUD and with the PMD alignment constraint, the kernel can only take
> > < 512 positions.
> >
> > base-commit-tag: v6.5-rc1
>
> Thanks for continuing to work on this!
>
> I reviewed the patches and the code looks correct to me. I also
> applied the series on top of v6.5 and after patching qemu to provide a
> kaslr-seed, I confirmed that the virtual offset appears to be random
> and is printed out when I panic the machine:
>
> # echo PANIC > /sys/kernel/debug/provoke-crash/DIRECT
> [ 17.510012] lkdtm: Performing direct entry PANIC
> [ 17.510411] Kernel panic - not syncing: dumptest
> [...]
> [ 17.518693] Kernel Offset: 0x32c00000 from 0xffffffff80000000
>
> For the series:
> Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
>
> I didn't test the EFI bits, but the rest of the series:
> Tested-by: Sami Tolvanen <samitolvanen@google.com>
>
> Conor, in another reply you mentioned you're planning on reviewing the
> patches as well. Did you have any feedback or concerns?
>
> Sami
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
In addition to testing this patch in QEMU by patching like Sami did, I
also booted this with a Debian kernel and tested it with EFI. I was able
to use lkdtm as Sami did to force a panic and see the kernel offset
changing in both scenarios.
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
- Charlie
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-09-06 23:28 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-22 12:38 [PATCH v6 0/5] riscv: Introduce KASLR Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` [PATCH v6 1/5] riscv: Introduce virtual kernel mapping KASLR Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` [PATCH v6 2/5] riscv: Dump out kernel offset information on panic Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-24 14:19 ` Conor Dooley
2023-07-24 14:19 ` Conor Dooley
2023-07-25 7:05 ` Alexandre Ghiti
2023-07-25 7:05 ` Alexandre Ghiti
2023-07-25 7:11 ` Conor Dooley
2023-07-25 7:11 ` Conor Dooley
2023-07-22 12:38 ` [PATCH v6 3/5] arm64: libstub: Move KASLR handling functions to kaslr.c Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-24 14:07 ` Ard Biesheuvel
2023-07-24 14:07 ` Ard Biesheuvel
2023-07-22 12:38 ` [PATCH v6 4/5] libstub: Fix compilation warning for rv32 Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` [PATCH v6 5/5] riscv: libstub: Implement KASLR by using generic functions Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-22 12:38 ` Alexandre Ghiti
2023-07-24 14:31 ` [PATCH v6 0/5] riscv: Introduce KASLR Conor Dooley
2023-07-24 14:31 ` Conor Dooley
2023-07-25 7:08 ` Alexandre Ghiti
2023-07-25 7:08 ` Alexandre Ghiti
2023-08-15 11:24 ` Song Shuai
2023-08-15 11:24 ` Song Shuai
2023-08-15 11:24 ` Song Shuai
2023-08-17 13:10 ` Alexandre Ghiti
2023-08-17 13:10 ` Alexandre Ghiti
2023-08-17 13:10 ` Alexandre Ghiti
2023-08-17 13:27 ` Song Shuai
2023-08-17 13:27 ` Song Shuai
2023-08-17 13:27 ` Song Shuai
2023-08-30 21:30 ` Sami Tolvanen
2023-08-30 21:30 ` Sami Tolvanen
2023-08-30 21:30 ` Sami Tolvanen
2023-08-31 5:33 ` Conor Dooley
2023-08-31 5:33 ` Conor Dooley
2023-08-31 5:33 ` Conor Dooley
2023-09-06 23:27 ` Charlie Jenkins [this message]
2023-09-06 23:27 ` Charlie Jenkins
2023-09-06 23:27 ` Charlie Jenkins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZPkK/MNGKZIW2mvc@ghost \
--to=charlie@rivosinc.com \
--cc=alexghiti@rivosinc.com \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=conor.dooley@microchip.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=samitolvanen@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.