From nobody Thu Sep 11 22:33:07 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F1D2BC001B0
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Jul 2023 12:40:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230140AbjGVMkC (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 22 Jul 2023 08:40:02 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49974 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229683AbjGVMkB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jul 2023 08:40:01 -0400
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com
 [IPv6:2a00:1450:4864:20::42a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86F9310F4
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:39:59 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id
 ffacd0b85a97d-314417861b9so2063476f8f.0
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:39:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1690029598;
 x=1690634398;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=totAZSGL3sMvt7aEqkeHA/bfBbkIFO3TpIoyWFj1SaE=;
        b=BMS7FVogFjDwK6CyS5mfrgYNX/fe3k2uNhun1aswU0FWtgtmcvBIBBlWq1xFFe33Go
         GlpZHAjIhhbpO8B+uTMYd3Jfr6loKh15suhBJjH4fqj+CXGMV+u+7Tn+SeK3RYSBXgbc
         Jt8uQutGlRZ2seyFGF4zYPgmoRHNo+PLFSSUcvMIyPqwhRr1nBxku3ODUf8dLGHTtf/F
         EmB87sf+depdlzEMxQlbWaxaIXcXamTBjnkKs+9XtrS0vejQxEwNScTbAmujIZUUhL2p
         Pyaeg9C+sv5EbCcxaSEBvLffw8f/LCSpIGDmIoNeoYDI/g49lGHxF6r87WhVaseAZiZL
         vOCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690029598; x=1690634398;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=totAZSGL3sMvt7aEqkeHA/bfBbkIFO3TpIoyWFj1SaE=;
        b=hU/NM5I5yh/ZE8D+EnNi2sSkDq9q+Lm2Ocssxnw2Pzo1suYCmeM1i8HmyTTn2PfdqO
         krHwlfVP2OoFJXeDXgS0oxELGuSfkgENavb2XDF7OvRykbui9mNdLPtxteDymKm+6mTm
         lXPQDtkVZXqTr43xxI1P7d+8T+dDFJHcsDRUlnoUkjTnxTAeWwvZiacrrB41IajhhEt0
         qB246xurRXwTReNFtc4LoPCw8v7LPVVgPmR6CEEGF9t169Cw4AWvIpBcfTZs1JSChJoP
         QxoeW8H5MCz2hgUjHqWllq0Tr3S5NUyRkPcEMFKog92U2Xlj5UunyB9Sau/lih8f+t0D
         Ig6A==
X-Gm-Message-State: ABy/qLZaADI11o2u0hHK9B/mv3vVqWGVag09iRMuwILDXfbltdH6VPLo
        2c3XDH4DSr5OnRp79C8oEVzTDA==
X-Google-Smtp-Source: 
 APBJJlG9MnPrBPJXDtJr5W/Uhd9rxs7DINSM3nxcH84zB1voHX3gDE66L6paDNTZqW8K6M4irYrCBQ==
X-Received: by 2002:a5d:45c1:0:b0:314:49d2:aaab with SMTP id
 b1-20020a5d45c1000000b0031449d2aaabmr3675330wrs.8.1690029597978;
        Sat, 22 Jul 2023 05:39:57 -0700 (PDT)
Received: from alex-rivos.ba.rivosinc.com
 (amontpellier-656-1-456-62.w92-145.abo.wanadoo.fr. [92.145.124.62])
        by smtp.gmail.com with ESMTPSA id
 m24-20020a056000181800b003143ac73fd0sm6876454wrh.1.2023.07.22.05.39.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 22 Jul 2023 05:39:57 -0700 (PDT)
From: Alexandre Ghiti <alexghiti@rivosinc.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Ard Biesheuvel <ardb@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>
Subject: [PATCH v6 1/5] riscv: Introduce virtual kernel mapping KASLR
Date: Sat, 22 Jul 2023 14:38:46 +0200
Message-Id: <20230722123850.634544-2-alexghiti@rivosinc.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230722123850.634544-1-alexghiti@rivosinc.com>
References: <20230722123850.634544-1-alexghiti@rivosinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

KASLR implementation relies on a relocatable kernel so that we can move
the kernel mapping.

The seed needed to virtually move the kernel is taken from the device tree,
so we rely on the bootloader to provide a correct seed. Zkr could be used
unconditionnally instead if implemented, but that's for another patch.

Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Song Shuai <songshuaishuai@tinylab.org>
---
 arch/riscv/Kconfig                   | 19 +++++++++++++++
 arch/riscv/include/asm/page.h        |  3 +++
 arch/riscv/kernel/pi/Makefile        |  2 +-
 arch/riscv/kernel/pi/cmdline_early.c | 13 ++++++++++
 arch/riscv/kernel/pi/fdt_early.c     | 30 +++++++++++++++++++++++
 arch/riscv/mm/init.c                 | 36 +++++++++++++++++++++++++++-
 6 files changed, 101 insertions(+), 2 deletions(-)
 create mode 100644 arch/riscv/kernel/pi/fdt_early.c

diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index 4c07b9189c86..6a606d5b74c6 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -719,6 +719,25 @@ config RELOCATABLE
=20
           If unsure, say N.
=20
+config RANDOMIZE_BASE
+        bool "Randomize the address of the kernel image"
+        select RELOCATABLE
+        depends on MMU && 64BIT && !XIP_KERNEL
+        help
+          Randomizes the virtual address at which the kernel image is
+          loaded, as a security feature that deters exploit attempts
+          relying on knowledge of the location of kernel internals.
+
+          It is the bootloader's job to provide entropy, by passing a
+          random u64 value in /chosen/kaslr-seed at kernel entry.
+
+          When booting via the UEFI stub, it will invoke the firmware's
+          EFI_RNG_PROTOCOL implementation (if available) to supply entropy
+          to the kernel proper. In addition, it will randomise the physical
+          location of the kernel Image as well.
+
+          If unsure, say N.
