[PATCH] KASLR: Properly injest nokaslr on x86 to avoid passing it to init process

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] KASLR: Properly injest nokaslr on x86 to avoid passing it to init process
@ 2024-10-23 23:16 Nir Lichtman
  2024-10-26  7:38 ` [PATCH v2] x86/kaslr: Ingest nokaslr " Nir Lichtman
  0 siblings, 1 reply; 2+ messages in thread
From: Nir Lichtman @ 2024-10-23 23:16 UTC (permalink / raw)
  To: dave.hansen, luto, peterz, tglx, mingo, bp, linux-kernel,
	m.younesbadr

Problem: Currently booting the kernel with "nokaslr" on x86 incorrectly
doesn't recognize this parameter and passes it on to the init process

Reason: On x86, this parameter is parsed by the early loader, and so the
main kernel itself doesn't do anything with it.

Example: I have encountered this issue when booting the kernel with QEMU
using -kernel and -initrd with a simple initrd I have built containing
bash as the init executable. Upon running init, the kernel passed the
"unrecognized parameter" to bash causing bash to exit with a failure and
the kernel to panic.

Solution: Ingest this parameter as part of the kernel logic in x86 so the
kernel will recognize this as a valid parameter and not pass it to user
mode.
This is similar to the logic that already exists in the case of ARM64
which can be found in arch/arm64/kernel/kaslr.c:43

Crediting also Mahmoud since he came up with a similar patch a couple of
months ago, the patch was left with unaddressed CR comments by Borislav
which I have addressed in this patch,
link to thread: https://lore.kernel.org/all/20240331200546.869343-1-m.younesbadr@gmail.com/

Signed-off-by: Mahmoud Younes <m.younesbadr@gmail.com>
Signed-off-by: Nir Lichtman <nir@lichtman.org>
---
 arch/x86/mm/kaslr.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index 230f1dee4f09..4d159aa6910c 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -71,6 +71,21 @@ static inline unsigned long get_padding(struct kaslr_memory_region *region)
 	return (region->size_tb << TB_SHIFT);
 }
 
+/*
+ * nokaslr param handling is done by the loader which treats the
+ * boot parameters as read only so this is a hack to ingest this
+ * to keep it from passing to user mode
+ */
+static int __init parse_nokaslr(char *p)
+{
+	if (!!(boot_params.hdr.loadflags & KASLR_FLAG)) {
+		pr_warn("the loader has not parsed the nokaslr flag");
+	}
+
+	return 0;
+}
+early_param("nokaslr", parse_nokaslr);
+
 /* Initialize base and padding for each memory region randomized with KASLR */
 void __init kernel_randomize_memory(void)
 {
-- 
2.39.2

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH v2] x86/kaslr: Ingest nokaslr to avoid passing it to init process
  2024-10-23 23:16 [PATCH] KASLR: Properly injest nokaslr on x86 to avoid passing it to init process Nir Lichtman
@ 2024-10-26  7:38 ` Nir Lichtman
  0 siblings, 0 replies; 2+ messages in thread
From: Nir Lichtman @ 2024-10-26  7:38 UTC (permalink / raw)
  To: dave.hansen, luto, peterz, tglx, mingo, bp, linux-kernel,
	m.younesbadr

Problem: Currently booting the kernel with "nokaslr" on x86 incorrectly
doesn't recognize this parameter and passes it on to the init process

Reason: On x86, this parameter is parsed by the early loader, and so the
main kernel itself doesn't do anything with it.

Example: I have encountered this issue when booting the kernel with QEMU
using -kernel and -initrd with a simple initrd I have built containing
bash as the init executable. Upon running init, the kernel passed the
"unrecognized parameter" to bash causing bash to exit with a failure and
the kernel to panic.

Solution: Ingest this parameter as part of the kernel logic in x86 so the
kernel will recognize this as a valid parameter and not pass it to user
mode.
This is similar to the logic that already exists in the case of ARM64
which can be found in arch/arm64/kernel/kaslr.c:43

Crediting also Mahmoud since he came up with a similar patch a couple of
months ago, the patch was left with unaddressed CR comments by Borislav
which I have addressed in this patch,
link to thread: https://lore.kernel.org/all/20240331200546.869343-1-m.younesbadr@gmail.com/

v2: Remove single line if-condition braces, following check patch script warning

Signed-off-by: Mahmoud Younes <m.younesbadr@gmail.com>
Signed-off-by: Nir Lichtman <nir@lichtman.org>
---
 arch/x86/mm/kaslr.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index 230f1dee4f09..e2aaa72be749 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -71,6 +71,20 @@ static inline unsigned long get_padding(struct kaslr_memory_region *region)
 	return (region->size_tb << TB_SHIFT);
 }
 
+/*
+ * nokaslr param handling is done by the loader which treats the
+ * boot parameters as read only so this is a hack to ingest this
+ * to keep it from passing to user mode
+ */
+static int __init parse_nokaslr(char *p)
+{
+	if (!!(boot_params.hdr.loadflags & KASLR_FLAG))
+		pr_warn("the loader has not parsed the nokaslr flag");
+
+	return 0;
+}
+early_param("nokaslr", parse_nokaslr);
+
 /* Initialize base and padding for each memory region randomized with KASLR */
 void __init kernel_randomize_memory(void)
 {
-- 
2.39.2

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-10-26  7:38 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-23 23:16 [PATCH] KASLR: Properly injest nokaslr on x86 to avoid passing it to init process Nir Lichtman
2024-10-26  7:38 ` [PATCH v2] x86/kaslr: Ingest nokaslr " Nir Lichtman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).