[PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap

Linux EFI development
 help / color / mirror / Atom feed

* [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap
@ 2026-04-29 12:02 WANG Rui
  2026-04-29 12:02 ` [PATCH v4 1/3] efi/loongarch: Randomize kernel preferred address for KASLR WANG Rui
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: WANG Rui @ 2026-04-29 12:02 UTC (permalink / raw)
  To: Huacai Chen, Ard Biesheuvel
  Cc: WANG Xuerui, Ilias Apalodimas, Haiyong Sun, Lisa Robinson,
	loongarch, linux-efi, linux-kernel, WANG Rui

Changes since [v3]:
  * Minor cleanups based on review comments.

Changes since [v2]:
  * Add a new patch to prevent initrd overlap during relocation.
  * Revert changes to the CONFIG_RANDOMIZE_BASE_MAX_OFFSET range.

Changes since [v1]:
  * Drop the patch "LoongArch: Allow rdtime_h() and rdtime_l() in 64-bit builds".
  * Use random_get_entropy() instead of rdtime_l().

This series addresses a potential overlap issue between the kernel
image and the initrd when KASLR is enabled.

In the normal boot flow, the bootloader is responsible for loading
both vmlinux and the initrd, and it can guarantee that the two do
not overlap in memory. However, this assumption only holds as long
as neither image changes its location afterwards.

The in-kernel KASLR implementation breaks that assumption. When the
initrd is placed close to the kernel image, randomizing the kernel
location at runtime may move it into the initrd region, leading to
memory corruption early during boot.

To fix this, this series moves the KASLR logic out of the kernel
proper and into the EFI stub. With this change, the final placement
of both the kernel image and the initrd is determined by the EFI
memory allocator. This ensures that the two allocations are
coordinated and cannot overlap.

Functionally, the kernel still supports KASLR as before, but the
randomization now happens before the kernel is entered, rather than
during early kernel relocation.

[v3]: https://lore.kernel.org/loongarch/20260429051318.1581350-1-r@hev.cc
[v2]: https://lore.kernel.org/loongarch/20260428040159.1065822-1-r@hev.cc
[v1]: https://lore.kernel.org/loongarch/20260427104721.47724-1-r@hev.cc

WANG Rui (3):
  efi/loongarch: Randomize kernel preferred address for KASLR
  LoongArch: Skip relocation-time KASLR if it has already been applied
  LoongArch: Avoid initrd overlap during kernel relocation

 arch/loongarch/include/asm/efi.h         |  4 +-
 arch/loongarch/kernel/relocate.c         | 49 ++++++++++++++++++++++++
 drivers/firmware/efi/libstub/loongarch.c | 16 ++++++++
 3 files changed, 68 insertions(+), 1 deletion(-)

-- 
2.54.0

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH v4 1/3] efi/loongarch: Randomize kernel preferred address for KASLR
  2026-04-29 12:02 [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap WANG Rui
@ 2026-04-29 12:02 ` WANG Rui
  2026-04-29 12:02 ` [PATCH v4 2/3] LoongArch: Skip relocation-time KASLR if it has already been applied WANG Rui
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: WANG Rui @ 2026-04-29 12:02 UTC (permalink / raw)
  To: Huacai Chen, Ard Biesheuvel
  Cc: WANG Xuerui, Ilias Apalodimas, Haiyong Sun, Lisa Robinson,
	loongarch, linux-efi, linux-kernel, WANG Rui

Introduce efi_get_kimg_kaslr_address() to compute the preferred
kernel image address dynamically when CONFIG_RANDOMIZE_BASE is
enabled. The function derives a random offset using EFI-provided
randomness combined with the timer value, and constrains it within
CONFIG_RANDOMIZE_BASE_MAX_OFFSET.

Update EFI_KIMG_PREFERRED_ADDRESS to call this helper so that the
EFI stub can select a randomized load address when KASLR is active,
while preserving the original base address behavior when KASLR is
disabled or nokaslr is specified.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: WANG Rui <r@hev.cc>
---
 arch/loongarch/include/asm/efi.h         |  4 +++-
 drivers/firmware/efi/libstub/loongarch.c | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/arch/loongarch/include/asm/efi.h b/arch/loongarch/include/asm/efi.h
index eddc8e79b3fa..f831320efd41 100644
--- a/arch/loongarch/include/asm/efi.h
+++ b/arch/loongarch/include/asm/efi.h
@@ -30,6 +30,8 @@ static inline unsigned long efi_get_kimg_min_align(void)
 	return SZ_2M;
 }
 
-#define EFI_KIMG_PREFERRED_ADDRESS	PHYSADDR(VMLINUX_LOAD_ADDRESS)
+unsigned long efi_get_kimg_kaslr_address(void);
+
+#define EFI_KIMG_PREFERRED_ADDRESS	efi_get_kimg_kaslr_address()
 