+
 endmenu # "Kernel features"
=20
 menu "Boot options"
diff --git a/arch/riscv/include/asm/page.h b/arch/riscv/include/asm/page.h
index b55ba20903ec..5488ecc337b6 100644
--- a/arch/riscv/include/asm/page.h
+++ b/arch/riscv/include/asm/page.h
@@ -106,6 +106,7 @@ typedef struct page *pgtable_t;
 struct kernel_mapping {
 	unsigned long page_offset;
 	unsigned long virt_addr;
+	unsigned long virt_offset;
 	uintptr_t phys_addr;
 	uintptr_t size;
 	/* Offset between linear mapping virtual address and kernel load address =
*/
@@ -185,6 +186,8 @@ extern phys_addr_t __phys_addr_symbol(unsigned long x);
=20
 #define sym_to_pfn(x)           __phys_to_pfn(__pa_symbol(x))
=20
+unsigned long kaslr_offset(void);
+
 #endif /* __ASSEMBLY__ */
=20
 #define virt_addr_valid(vaddr)	({						\
diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
index 7b593d44c712..07915dc9279e 100644
--- a/arch/riscv/kernel/pi/Makefile
+++ b/arch/riscv/kernel/pi/Makefile
@@ -35,5 +35,5 @@ $(obj)/string.o: $(srctree)/lib/string.c FORCE
 $(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE
 	$(call if_changed_rule,cc_o_c)
=20
-obj-y		:=3D cmdline_early.pi.o string.pi.o ctype.pi.o lib-fdt.pi.o lib-fdt=
_ro.pi.o
+obj-y		:=3D cmdline_early.pi.o fdt_early.pi.o string.pi.o ctype.pi.o lib-f=
dt.pi.o lib-fdt_ro.pi.o
 extra-y		:=3D $(patsubst %.pi.o,%.o,$(obj-y))
diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cm=
dline_early.c
index 05652d13c746..68e786c84c94 100644
--- a/arch/riscv/kernel/pi/cmdline_early.c
+++ b/arch/riscv/kernel/pi/cmdline_early.c
@@ -14,6 +14,7 @@ static char early_cmdline[COMMAND_LINE_SIZE];
  * LLVM complain because the function is actually unused in this file).
  */
 u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa);
+bool set_nokaslr_from_cmdline(uintptr_t dtb_pa);
=20
 static char *get_early_cmdline(uintptr_t dtb_pa)
 {
@@ -60,3 +61,15 @@ u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa)
=20
 	return match_noXlvl(cmdline);
 }
+
+static bool match_nokaslr(char *cmdline)
+{
+	return strstr(cmdline, "nokaslr");
+}
+
+bool set_nokaslr_from_cmdline(uintptr_t dtb_pa)
+{
+	char *cmdline =3D get_early_cmdline(dtb_pa);
+
+	return match_nokaslr(cmdline);
+}
diff --git a/arch/riscv/kernel/pi/fdt_early.c b/arch/riscv/kernel/pi/fdt_ea=
rly.c
new file mode 100644
index 000000000000..899610e042ab
--- /dev/null
+++ b/arch/riscv/kernel/pi/fdt_early.c
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/libfdt.h>
+
+/*
+ * Declare the functions that are exported (but prefixed) here so that LLVM
+ * does not complain it lacks the 'static' keyword (which, if added, makes
+ * LLVM complain because the function is actually unused in this file).
+ */
+u64 get_kaslr_seed(uintptr_t dtb_pa);
+
+u64 get_kaslr_seed(uintptr_t dtb_pa)
+{
+	int node, len;
+	fdt64_t *prop;
+	u64 ret;
+
+	node =3D fdt_path_offset((void *)dtb_pa, "/chosen");
+	if (node < 0)
+		return 0;
+
+	prop =3D fdt_getprop_w((void *)dtb_pa, node, "kaslr-seed", &len);
+	if (!prop || len !=3D sizeof(u64))
+		return 0;
+
+	ret =3D fdt64_to_cpu(*prop);
+	*prop =3D 0;
+	return ret;
+}
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index 70fb31960b63..ff926531236e 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -1012,11 +1012,45 @@ static void __init pt_ops_set_late(void)
 #endif
 }
=20
+#ifdef CONFIG_RANDOMIZE_BASE
+extern bool __init __pi_set_nokaslr_from_cmdline(uintptr_t dtb_pa);
+extern u64 __init __pi_get_kaslr_seed(uintptr_t dtb_pa);
+
+static int __init print_nokaslr(char *p)
+{
+	pr_info("Disabled KASLR");
+	return 0;
+}
+early_param("nokaslr", print_nokaslr);
+
+unsigned long kaslr_offset(void)
+{
+	return kernel_map.virt_offset;
+}
+#endif
+
 asmlinkage void __init setup_vm(uintptr_t dtb_pa)
 {
 	pmd_t __maybe_unused fix_bmap_spmd, fix_bmap_epmd;
=20
-	kernel_map.virt_addr =3D KERNEL_LINK_ADDR;
+#ifdef CONFIG_RANDOMIZE_BASE
+	if (!__pi_set_nokaslr_from_cmdline(dtb_pa)) {
+		u64 kaslr_seed =3D __pi_get_kaslr_seed(dtb_pa);
+		u32 kernel_size =3D (uintptr_t)(&_end) - (uintptr_t)(&_start);
+		u32 nr_pos;
+
+		/*
+		 * Compute the number of positions available: we are limited
+		 * by the early page table that only has one PUD and we must
+		 * be aligned on PMD_SIZE.
