From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEEEE3DA7D4 for ; Mon, 11 May 2026 10:46:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496405; cv=none; b=IPjRp2y6JqPH6Do8dXF5cXWuIZgMcPPjYxNDp2b864juEH1PBgqou6SBfJYYZA7da9eSccTRRhIWT6S0Z5p1k6I7+/SWCGwVy5G5hYVKj37QynYosG9Pk6OeFlrtQPoeqK1T7R2bJsnzn7uhx5hJXysThHoFE0fZ9BleCm4vcgg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496405; c=relaxed/simple; bh=M7SzPCM13HJKsqptckY7Oq9QwJZQzoJVaF+FfkouS7w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NVPUwLFb0es5/Fu2Y6N1uheNCjTEYbiSySLphSFABTbnfi4Aujf+WI7UxTYOegxSCEZc/m/5EPBBioM26/yOQoPZTIgjeiTfA9bueMahUbadV0c0YM+snVEERqmFHHfrVKsSHXVH7tchi0qFT5xPe5UDEMER1ukHeo5jdD8uglc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc; spf=pass smtp.mailfrom=hev.cc; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b=Gf6+6qkG; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hev.cc Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b="Gf6+6qkG" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-c802803ac17so1753332a12.1 for ; Mon, 11 May 2026 03:46:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hev-cc.20251104.gappssmtp.com; s=20251104; t=1778496403; x=1779101203; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SCD5tvLyAyFU8kzoBKm4CiGZmi4/Go8gChPflbMKPN8=; b=Gf6+6qkG+flz3le5dyK0qQCHxbhfiYetKTbgJ3ZvhYoGeZIPJTCa2h5DJ8YxZMybx1 MJP7irTzujvfIXYOqxH975kjhYz/RVO1AQzp3oHyb07Hhej53OWoQ6CvN4R5qQQuL6kS PACfOG/3JPPVj176wEsvipCMQWxwtn7BvNQ+lcttt4w2QYQG3mu8AMvz9hSnH4zu+BEu XO44xzMwGZV/UDKXtf1tpzVisBSZssmi+twQEt1K+0jgJapc31y2pGq7ZklcnWhVrE6k lTVfiNh+1vsnQuu3PsH12ELTkNhUYilPQP3sCFLSH8mG11g1YHd8IlxsFgm3wKo/QNqB h6eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778496403; x=1779101203; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=SCD5tvLyAyFU8kzoBKm4CiGZmi4/Go8gChPflbMKPN8=; b=WGE0HKSrZh1eH/Rn7PC9RPQQ/gXwWKvQSlg9PLpH93fwT6OxAO3KFr5QS+TgJxnOBS Do1SbtVkDOJ9WZJiRD7ZpmMwqTcKczIbmnv6d5DeSv/2YbqaX0BrCg62BtJ7MC7LNcge 3oK5bHe0H3XZmfP+o+8Sn9RScoh9XFKAKDoF3w1yaNsnNyo6gSvYefCnsafhPiVkzyUa Sf8/pxOvJKd0viw9W20BJOSkwEyZtp7crrTH8oOxD2lXiMq4bHHpJg8eplEnAT5O26HT D6q5Y5MG7wOzizgSaI0dmXzx32G3uCv757QkFCuJaNZ8a9/05iqkQ9XCX/BYBJTHlHEK QzBw== X-Forwarded-Encrypted: i=1; AFNElJ/AN62r5CcX6G02JYXfz6/U0qfVkBTJbXEsfYVjUSRu6CjitDkCn2PXD3hPwXEJEIhaRy+NU80p3tT2/eI=@vger.kernel.org X-Gm-Message-State: AOJu0YzvVbz1uTM1/2axl2wuAiXYdfOyHzf5gAsxwb6ewllOVVSPNl98 HxQEsUKcfXgGsjltpl2ZXK4FGMJeMOqrYgBLifpxv6UnVc9fcsuNly/BM9aGWVbUEms= X-Gm-Gg: Acq92OFjBXZr2dMcYVEG01avBsMgTs9J3e4haDezV8h7r9FFjj6yi/I7zhhARyAxLbQ GLoz2wQXAx64/2INLOuwe1xchrn0JC3b3n3qTsWw0SU2W8SiPY2DWeMPRhGipNk4SWZiv1dvGsY bLxmhBpRkmvtucPWyfZI36aRvZ4y2AYUbXTrdhbftxP235DVTWxUg9zt01LO6rZEFYDQJgxdlww OZH2jMUlZttiO/uKCfOffB+kyOdzKopm+V5YfI2AiTXXMaVv3vKG/xM2oaeAqceCjzLNSro/gKh VzVrRQ2skQuR2O8qdfR9YrSObVWg9tQDJrbXxbwiyjgby0NiL4uYUYn8JkgwGbjN+W76TTl1Ktj z0bujeWBIrHm2efv8Hmg4sh5MyifAsGB8GgQCuk8TjwtONn986Q1YEQXBUGtU2rpvHtuojDR/NK voWIWlwL6x X-Received: by 2002:a05:6300:2189:b0:3ab:1680:c5d3 with SMTP id adf61e73a8af0-3ab1680c657mr3024235637.31.1778496402887; Mon, 11 May 2026 03:46:42 -0700 (PDT) Received: from localhost ([2400:8902:e002:de3f:344e:4435:2c77:3920]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-839679c861esm24927599b3a.30.2026.05.11.03.46.