 #endif /* _ASM_LOONGARCH_EFI_H */
diff --git a/drivers/firmware/efi/libstub/loongarch.c b/drivers/firmware/efi/libstub/loongarch.c
index 9825f5218137..51997a0e83bd 100644
--- a/drivers/firmware/efi/libstub/loongarch.c
+++ b/drivers/firmware/efi/libstub/loongarch.c
@@ -38,6 +38,22 @@ static efi_status_t exit_boot_func(struct efi_boot_memmap *map, void *priv)
 	return EFI_SUCCESS;
 }
 
+unsigned long efi_get_kimg_kaslr_address(void)
+{
+	unsigned int random_offset = 0;
+
+#ifdef CONFIG_RANDOMIZE_BASE
+	if (!efi_nokaslr) {
+		efi_get_random_bytes(sizeof(random_offset), (u8 *)&random_offset);
+		random_offset ^= (random_get_entropy() << 16);
+		random_offset &= (CONFIG_RANDOMIZE_BASE_MAX_OFFSET - 1);
+		random_offset = ALIGN(random_offset + SZ_64K, SZ_64K);
+	}
+#endif
+
+	return PHYSADDR(VMLINUX_LOAD_ADDRESS) + random_offset;
+}
+
 unsigned long __weak kernel_entry_address(unsigned long kernel_addr,
 		efi_loaded_image_t *image)
 {
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH v4 2/3] LoongArch: Skip relocation-time KASLR if it has already been applied
  2026-04-29 12:02 [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap WANG Rui
  2026-04-29 12:02 ` [PATCH v4 1/3] efi/loongarch: Randomize kernel preferred address for KASLR WANG Rui
@ 2026-04-29 12:02 ` WANG Rui
  2026-04-29 12:03 ` [PATCH v4 3/3] LoongArch: Avoid initrd overlap during kernel relocation WANG Rui
  2026-05-09 14:10 ` [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap Huacai Chen
  3 siblings, 0 replies; 5+ messages in thread
From: WANG Rui @ 2026-04-29 12:02 UTC (permalink / raw)
  To: Huacai Chen, Ard Biesheuvel
  Cc: WANG Xuerui, Ilias Apalodimas, Haiyong Sun, Lisa Robinson,
	loongarch, linux-efi, linux-kernel, WANG Rui

When the kernel is relocated during early boot, a randomized load
address may already have been selected and applied. In this case,
performing KASLR again in relocate.c is unnecessary.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: WANG Rui <r@hev.cc>
---
 arch/loongarch/kernel/relocate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/loongarch/kernel/relocate.c b/arch/loongarch/kernel/relocate.c
index 16f6a9b39659..c36604a81d08 100644
--- a/arch/loongarch/kernel/relocate.c
+++ b/arch/loongarch/kernel/relocate.c
@@ -139,6 +139,10 @@ static inline __init bool kaslr_disabled(void)
 	char *str;
 	const char *builtin_cmdline = CONFIG_CMDLINE;
 
+	/* KASLR is performed during early boot. */
+	if (kaslr_offset())
+		return true;
+
 	str = strstr(builtin_cmdline, "nokaslr");
 	if (str == builtin_cmdline || (str > builtin_cmdline && *(str - 1) == ' ')) {
 		pr_info(KASLR_DISABLED_MESSAGE, "\'nokaslr\'", "built-in");
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH v4 3/3] LoongArch: Avoid initrd overlap during kernel relocation
  2026-04-29 12:02 [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap WANG Rui
  2026-04-29 12:02 ` [PATCH v4 1/3] efi/loongarch: Randomize kernel preferred address for KASLR WANG Rui
  2026-04-29 12:02 ` [PATCH v4 2/3] LoongArch: Skip relocation-time KASLR if it has already been applied WANG Rui
@ 2026-04-29 12:03 ` WANG Rui
  2026-05-09 14:10 ` [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap Huacai Chen
  3 siblings, 0 replies; 5+ messages in thread
From: WANG Rui @ 2026-04-29 12:03 UTC (permalink / raw)
  To: Huacai Chen, Ard Biesheuvel
  Cc: WANG Xuerui, Ilias Apalodimas, Haiyong Sun, Lisa Robinson,
	loongarch, linux-efi, linux-kernel, WANG Rui

Validate the relocation address against the initrd region specified
via "initrd=" or "initrdmem=" on the command line. Reject relocation
targets that overlap the initrd to prevent memory corruption during
early boot.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: WANG Rui <r@hev.cc>
---
 arch/loongarch/kernel/relocate.c | 45 ++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/arch/loongarch/kernel/relocate.c b/arch/loongarch/kernel/relocate.c
index c36604a81d08..721b982f194b 100644
--- a/arch/loongarch/kernel/relocate.c
+++ b/arch/loongarch/kernel/relocate.c
@@ -214,14 +214,59 @@ static inline void __init *determine_relocation_address(void)
 	return RELOCATED_KASLR(destination);
 }
 