+		 */
+		nr_pos =3D (PUD_SIZE - kernel_size) / PMD_SIZE;
+
+		kernel_map.virt_offset =3D (kaslr_seed % nr_pos) * PMD_SIZE;
+	}
+#endif
+
+	kernel_map.virt_addr =3D KERNEL_LINK_ADDR + kernel_map.virt_offset;
 	kernel_map.page_offset =3D _AC(CONFIG_PAGE_OFFSET, UL);
=20
 #ifdef CONFIG_XIP_KERNEL
--=20
2.39.2
From nobody Thu Sep 11 22:33:07 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 73E75EB64DA
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Jul 2023 12:41:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230283AbjGVMlD (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 22 Jul 2023 08:41:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50722 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229643AbjGVMlB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jul 2023 08:41:01 -0400
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com
 [IPv6:2a00:1450:4864:20::32a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8709510F5
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:41:00 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id
 5b1f17b1804b1-3fb4146e8deso26187735e9.0
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:41:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1690029659;
 x=1690634459;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=cxS6XaVGyfGeiOx9hXopxfMKjoMTvLr9eO536Fwx3rg=;
        b=ubHJsOakNyi6ANYSEfY1jfibGRvwTsZC06/UPIVijfttHEqAybPhZWsu6n+csh9e0l
         KaIDc/ee0jK34IeIOvDhwfUvuorT/jUT+Lc3zNxBn+AFfH+l6yOjUQS6Rd2/e9MeozK8
         jR6YwmPhQ5kiYHNZBD01SLTO+1i4GVi5HibdyOu1QDcm7enIRNuwvCmftfPhFB4ORToz
         C3U1P2sZ72Wp31FcMQjOrO914SUZBYVecMSN8Qop2CKKpKdGOgRcP2cjNUw+bUa13u7l
         pcgT1XbQw+oZgWUOaur9xb2fkMtbRtf+60eB0JYS02Rjcnqsw6yCAIkTP8eryqK7lSVB
         wLfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690029659; x=1690634459;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=cxS6XaVGyfGeiOx9hXopxfMKjoMTvLr9eO536Fwx3rg=;
        b=UrUTupo8rYF1kMDTLPXudvr2BjMtXjAns7SIOZBJ4+XWNk8aZbS94IIgpNFLgpiz4w
         HvwAQX1CO4TPqmDRvUmNCzC72Gnb4YhuBu46Hthwk+ZpSsuLllY2wCr9dMrgg29jRvB3
         i5lfw+72yuPfXSVM9+CastH003omgWQrbam9uzxaQyPTfMna+RiLbUteYyW3m+IsX0sZ
         Y1Gk+DkbumlZ0S2e2fXjCEoEhlzPGpJYsCkFOFg9x5ZoYH4cu9qFD/flvPAm+4cLiMYa
         VV2ckfo5hacgJMXbwbE1CEXsoFcTkTX8Fg0IUyaoaFVTrBa1RLzfFRoCuUXNI1jAPRuc
         st/A==
X-Gm-Message-State: ABy/qLYqfBkt0ZSLn3kD/kmbnCz1BIR7rJHeDH8XBQq1kghoVOmKslE7
        Mo3s2EZARYY3s2ITRM6JwyT1Gg==
X-Google-Smtp-Source: 
 APBJJlHszG7MkK5M/s+gCn2cPnro3+GaotN/R+BKeRaTosXlQG7ZToDZHwzuzw4UhADn6GJDjqPH2w==
X-Received: by 2002:a7b:ca52:0:b0:3f6:1474:905 with SMTP id
 m18-20020a7bca52000000b003f614740905mr3713142wml.29.1690029658973;
        Sat, 22 Jul 2023 05:40:58 -0700 (PDT)
Received: from alex-rivos.ba.rivosinc.com
 (amontpellier-656-1-456-62.w92-145.abo.wanadoo.fr. [92.145.124.62])
        by smtp.gmail.com with ESMTPSA id
 p24-20020a1c7418000000b003fc07e17d4esm7988080wmc.2.2023.07.22.05.40.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 22 Jul 2023 05:40:58 -0700 (PDT)
From: Alexandre Ghiti <alexghiti@rivosinc.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Ard Biesheuvel <ardb@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>,
        Zong Li <zong.li@sifive.com>
Subject: [PATCH v6 2/5] riscv: Dump out kernel offset information on panic
Date: Sat, 22 Jul 2023 14:38:47 +0200
Message-Id: <20230722123850.634544-3-alexghiti@rivosinc.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230722123850.634544-1-alexghiti@rivosinc.com>
References: <20230722123850.634544-1-alexghiti@rivosinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Dump out the KASLR virtual kernel offset when panic to help debug kernel.

Signed-off-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Song Shuai <songshuaishuai@tinylab.org>
---
 arch/riscv/kernel/setup.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/arch/riscv/kernel/setup.c b/arch/riscv/kernel/setup.c
index 971fe776e2f8..0fb5a26ca4cc 100644
--- a/arch/riscv/kernel/setup.c
+++ b/arch/riscv/kernel/setup.c
@@ -21,6 +21,7 @@
 #include <linux/smp.h>
 #include <linux/efi.h>
 #include <linux/crash_dump.h>
+#include <linux/panic_notifier.h>
=20
 #include <asm/acpi.h>
 #include <asm/alternative.h>
@@ -341,3 +342,27 @@ void free_initmem(void)
=20
 	free_initmem_default(POISON_FREE_INITMEM);
 }
+
+static int dump_kernel_offset(struct notifier_block *self,
+			      unsigned long v, void *p)
+{
+	pr_emerg("Kernel Offset: 0x%lx from 0x%lx\n",
+		 kernel_map.virt_offset,
+		 KERNEL_LINK_ADDR);
+
+	return 0;
+}
+
+static struct notifier_block kernel_offset_notifier =3D {
+	.notifier_call =3D dump_kernel_offset
+};
+
+static int __init register_kernel_offset_dumper(void)
+{
+	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
+		atomic_notifier_chain_register(&panic_notifier_list,
+					       &kernel_offset_notifier);
+
+	return 0;
+}
+device_initcall(register_kernel_offset_dumper);
--=20
2.39.2
From nobody Thu Sep 11 22:33:07 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3A036EB64DC
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Jul 2023 12:42:06 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230338AbjGVMmF (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 22 Jul 2023 08:42:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51124 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229640AbjGVMmD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jul 2023 08:42:03 -0400
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com
 [IPv6:2a00:1450:4864:20::429])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CDE710F4
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:42:01 -0700 (PDT)
Received: by mail-wr1-x429.google.com with SMTP id
 ffacd0b85a97d-313e742a787so1704384f8f.1
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:42:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1690029720;
 x=1690634520;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=+mzz7+cmo7mG0EjTGePf51Ll6Zdd1gZGMKR3whiCyXs=;
        b=V96TMuxzudRhcGO/ZzQURbancsr5lKEHHBYSmn0kZqALCnTYGBt7N4G1iEsoR+Yekd
         smhceP2BChWnvJEr+/BjRf0ivPk/DG2KEKHi1qne5UgfIa6encaUClnG5uFPUgJMMpOy
         9/PK/doiMTFKxoAp+ChEFoQChQtEyAcPwruDqxliXTg3/1Xx7iFIUpzMaicoRmWe2yLq
         BkxM1RPuaM6PhOBx/1nBLZNffEklYgeyOlvCeowGZ8tFZKTTo41f8B9l5wh+1JfNaMkY
         GYyH7cwskMy6Hzl8UyTMwDzQAPH620WMZjclV58qyllqLw19MGecyPtEzCsYA+rE6X9s
         trBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690029720; x=1690634520;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+mzz7+cmo7mG0EjTGePf51Ll6Zdd1gZGMKR3whiCyXs=;
        b=O3ai2S8wep24B4KF2IN0yB0XliHm9r1qk2n6mcdnhLVvryOoihIkgGSkCIuv0/C6ns
         Dl3sr+IqhDQ5/9s8Dw8kMazyCMK6gdxx9Ix9qM43MlnoGQc0lfAes17SlVpgA/hcjVDa
         Z9AgYf6NglcnRmBbffJJy3nrM0+sPp6e1udKE5EgAvX2oYgm42KV8Kyxo1GDn+jeewEl
         mLhbVd3JCIZXAbss+6lkW25xOZnqSLQXxrrzIs21+wFXlO7fDjELm4SPID5Gc50ROT6g
         GXEUkQoFuTR8NGsO23CAdOT4rl+LeVL921UYWm5+FEOfvhm8cajSnDFYbxh9E06enTPZ
         2CXQ==
X-Gm-Message-State: ABy/qLbfsPAHILP+PqSR1Lw1+u2M721vLDZ5K9pPJ/M+lztxjUbG0AWj
        14h5XDg2f4RXCnbYKAmUL13c7A==
X-Google-Smtp-Source: 
 APBJJlFPWsJ9UUvyXPKGTP406O50bV7Q/6usxZuBSXPnk3Ri0enBPV1j0pOYb37plBHyyigt+Sgy8g==
X-Received: by 2002:a5d:4489:0:b0:313:f38d:555f with SMTP id
 j9-20020a5d4489000000b00313f38d555fmr3856610wrq.24.1690029719827;
        Sat, 22 Jul 2023 05:41:59 -0700 (PDT)
Received: from alex-rivos.ba.rivosinc.com
 (amontpellier-656-1-456-62.w92-145.abo.wanadoo.fr. [92.145.124.62])
        by smtp.gmail.com with ESMTPSA id
 r6-20020adff106000000b0031424950a99sm6863986wro.81.2023.07.22.05.41.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 22 Jul 2023 05:41:59 -0700 (PDT)
From: Alexandre Ghiti <alexghiti@rivosinc.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Ard Biesheuvel <ardb@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>
Subject: [PATCH v6 3/5] arm64: libstub: Move KASLR handling functions to
 kaslr.c
Date: Sat, 22 Jul 2023 14:38:48 +0200
Message-Id: <20230722123850.634544-4-alexghiti@rivosinc.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230722123850.634544-1-alexghiti@rivosinc.com>
References: <20230722123850.634544-1-alexghiti@rivosinc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This prepares for riscv to use the same functions to handle the p=C4=A5ysic=
al
kernel move when KASLR is enabled.

Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Song Shuai <songshuaishuai@tinylab.org>
---
 arch/arm64/include/asm/efi.h              |   2 +
 drivers/firmware/efi/libstub/Makefile     |   2 +-
 drivers/firmware/efi/libstub/arm64-stub.c | 117 ++--------------
 drivers/firmware/efi/libstub/efistub.h    |   8 ++
 drivers/firmware/efi/libstub/kaslr.c      | 159 ++++++++++++++++++++++
 5 files changed, 183 insertions(+), 105 deletions(-)
 create mode 100644 drivers/firmware/efi/libstub/kaslr.c

diff --git a/arch/arm64/include/asm/efi.h b/arch/arm64/include/asm/efi.h
index 4cf2cb053bc8..46273ee89445 100644
--- a/arch/arm64/include/asm/efi.h
+++ b/arch/arm64/include/asm/efi.h
@@ -168,4 +168,6 @@ static inline void efi_capsule_flush_cache_range(void *=
addr, int size)
=20
 efi_status_t efi_handle_corrupted_x18(efi_status_t s, const char *f);
=20
+void efi_icache_sync(unsigned long start, unsigned long end);
+
 #endif /* _ASM_EFI_H */
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/l=
ibstub/Makefile
index 16d64a34d1e1..11aba8a041ec 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -86,7 +86,7 @@ lib-$(CONFIG_EFI_GENERIC_STUB)	+=3D efi-stub.o string.o i=
ntrinsics.o systable.o \
 				   screen_info.o efi-stub-entry.o
=20
 lib-$(CONFIG_ARM)		+=3D arm32-stub.o
-lib-$(CONFIG_ARM64)		+=3D arm64.o arm64-stub.o smbios.o
+lib-$(CONFIG_ARM64)		+=3D kaslr.o arm64.o arm64-stub.o smbios.o
 lib-$(CONFIG_X86)		+=3D x86-stub.o
 lib-$(CONFIG_RISCV)		+=3D riscv.o riscv-stub.o
 lib-$(CONFIG_LOONGARCH)		+=3D loongarch.o loongarch-stub.o
diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/e=
fi/libstub/arm64-stub.c
index 770b8ecb7398..452b7ccd330e 100644
--- a/drivers/firmware/efi/libstub/arm64-stub.c
+++ b/drivers/firmware/efi/libstub/arm64-stub.c
@@ -14,42 +14,6 @@
=20
 #include "efistub.h"
=20
-/*
- * Distro versions of GRUB may ignore the BSS allocation entirely (i.e., f=
ail
- * to provide space, and fail to zero it). Check for this condition by dou=
ble
- * checking that the first and the last byte of the image are covered by t=
he
- * same EFI memory map entry.
- */
-static bool check_image_region(u64 base, u64 size)
-{
-	struct efi_boot_memmap *map;
-	efi_status_t status;
-	bool ret =3D false;
-	int map_offset;
-
-	status =3D efi_get_memory_map(&map, false);
-	if (status !=3D EFI_SUCCESS)
-		return false;
-
-	for (map_offset =3D 0; map_offset < map->map_size; map_offset +=3D map->d=
esc_size) {
-		efi_memory_desc_t *md =3D (void *)map->map + map_offset;
-		u64 end =3D md->phys_addr + md->num_pages * EFI_PAGE_SIZE;
-
-		/*
-		 * Find the region that covers base, and return whether
-		 * it covers base+size bytes.
-		 */
-		if (base >=3D md->phys_addr && base < end) {
-			ret =3D (base + size) <=3D end;
-			break;
-		}
-	}
-
-	efi_bs_call(free_pool, map);
-
-	return ret;
-}
-
 efi_status_t handle_kernel_image(unsigned long *image_addr,
 				 unsigned long *image_size,
 				 unsigned long *reserve_addr,
@@ -59,31 +23,6 @@ efi_status_t handle_kernel_image(unsigned long *image_ad=
dr,
 {
 	efi_status_t status;
 	unsigned long kernel_size, kernel_codesize, kernel_memsize;
-	u32 phys_seed =3D 0;
-	u64 min_kimg_align =3D efi_get_kimg_min_align();
-
-	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
-		efi_guid_t li_fixed_proto =3D LINUX_EFI_LOADED_IMAGE_FIXED_GUID;
-		void *p;
-
-		if (efi_nokaslr) {
-			efi_info("KASLR disabled on kernel command line\n");
-		} else if (efi_bs_call(handle_protocol, image_handle,
-				       &li_fixed_proto, &p) =3D=3D EFI_SUCCESS) {
-			efi_info("Image placement fixed by loader\n");
-		} else {
-			status =3D efi_get_random_bytes(sizeof(phys_seed),
-						      (u8 *)&phys_seed);
-			if (status =3D=3D EFI_NOT_FOUND) {
-				efi_info("EFI_RNG_PROTOCOL unavailable\n");
-				efi_nokaslr =3D true;
-			} else if (status !=3D EFI_SUCCESS) {
-				efi_err("efi_get_random_bytes() failed (0x%lx)\n",
-					status);
-				efi_nokaslr =3D true;
-			}
-		}
-	}
=20
 	if (image->image_base !=3D _text) {
 		efi_err("FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value\n"=
);
@@ -98,50 +37,15 @@ efi_status_t handle_kernel_image(unsigned long *image_a=
ddr,
 	kernel_codesize =3D __inittext_end - _text;
 	kernel_memsize =3D kernel_size + (_end - _edata);
 	*reserve_size =3D kernel_memsize;
+	*image_addr =3D (unsigned long)_text;
=20
-	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && phys_seed !=3D 0) {
-		/*
-		 * If KASLR is enabled, and we have some randomness available,
-		 * locate the kernel at a randomized offset in physical memory.
-		 */
-		status =3D efi_random_alloc(*reserve_size, min_kimg_align,
-					  reserve_addr, phys_seed,
-					  EFI_LOADER_CODE);
-		if (status !=3D EFI_SUCCESS)
-			efi_warn("efi_random_alloc() failed: 0x%lx\n", status);
-	} else {
-		status =3D EFI_OUT_OF_RESOURCES;
-	}
-
-	if (status !=3D EFI_SUCCESS) {
-		if (!check_image_region((u64)_text, kernel_memsize)) {
-			efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n"=
);
-		} else if (IS_ALIGNED((u64)_text, min_kimg_align) &&
-			   (u64)_end < EFI_ALLOC_LIMIT) {
-			/*
-			 * Just execute from wherever we were loaded by the
-			 * UEFI PE/COFF loader if the placement is suitable.
-			 */
-			*image_addr =3D (u64)_text;
-			*reserve_size =3D 0;
-			return EFI_SUCCESS;
-		}
-
-		status =3D efi_allocate_pages_aligned(*reserve_size, reserve_addr,
-						    ULONG_MAX, min_kimg_align,
-						    EFI_LOADER_CODE);
-
-		if (status !=3D EFI_SUCCESS) {
-			efi_err("Failed to relocate kernel\n");
-			*reserve_size =3D 0;
-			return status;
-		}
-	}
-
-	*image_addr =3D *reserve_addr;
-	memcpy((void *)*image_addr, _text, kernel_size);
-	caches_clean_inval_pou(*image_addr, *image_addr + kernel_codesize);
-	efi_remap_image(*image_addr, *reserve_size, kernel_codesize);
+	status =3D efi_kaslr_relocate_kernel(image_addr,
+					   reserve_addr, reserve_size,
+					   kernel_size, kernel_codesize,
+					   kernel_memsize,
+					   efi_kaslr_get_phys_seed(image_handle));
+	if (status !=3D EFI_SUCCESS)
+		return status;
=20
 	return EFI_SUCCESS;
 }
@@ -159,3 +63,8 @@ unsigned long primary_entry_offset(void)
 	 */
 	return (char *)primary_entry - _text;
 }
+
+void efi_icache_sync(unsigned long start, unsigned long end)
+{
+	caches_clean_inval_pou(start, end);
+}
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/=
libstub/efistub.h
index 6aa38a1bf126..b1a1037567ba 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -1132,6 +1132,14 @@ const u8 *__efi_get_smbios_string(const struct efi_s=
mbios_record *record,
=20
 void efi_remap_image(unsigned long image_base, unsigned alloc_size,
 		     unsigned long code_size);
+efi_status_t efi_kaslr_relocate_kernel(unsigned long *image_addr,
+				       unsigned long *reserve_addr,
+				       unsigned long *reserve_size,
+				       unsigned long kernel_size,
+				       unsigned long kernel_codesize,
+				       unsigned long kernel_memsize,
+				       u32 phys_seed);
+u32 efi_kaslr_get_phys_seed(efi_handle_t image_handle);
=20
 asmlinkage efi_status_t __efiapi
 efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab);
diff --git a/drivers/firmware/efi/libstub/kaslr.c b/drivers/firmware/efi/li=
bstub/kaslr.c
new file mode 100644
index 000000000000..be0c8ab0982a
--- /dev/null
+++ b/drivers/firmware/efi/libstub/kaslr.c
@@ -0,0 +1,159 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Helper functions used by the EFI stub on multiple
+ * architectures to deal with physical address space randomization.
+ */
+#include <linux/efi.h>
+
+#include "efistub.h"
+
+/**
+ * efi_kaslr_get_phys_seed() - Get random seed for physical kernel KASLR
+ * @image_handle:	Handle to the image
+ *
+ * If KASLR is not disabled, obtain a random seed using EFI_RNG_PROTOCOL
+ * that will be used to move the kernel physical mapping.
+ *
+ * Return:	the random seed
+ */
+u32 efi_kaslr_get_phys_seed(efi_handle_t image_handle)
+{
+	efi_status_t status;
+	u32 phys_seed;
+	efi_guid_t li_fixed_proto =3D LINUX_EFI_LOADED_IMAGE_FIXED_GUID;
+	void *p;
+
+	if (!IS_ENABLED(CONFIG_RANDOMIZE_BASE))
+		return 0;
+
+	if (efi_nokaslr) {
+		efi_info("KASLR disabled on kernel command line\n");
+	} else if (efi_bs_call(handle_protocol, image_handle,
+			       &li_fixed_proto, &p) =3D=3D EFI_SUCCESS) {
+		efi_info("Image placement fixed by loader\n");
+	} else {
+		status =3D efi_get_random_bytes(sizeof(phys_seed),
+					      (u8 *)&phys_seed);
+		if (status =3D=3D EFI_SUCCESS) {
+			return phys_seed;
+		} else if (status =3D=3D EFI_NOT_FOUND) {
+			efi_info("EFI_RNG_PROTOCOL unavailable\n");
+			efi_nokaslr =3D true;
+		} else if (status !=3D EFI_SUCCESS) {
+			efi_err("efi_get_random_bytes() failed (0x%lx)\n",
+				status);
+			efi_nokaslr =3D true;
+		}
+	}
+
+	return 0;
+}
+
+/*
+ * Distro versions of GRUB may ignore the BSS allocation entirely (i.e., f=
ail
+ * to provide space, and fail to zero it). Check for this condition by dou=
ble
+ * checking that the first and the last byte of the image are covered by t=
he
+ * same EFI memory map entry.
+ */
+static bool check_image_region(u64 base, u64 size)
+{
+	struct efi_boot_memmap *map;
+	efi_status_t status;
+	bool ret =3D false;
+	int map_offset;
+
+	status =3D efi_get_memory_map(&map, false);
+	if (status !=3D EFI_SUCCESS)
+		return false;
+
+	for (map_offset =3D 0; map_offset < map->map_size; map_offset +=3D map->d=
esc_size) {
+		efi_memory_desc_t *md =3D (void *)map->map + map_offset;
+		u64 end =3D md->phys_addr + md->num_pages * EFI_PAGE_SIZE;
+
+		/*
+		 * Find the region that covers base, and return whether
+		 * it covers base+size bytes.
+		 */
+		if (base >=3D md->phys_addr && base < end) {
+			ret =3D (base + size) <=3D end;
+			break;
+		}
+	}
+
+	efi_bs_call(free_pool, map);
+
+	return ret;
+}
+
+/**
+ * efi_kaslr_relocate_kernel() - Relocate the kernel (random if KASLR enab=
led)
+ * @image_addr: Pointer to the current kernel location
+ * @reserve_addr:	Pointer to the relocated kernel location
+ * @reserve_size:	Size of the relocated kernel
+ * @kernel_size:	Size of the text + data
+ * @kernel_codesize:	Size of the text
+ * @kernel_memsize:	Size of the text + data + bss
+ * @phys_seed:		Random seed used for the relocation
+ *
+ * If KASLR is not enabled, this function relocates the kernel to a fixed
+ * address (or leave it as its current location). If KASLR is enabled, the
+ * kernel physical location is randomized using the seed in parameter.
+ *
+ * Return:	status code, EFI_SUCCESS if relocation is successful
+ */
+efi_status_t efi_kaslr_relocate_kernel(unsigned long *image_addr,
+				       unsigned long *reserve_addr,
+				       unsigned long *reserve_size,
+				       unsigned long kernel_size,
+				       unsigned long kernel_codesize,
+				       unsigned long kernel_memsize,
+				       u32 phys_seed)
+{
+	efi_status_t status;
+	u64 min_kimg_align =3D efi_get_kimg_min_align();
+
+	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && phys_seed !=3D 0) {
+		/*
+		 * If KASLR is enabled, and we have some randomness available,
+		 * locate the kernel at a randomized offset in physical memory.
+		 */
+		status =3D efi_random_alloc(*reserve_size, min_kimg_align,
+					  reserve_addr, phys_seed,
+					  EFI_LOADER_CODE);
+		if (status !=3D EFI_SUCCESS)
+			efi_warn("efi_random_alloc() failed: 0x%lx\n", status);
+	} else {
+		status =3D EFI_OUT_OF_RESOURCES;
+	}
+
+	if (status !=3D EFI_SUCCESS) {
+		if (!check_image_region(*image_addr, kernel_memsize)) {
+			efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n"=
);
+		} else if (IS_ALIGNED(*image_addr, min_kimg_align) &&
+			   (u64)_end < EFI_ALLOC_LIMIT) {
+			/*
+			 * Just execute from wherever we were loaded by the
+			 * UEFI PE/COFF loader if the placement is suitable.
+			 */
+			*reserve_size =3D 0;
+			return EFI_SUCCESS;
+		}
+
+		status =3D efi_allocate_pages_aligned(*reserve_size, reserve_addr,
+						    ULONG_MAX, min_kimg_align,
+						    EFI_LOADER_CODE);
+
+		if (status !=3D EFI_SUCCESS) {
+			efi_err("Failed to relocate kernel\n");
+			*reserve_size =3D 0;
+			return status;
+		}
+	}
+
+	memcpy((void *)*reserve_addr, (void *)*image_addr, kernel_size);
+	*image_addr =3D *reserve_addr;
+	efi_icache_sync(*image_addr, *image_addr + kernel_codesize);
+	efi_remap_image(*image_addr, *reserve_size, kernel_codesize);
+
+	return status;
+}
--=20
2.39.2

From nobody Thu Sep 11 22:33:07 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 35CCDC001B0
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Jul 2023 12:43:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230382AbjGVMnG (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 22 Jul 2023 08:43:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51606 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230456AbjGVMnE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jul 2023 08:43:04 -0400
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com
 [IPv6:2a00:1450:4864:20::430])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AAD010DE
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:43:02 -0700 (PDT)
Received: by mail-wr1-x430.google.com with SMTP id
 ffacd0b85a97d-3159da54e95so2045988f8f.3
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:43:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1690029781;
 x=1690634581;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=/der0KJlDJ6cwsQs4A7+tIRkxDY3MMfqGccPHIlX2cU=;
        b=gLMFot1BkI0ANTW5TAy3Bb9fjvPkiUYnwOGIenuWohOLcknH0XGZ0PpcM+5zX60Z+m
         6O4mMv39vxTp/o926alCtUzZc0ivcxXTWHFsLiwv6C4Q2uWPZiqQqH7ZRG7cAyIIDqdy
         Susq5+QUDRzIxDTk4TkHnxVhYEgD48ErFCEHctoPsAin4wdcl/dH0Zc/OtXYWM33syru
         Y7w3nuCizPPyraqKoDNUV/m3+Rheyc7jQn3KCBJ8/ZvNAsHAxzPaOmiORG74HLe+FOg4
         lU9ZgkmtlURKG7U2HY6d77tMENB8qrjtfCa9/CDqOzOTj7KREym6sTWEMenKl303dxM2
         TM1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690029781; x=1690634581;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/der0KJlDJ6cwsQs4A7+tIRkxDY3MMfqGccPHIlX2cU=;
        b=g+OE8hirMShLUYVu8uuTmyoiMk0WN/25EZcTJzLtTdDhClMcpCBaqEkHF48RMLdF8Q
         1g2WM7XX3wlkH+PxBap3LqHM2dnpGv/RnDvnN6CMOQnyVQ8x9RWuhOrkg+CCsugr6kG9
         FotAbeuHJnXHvRIopPqCg5pgRrzRygFjEdfW3ELbvC/cIDJnPmXJH+GLzp9kswNE8EjC
         M+2gFB0QQ0PNtg6aVNlny/DbHdCJYRM97koBkOL6Yfi9Gb/DxEEnwx0ArQtOr9Ui3ffN
         OyNvLnt0griMplBKw2NZ++uyjCEx4genaPaITnxeSnefYPJP2XXMtc1wJmGBGQ9FNcO4
         1bAQ==
X-Gm-Message-State: ABy/qLafRNDLCjeen3og2cp23pIuFJSuGf9hYVkxxUHTT4Q0Si2ZAuJW
        Qyt0X0PfIct8KIgIPYl3rOPS5oYcEVU+KwQr9so=
X-Google-Smtp-Source: 
 APBJJlHkvTt0JkOjTHC/10qCFsIyDPIAfKz5RSmvzPMUq5Ej1dnP9W1WU/kGxqayUnfN2+92c6cZ+Q==
X-Received: by 2002:adf:e6d0:0:b0:313:fff0:ff44 with SMTP id
 y16-20020adfe6d0000000b00313fff0ff44mr3603578wrm.38.1690029780939;
        Sat, 22 Jul 2023 05:43:00 -0700 (PDT)
Received: from alex-rivos.ba.rivosinc.com
 (amontpellier-656-1-456-62.w92-145.abo.wanadoo.fr. [92.145.124.62])
        by smtp.gmail.com with ESMTPSA id
 t10-20020a5d690a000000b00316fc844be7sm6834681wru.36.2023.07.22.05.43.00
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 22 Jul 2023 05:43:00 -0700 (PDT)
From: Alexandre Ghiti <alexghiti@rivosinc.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Ard Biesheuvel <ardb@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>
Subject: [PATCH v6 4/5] libstub: Fix compilation warning for rv32
Date: Sat, 22 Jul 2023 14:38:49 +0200
Message-Id: <20230722123850.634544-5-alexghiti@rivosinc.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230722123850.634544-1-alexghiti@rivosinc.com>
References: <20230722123850.634544-1-alexghiti@rivosinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Fix the following warning which appears when compiled for rv32 by using
unsigned long type instead of u64.

../drivers/firmware/efi/libstub/efi-stub-helper.c: In function 'efi_kaslr_r=
elocate_kernel':
../drivers/firmware/efi/libstub/efi-stub-helper.c:846:28: warning: cast fro=
m pointer to integer of different size [-Wpointer-to-int-cast]
  846 |                            (u64)_end < EFI_ALLOC_LIMIT) {

Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Song Shuai <songshuaishuai@tinylab.org>
---
 drivers/firmware/efi/libstub/kaslr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/firmware/efi/libstub/kaslr.c b/drivers/firmware/efi/li=
bstub/kaslr.c
index be0c8ab0982a..afb857329799 100644
--- a/drivers/firmware/efi/libstub/kaslr.c
+++ b/drivers/firmware/efi/libstub/kaslr.c
@@ -130,7 +130,7 @@ efi_status_t efi_kaslr_relocate_kernel(unsigned long *i=
mage_addr,
 		if (!check_image_region(*image_addr, kernel_memsize)) {
 			efi_err("FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region\n"=
);
 		} else if (IS_ALIGNED(*image_addr, min_kimg_align) &&
-			   (u64)_end < EFI_ALLOC_LIMIT) {
+			   (unsigned long)_end < EFI_ALLOC_LIMIT) {
 			/*
 			 * Just execute from wherever we were loaded by the
 			 * UEFI PE/COFF loader if the placement is suitable.
--=20
2.39.2
From nobody Thu Sep 11 22:33:07 2025
Return-Path: <linux-kernel-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DD388EB64DA
	for <linux-kernel@archiver.kernel.org>; Sat, 22 Jul 2023 12:44:08 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230204AbjGVMoH (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Sat, 22 Jul 2023 08:44:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52260 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229552AbjGVMoF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jul 2023 08:44:05 -0400
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com
 [IPv6:2a00:1450:4864:20::330])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 81C90268E
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:44:03 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id
 5b1f17b1804b1-3fbc54cab6fso22550815e9.0
        for <linux-kernel@vger.kernel.org>;
 Sat, 22 Jul 2023 05:44:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1690029842;
 x=1690634642;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=YeCObNb4PmolJTFe26id2IecwNBs81NuN62SQUhE5h0=;
        b=pUM+520vb2S92A6ynS7MBf+a+TvlSycieG6x/eLAxB9vkNf2NAAk3hKz2lVbEhN6Km
         9D+OpTxN358e0ePT4GlQNjD4y8JMqJED6JHYZ1vhglRCGL+/9vv8wgBa/4HC0Fg3s8wl
         rq+o2tb+8mmawwLyIZAoIgVi0mtbElZCDvcWyHCsAUhpD8yih7TyKqRWkFD9vcKvJ5l5
         To5s+Yl8KRng8QyCvHUYBfFXpVY39ST6SArgtFX6PcsvC0376cKqK/E6lDNOuZdou2k4
         ZmWsNfaeoEOrbmUCy2hQGQ6pkeaaasNFlU+Xmn7w+FgnOZcFNhGwUveLYe1tubOKHwSl
         xSJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690029842; x=1690634642;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=YeCObNb4PmolJTFe26id2IecwNBs81NuN62SQUhE5h0=;
        b=FRBFbrfZeZIgNRKi3upvN7os+H4/wjZAmz7x9l4UppJwxzrD5GfrlDYjPEHkAOL0Ze
         cfESzbXuw5uyhdC0MqcXqAazLWDBhLW3NeqHd1G4ICpwn5GAqWFroi5RSmcvCBvWgw02
         t8h3owYycw2VRJOIfNRZikTfCl0VM7BPap6hwh5PMBNgghQ/twF+0uRtcH5CxTNBBXmP
         FR/2WjubzuII4JTdRiY3gJYvOMVkmIdo1CNj82x+afjjl7tSRn6lUbKlXKR1w4ZHksfl
         Oyq2w5kKjamt+DNnwtUmN49Fm31D0C6om2+lQ62E+Z5InYaMQFUHF497g2SEN3TOLY1F
         1SAw==
X-Gm-Message-State: ABy/qLbo2aCUfKj/RDcR2HjoHdyGNJkv7BKvT8CWu+4W17kjfCAIUEwH
        DyYcNZIbTztQqWFW+gOnwdwRhw==
X-Google-Smtp-Source: 
 APBJJlESOn48Uam2uBAko67ZqktvYU2AYN1QmwgL/HAND5SbQf6wVpva7H1fOV9++dlkWv6Q6TZ77g==
X-Received: by 2002:a05:600c:21cf:b0:3fc:e00:5275 with SMTP id
 x15-20020a05600c21cf00b003fc0e005275mr2809721wmj.2.1690029841797;
        Sat, 22 Jul 2023 05:44:01 -0700 (PDT)
Received: from alex-rivos.ba.rivosinc.com
 (amontpellier-656-1-456-62.w92-145.abo.wanadoo.fr. [92.145.124.62])
        by smtp.gmail.com with ESMTPSA id
 n11-20020a7bcbcb000000b003fba92fad35sm7985875wmi.26.2023.07.22.05.44.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 22 Jul 2023 05:44:01 -0700 (PDT)
From: Alexandre Ghiti <alexghiti@rivosinc.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Albert Ou <aou@eecs.berkeley.edu>,
        Ard Biesheuvel <ardb@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Alexandre Ghiti <alexghiti@rivosinc.com>
Subject: [PATCH v6 5/5] riscv: libstub: Implement KASLR by using generic
 functions
Date: Sat, 22 Jul 2023 14:38:50 +0200
Message-Id: <20230722123850.634544-6-alexghiti@rivosinc.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230722123850.634544-1-alexghiti@rivosinc.com>
References: <20230722123850.634544-1-alexghiti@rivosinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

We can now use arm64 functions to handle the move of the kernel physical
mapping: if KASLR is enabled, we will try to get a random seed from the
firmware, if not possible, the kernel will be moved to a location that
suits its alignment constraints.

Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Song Shuai <songshuaishuai@tinylab.org>
---
 arch/riscv/include/asm/efi.h              |  2 ++
 arch/riscv/kernel/image-vars.h            |  1 +
 drivers/firmware/efi/libstub/Makefile     |  2 +-
 drivers/firmware/efi/libstub/riscv-stub.c | 33 +++++++++++------------
 4 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/arch/riscv/include/asm/efi.h b/arch/riscv/include/asm/efi.h
index 29e9a0d84b16..00b24ba55035 100644
--- a/arch/riscv/include/asm/efi.h
+++ b/arch/riscv/include/asm/efi.h
@@ -51,4 +51,6 @@ void efi_virtmap_unload(void);
=20
 unsigned long stext_offset(void);
=20
+void efi_icache_sync(unsigned long start, unsigned long end);
+
 #endif /* _ASM_EFI_H */
diff --git a/arch/riscv/kernel/image-vars.h b/arch/riscv/kernel/image-vars.h
index 15616155008c..ea1a10355ce9 100644
--- a/arch/riscv/kernel/image-vars.h
+++ b/arch/riscv/kernel/image-vars.h
@@ -27,6 +27,7 @@ __efistub__start		=3D _start;
 __efistub__start_kernel		=3D _start_kernel;
 __efistub__end			=3D _end;
 __efistub__edata		=3D _edata;
+__efistub___init_text_end	=3D __init_text_end;
 __efistub_screen_info		=3D screen_info;
=20
 #endif
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/l=
ibstub/Makefile
index 11aba8a041ec..dc90a31b189f 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -88,7 +88,7 @@ lib-$(CONFIG_EFI_GENERIC_STUB)	+=3D efi-stub.o string.o i=
ntrinsics.o systable.o \
 lib-$(CONFIG_ARM)		+=3D arm32-stub.o
 lib-$(CONFIG_ARM64)		+=3D kaslr.o arm64.o arm64-stub.o smbios.o
 lib-$(CONFIG_X86)		+=3D x86-stub.o
-lib-$(CONFIG_RISCV)		+=3D riscv.o riscv-stub.o
+lib-$(CONFIG_RISCV)		+=3D kaslr.o riscv.o riscv-stub.o
 lib-$(CONFIG_LOONGARCH)		+=3D loongarch.o loongarch-stub.o
=20
 CFLAGS_arm32-stub.o		:=3D -DTEXT_OFFSET=3D$(TEXT_OFFSET)
diff --git a/drivers/firmware/efi/libstub/riscv-stub.c b/drivers/firmware/e=
fi/libstub/riscv-stub.c
index 145c9f0ba217..c96d6dcee86c 100644
--- a/drivers/firmware/efi/libstub/riscv-stub.c
+++ b/drivers/firmware/efi/libstub/riscv-stub.c
@@ -30,32 +30,29 @@ efi_status_t handle_kernel_image(unsigned long *image_a=
ddr,
 				 efi_loaded_image_t *image,
 				 efi_handle_t image_handle)
 {
-	unsigned long kernel_size =3D 0;
-	unsigned long preferred_addr;
+	unsigned long kernel_size, kernel_codesize, kernel_memsize;
 	efi_status_t status;
=20
 	kernel_size =3D _edata - _start;
+	kernel_codesize =3D __init_text_end - _start;
+	kernel_memsize =3D kernel_size + (_end - _edata);
 	*image_addr =3D (unsigned long)_start;
-	*image_size =3D kernel_size + (_end - _edata);
-
-	/*
-	 * RISC-V kernel maps PAGE_OFFSET virtual address to the same physical
-	 * address where kernel is booted. That's why kernel should boot from
-	 * as low as possible to avoid wastage of memory. Currently, dram_base
-	 * is occupied by the firmware. So the preferred address for kernel to
-	 * boot is next aligned address. If preferred address is not available,
-	 * relocate_kernel will fall back to efi_low_alloc_above to allocate
-	 * lowest possible memory region as long as the address and size meets
-	 * the alignment constraints.
-	 */
-	preferred_addr =3D EFI_KIMG_PREFERRED_ADDRESS;
-	status =3D efi_relocate_kernel(image_addr, kernel_size, *image_size,
-				     preferred_addr, efi_get_kimg_min_align(),
-				     0x0);
+	*image_size =3D kernel_memsize;
+	*reserve_size =3D *image_size;
=20
+	status =3D efi_kaslr_relocate_kernel(image_addr,
+					   reserve_addr, reserve_size,
+					   kernel_size, kernel_codesize, kernel_memsize,
+					   efi_kaslr_get_phys_seed(image_handle));
 	if (status !=3D EFI_SUCCESS) {
 		efi_err("Failed to relocate kernel\n");
 		*image_size =3D 0;
 	}
+
 	return status;
 }
+
+void efi_icache_sync(unsigned long start, unsigned long end)
+{
+	asm volatile ("fence.i" ::: "memory");
+}
--=20
2.39.2