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 03:46:42 -0700 (PDT) From: WANG Rui To: Huacai Chen , Ard Biesheuvel Cc: WANG Xuerui , Ilias Apalodimas , Haiyong Sun , Lisa Robinson , loongarch@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, WANG Rui , Huacai Chen Subject: [PATCH v5 2/3] LoongArch: Skip relocation-time KASLR if already applied Date: Mon, 11 May 2026 18:45:54 +0800 Message-ID: <20260511104555.196270-3-r@hev.cc> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260511104555.196270-1-r@hev.cc> References: <20260511104555.196270-1-r@hev.cc> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When the kernel is relocated during early boot (efistub or kexec_file), a randomized load address may has already been selected and applied. In this case, performing KASLR again in relocate.c is unnecessary. Note: strictly-defined KASLR means the kernel's final runtime address has a random offset from the kernel's load address, which is implemented in relocate.c; broadly-defined KALSR means the kernel's final runtime address has a random offset from the kernel's link address (a.k.a. VMLINUX_LOAD_ADDRESS), which also include the efistlub implementation, kexec_file implementation and QEMU direct kernel boot. kaslr_disabled() return true only means strictly-defined KASLR is disabled. Acked-by: Ard Biesheuvel Co-authored-by: Huacai Chen Signed-off-by: WANG Rui Signed-off-by: Huacai Chen --- arch/loongarch/kernel/relocate.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/loongarch/kernel/relocate.c b/arch/loongarch/kernel/relocate.c index 16f6a9b39659..0a045964fad5 100644 --- a/arch/loongarch/kernel/relocate.c +++ b/arch/loongarch/kernel/relocate.c @@ -134,11 +134,23 @@ early_param("nokaslr", nokaslr); #define KASLR_DISABLED_MESSAGE "KASLR is disabled by %s in %s cmdline.\n" +/* + * Note: strictly-defined KASLR means the kernel's final runtime address + * has a random offset from the kernel's load address, which is implemented + * in relocate.c; broadly-defined KALSR means the kernel's final runtime + * address has a random offset from the kernel's link address (a.k.a. + * VMLINUX_LOAD_ADDRESS), which also include the efistlub implementation, + * kexec_file implementation and QEMU direct kernel boot. kaslr_disabled() + * return true only means strictly-defined KASLR is disabled. + */ static inline __init bool kaslr_disabled(void) { char *str; const char *builtin_cmdline = CONFIG_CMDLINE; + if (kaslr_offset()) + return true; /* KASLR is performed during early boot. */ + str = strstr(builtin_cmdline, "nokaslr"); if (str == builtin_cmdline || (str > builtin_cmdline && *(str - 1) == ' ')) { pr_info(KASLR_DISABLED_MESSAGE, "\'nokaslr\'", "built-in"); -- 2.54.0