+static unsigned long __init determine_initrd_address(unsigned long *size)
+{
+	unsigned long start = 0;
+	unsigned long key_length;
+	const char *key;
+	char *p;
+
+	key = "initrd=";
+	key_length = strlen(key);
+	p = strstr(boot_command_line, key);
+
+	if (!p) {
+		key = "initrdmem=";
+		key_length = strlen(key);
+		p = strstr(boot_command_line, key);
+	}
+
+	if (p == boot_command_line || (p > boot_command_line && *(p - 1) == ' ')) {
+		char *endp;
+
+		p += key_length;
+		start = memparse(p, &endp);
+		if (*endp == ',')
+			*size = memparse(endp + 1, NULL);
+	}
+
+	return start;
+}
+
 static inline int __init relocation_addr_valid(void *location_new)
 {
+	unsigned long initrd_start;
+	unsigned long initrd_size = 0;
+
 	if ((unsigned long)location_new & 0x00000ffff)
 		return 0; /* Inappropriately aligned new location */
 
 	if ((unsigned long)location_new < (unsigned long)_end)
 		return 0; /* New location overlaps original kernel */
 
+	initrd_start = determine_initrd_address(&initrd_size);
+	if (initrd_start && initrd_size) {
+		unsigned long kernel_start;
+		unsigned long kernel_size;
+
+		kernel_start = PHYSADDR(location_new);
+		kernel_size = (unsigned long)_end - (unsigned long)_text;
+
+		if (kernel_start < (initrd_start + initrd_size) &&
+			initrd_start < (kernel_start + kernel_size))
+			return 0; /* Initrd overlaps kernel */
+	}
+
 	return 1;
 }
 #endif
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap
  2026-04-29 12:02 [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap WANG Rui
                   ` (2 preceding siblings ...)
  2026-04-29 12:03 ` [PATCH v4 3/3] LoongArch: Avoid initrd overlap during kernel relocation WANG Rui
@ 2026-05-09 14:10 ` Huacai Chen
  3 siblings, 0 replies; 5+ messages in thread
From: Huacai Chen @ 2026-05-09 14:10 UTC (permalink / raw)
  To: WANG Rui
  Cc: Ard Biesheuvel, WANG Xuerui, Ilias Apalodimas, Haiyong Sun,
	Lisa Robinson, loongarch, linux-efi, linux-kernel

Applied, thanks.

Huacai

On Wed, Apr 29, 2026 at 8:03 PM WANG Rui <r@hev.cc> wrote:
>
> Changes since [v3]:
>   * Minor cleanups based on review comments.
>
> Changes since [v2]:
>   * Add a new patch to prevent initrd overlap during relocation.
>   * Revert changes to the CONFIG_RANDOMIZE_BASE_MAX_OFFSET range.
>
> Changes since [v1]:
>   * Drop the patch "LoongArch: Allow rdtime_h() and rdtime_l() in 64-bit builds".
>   * Use random_get_entropy() instead of rdtime_l().
>
> This series addresses a potential overlap issue between the kernel
> image and the initrd when KASLR is enabled.
>
> In the normal boot flow, the bootloader is responsible for loading
> both vmlinux and the initrd, and it can guarantee that the two do
> not overlap in memory. However, this assumption only holds as long
> as neither image changes its location afterwards.
>
> The in-kernel KASLR implementation breaks that assumption. When the
> initrd is placed close to the kernel image, randomizing the kernel
> location at runtime may move it into the initrd region, leading to
> memory corruption early during boot.
>
> To fix this, this series moves the KASLR logic out of the kernel
> proper and into the EFI stub. With this change, the final placement
> of both the kernel image and the initrd is determined by the EFI
> memory allocator. This ensures that the two allocations are
> coordinated and cannot overlap.
>
> Functionally, the kernel still supports KASLR as before, but the
> randomization now happens before the kernel is entered, rather than
> during early kernel relocation.
>
> [v3]: https://lore.kernel.org/loongarch/20260429051318.1581350-1-r@hev.cc
> [v2]: https://lore.kernel.org/loongarch/20260428040159.1065822-1-r@hev.cc
> [v1]: https://lore.kernel.org/loongarch/20260427104721.47724-1-r@hev.cc
>
> WANG Rui (3):
>   efi/loongarch: Randomize kernel preferred address for KASLR
>   LoongArch: Skip relocation-time KASLR if it has already been applied
>   LoongArch: Avoid initrd overlap during kernel relocation
>
>  arch/loongarch/include/asm/efi.h         |  4 +-
>  arch/loongarch/kernel/relocate.c         | 49 ++++++++++++++++++++++++
>  drivers/firmware/efi/libstub/loongarch.c | 16 ++++++++
>  3 files changed, 68 insertions(+), 1 deletion(-)
>
> --
> 2.54.0
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-05-09 14:10 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-29 12:02 [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap WANG Rui
2026-04-29 12:02 ` [PATCH v4 1/3] efi/loongarch: Randomize kernel preferred address for KASLR WANG Rui
2026-04-29 12:02 ` [PATCH v4 2/3] LoongArch: Skip relocation-time KASLR if it has already been applied WANG Rui
2026-04-29 12:03 ` [PATCH v4 3/3] LoongArch: Avoid initrd overlap during kernel relocation WANG Rui
2026-05-09 14:10 ` [PATCH v4 0/3] LoongArch: Move KASLR to EFI stub to avoid initrd overlap Huacai Chen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox