From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 254B6322C73
	for <linux-kernel@vger.kernel.org>; Tue, 28 Apr 2026 04:02:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.172
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1777348950; cv=none; b=TmQuncnBx92JoNgcrmXtujW6WbVc5qjmzWYOl40WZac/RZ724Rxn55gL4zxP6sGbJtVq2yQOTqlLUE7N0hnSCiCwrSsecNYQq8m0YYJdtxlQct6oqGp60E64/YmfWyvxjpsNqQqTcAANSlJkWsikckZTNdPzvAqx8n2xYKqV3QE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1777348950; c=relaxed/simple;
	bh=Hhiz7YXIt0m1DU+IaREY7k8p2d/aCJr7MC1uza7rXvo=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Z13SQNNFR4zwzoZAxLXdsodEFC6xNf5rDxEfYvNEnuX5RfmE7JO+vAhClkpzExFYaEIcHymbw7ggA0gB/2Zr5hVfFt616hOi/84Jis87Yu3Ee6kCjwjyFDa2Qjt45Fa0Xj+Hw/OhSPk6MJY0RZZOxvY6qbrrlI7y+m9UQfeP9D8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc; spf=pass smtp.mailfrom=hev.cc; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b=TD4ak5lx; arc=none smtp.client-ip=209.85.215.172
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hev.cc
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b="TD4ak5lx"
Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-c76c60c7502so4327408a12.0
        for <linux-kernel@vger.kernel.org>; Mon, 27 Apr 2026 21:02:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=hev-cc.20251104.gappssmtp.com; s=20251104; t=1777348947; x=1777953747; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=bd1hgbTBVVdcDcX9ve5H/qCUgL6eJ7XhwuWBwZRmwfQ=;
        b=TD4ak5lxfxPdg+ktqkjeZCCmgE4LqBjqyWG5hV+L+WzTNeZ2PrbsCg6m/upZZf6DkH
         0itwVBPXc7VMLPfk9fP3JbpQK5NhR4fS45fvj4C3FVQ25kByPbdx8cfT49ao51ctEDZ1
         DJtZMtCI6yxp3nH4f90yb7hw6sfljVMexb+QecREziVSmB145KzD+1WQjoefGbX/YybJ
         jN4Poc9IhvWn9rG7+f5KOs3o3YU6ytXnP/IoQPIdVPBH/Ub27NbP6/qe/DwsjpW9b5Yw
         qL27/tOSW8byqMMvmEfJ6w/SyeMUmjmZlvohRgAdoNs9Uvbur1V6p/aDmVnzENxNu8bv
         i4fQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777348947; x=1777953747;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=bd1hgbTBVVdcDcX9ve5H/qCUgL6eJ7XhwuWBwZRmwfQ=;
        b=FH8agcApV+m8yZ+8UDq+LFCRVauZ5JdZG2Ky1l+7IW5yZN2JQ1mz1TfvYCd9rhowAh
         7gvJC1khkMmf/goLushKxR+l6pUv2u8U8LZnr8C7eY4XY6FLSBvJv7fcP3EQpMwSsVTW
         x4XYbnOdVi9SIoE0Wl9bOXn5Vuh64Ye+7KubtAhkWkN37KmDb4ZRu8EIe3QeKYSh9rxp
         x92az4zmcefvGKU7/JBx+ybBJDvAv6r2GncPCxI0i8uJgMlbEonZtt6fQojGnJK3oxWk
         jqzmh0oXB3xwRtaGVhMgD3N1xd9tbY+xr9OCqBqMl1KGL9cbmZ5SX7bWG8bgseyML+5P
         /B5w==
X-Forwarded-Encrypted: i=1; AFNElJ+5prDzFLlypA4GDkt3g4GmsPM9d+rQXz4ycuDS/NRrR1Cue0y60n8CUASRXojJ5QteYZbe969yo8zxp8M=@vger.kernel.org
X-Gm-Message-State: AOJu0Ywtgs0exKlD0AmGji6Bvl77xzD3dnKZhSdU5iJDKfpwRnh+5OeN
	MoHY/U0BlKvh28A5EB1ScVUsbra7If4dJCl107QRoFin7gxXXzokB27Z6XuFMH/dQFg=
X-Gm-Gg: AeBDieueC+v+c8iZIXLCqrK0CwzebuvvdkchYqxaCN32opAb9MFtK96mL54w3SIFt8y
	ZRIHd+XPTJt7iPSrYSDrxST0p1pB+3HJTn1jXfgm4CMdSAwoutoFz5bL2seYkwugr8bno51WSH8
	GzKeaGc0MDTAs6Er+kOQfpI95b9bI8BSGvFQgJIgO6n7DQP0rkG22pNsShmPscjse3gJJYmC6iR
	suWXF0Xk/rspdiMvS8p0k94e4fkikc2zwxZ8dRLm//0sf7dkhlLxxdTo3BrzPMNKFISL18G8lJT
	Xv9SpgKcEXfITCtKqNZxt0HaomlRbluW3LcRG2KbvXHcp5c92WD/+dFx1Ys8r+pZh2vElE2/gf2
	4MECkmcG3lwWubeJXxXZKwONHzPZ3SBHnKTZdNhh22aiqGoht7vOzKfnCy5gYRXZjCiJQ2jYV/c
	Mvh/eeplJdSGnPewRvG618fGEZPcxC
X-Received: by 2002:a17:902:f542:b0:2b2:53f5:461f with SMTP id d9443c01a7336-2b97be3deeemr12458925ad.25.1777348947328;
        Mon, 27 Apr 2026 21:02:27 -0700 (PDT)
Received: from localhost ([2400:8902:e002:de33:3dbd:69cf:4a22:309])
        by smtp.gmail.com with ESMTPSA id d9443c01a7336-2b97ac8cd29sm10131365ad.61.2026.04.27.21.02.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 27 Apr 2026 21:02:26 -0700 (PDT)
From: WANG Rui <r@hev.cc>
To: Huacai Chen <chenhuacai@kernel.org>,
	Ard Biesheuvel <ardb@kernel.org>
Cc: WANG Xuerui <kernel@xen0n.name>,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>,
	Lisa Robinson <lisa@bytefly.space>,
	loongarch@lists.linux.dev,
	linux-efi@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	WANG Rui <r@hev.cc>
Subject: [PATCH v2 0/2] LoongArch: Move KASLR to EFI stub to avoid initrd overlap
Date: Tue, 28 Apr 2026 12:01:57 +0800
Message-ID: <20260428040159.1065822-1-r@hev.cc>
X-Mailer: git-send-email 2.54.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Changes since [v1]:
  * Drop the patch "LoongArch: Allow rdtime_h() and rdtime_l() in 64-bit builds".
  * Use random_get_entropy() instead of rdtime_l().

This series addresses a potential overlap issue between the kernel
image and the initrd when KASLR is enabled.

In the normal boot flow, the bootloader is responsible for loading
both vmlinux and the initrd, and it can guarantee that the two do
not overlap in memory. However, this assumption only holds as long
as neither image changes its location afterwards.

The in-kernel KASLR implementation breaks that assumption. When the
initrd is placed close to the kernel image, randomizing the kernel
location at runtime may move it into the initrd region, leading to
memory corruption early during boot.

To fix this, this series moves the KASLR logic out of the kernel
proper and into the EFI stub. With this change, the final placement
of both the kernel image and the initrd is determined by the EFI
memory allocator. This ensures that the two allocations are
coordinated and cannot overlap.

Functionally, the kernel still supports KASLR as before, but the
randomization now happens before the kernel is entered, rather than
during early kernel relocation.

[v1]: https://lore.kernel.org/loongarch/20260427104721.47724-1-r@hev.cc

WANG Rui (2):
  efi/loongarch: Randomize kernel preferred address for KASLR
  LoongArch: Skip relocation-time KASLR if it has already been applied

 arch/loongarch/Kconfig                   |  2 +-
 arch/loongarch/include/asm/efi.h         |  4 +++-
 arch/loongarch/kernel/relocate.c         |  4 ++++
 drivers/firmware/efi/libstub/loongarch.c | 16 ++++++++++++++++
 4 files changed, 24 insertions(+), 2 deletions(-)

-- 
2.54.0