From nobody Sat Jun 13 03:07:57 2026 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6386B3DA5AE for ; Mon, 11 May 2026 10:46:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496401; cv=none; b=BBCPRd2iImJwiELBPdvqjW+8BbEx5O9JrN5ofJvfEofF/9mURev1S1ff8HQ8LEd/LcZwPPxyi6nkInWHogtSJpGTQabj72He1c3Eapi0avRRAsydjbT6o8OjNKsPmDCfiRiWViuV4vGo4kWZVioBvQuj4idoO47pw8+UtdqcT+I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496401; c=relaxed/simple; bh=lYLyGpAeXXin55IC09xdRLP7QiJRBHgecdSl2/SXufI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RSHTzL91jnwdjPGBf1t3stgwZScRTyf3PvnL33H0tZlLDP9Hk5N7IAaX2UE2U6/m0XfYgj2AMWKqkCqGtYKpI+Dx1eZGMEHB+28mxQUCIM1Wd3TBTin4FZ6TkqGBzbT7mt2m9Gw3MxbXfnOOELk6FDOv6M2UHheB4k58QdGMBmU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc; spf=pass smtp.mailfrom=hev.cc; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b=JdnnpLTF; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hev.cc Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b="JdnnpLTF" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-836ebdeb969so1853243b3a.3 for ; Mon, 11 May 2026 03:46:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hev-cc.20251104.gappssmtp.com; s=20251104; t=1778496400; x=1779101200; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hS+655jFZPiMsN9BL5hVT9EfmcJYrhGbTVgUqy03Zy8=; b=JdnnpLTFmErECkAYD8Ze47ZnQ8P6pw8aUaL9eE95yJTxEjHuDD5rj7S6Sobo9Cgbkg i6AXem/JIn57LUao5dNURUKoPQSdc69NsqI4exNBClAjSF96RAlRLXj7pc5YR6y5L5XR TtTKabEG8WdxP3Zg8aaXL9Z8gNx5L7QCwHM+0r4kGjj+7S7wewgy7Y1FAOmBnS2s4xdq Zzu6iSD0hYx57vUDWHLVf1YF1KqoFSbHGtl+zVnnPVtPROzrODa+7gL8f28OywNm9veJ UPNlbEjaAaldi9iOLyo+Ct8Nj/CvHH3c1RahtnkQAJrcM6tzsSINWvF8dPazYiVhwOSD Tkew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778496400; x=1779101200; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=hS+655jFZPiMsN9BL5hVT9EfmcJYrhGbTVgUqy03Zy8=; b=tP2w/51bYNVeQvdN5HV/Quj+4oBMyrU0Z+L8phKHVK+/LNvdf8XgcSz0XMZFX5nB5f gT8qEJPdcAsSIq5deJQ3Xy2xDgvd9hfcQyB+Um+beUaVjIxFFY+iuRmstAZkpeIPNGSV ziVix777g5tlg0sdSEEpL6wAbf6hW5j6EPc8OiqUpZy6i7iRKB9xakAZXEYkInPpTBjA /IvDeswkHLo4fipvpzI47cONh49vaUwfmYwjxXedQ0UyY1cHJaaT4/mziULMb+N6U7B4 HrP49nbojksSUdxb16EszAIH80Mmwh3xKr7j6PSzq4UV2blX27nocebHW3Gpp/5G/P+0 COMw== X-Forwarded-Encrypted: i=1; AFNElJ/IuqnTSNiYsZx8dW31OaY3uR/9xi/6YLU4QHB4helMo8+7hnh9eG1lcWEm5S2p/WAT2eMhx8lSD5OWmAU=@vger.kernel.org X-Gm-Message-State: AOJu0Yx5IMrhl5ZbVJayJFqxLCRg2Z3VWlcH4twceVJbKYddFtli3kIJ secf8SDqqw27GHbmdljFdF1xiYnFeme/2JmwjvvVe3GviUbhFMUSUwOoj8Hm2YJRY0k= X-Gm-Gg: Acq92OHOSK9nzHMYJOjHlul/j/WVv3wbObRrsDeymslNHg7RE6DiRcifCrpdzn8tFjC DVMQbiq6HIvBcSjYmhPcZXLEFRlXDrRASwqdzDExm++e2viEZTmxEIZRVwXV5+rFGvXpwmpiPJf fOevXZOxTatXYwwFcctjRSSmwdqXmw6XqGxm7HQRBHL849mCyNywoiCZigR5FFPYOQVEzTaB75k cWxuapMtNQe0Dfrecg0QUIKN+E3YvNK8MSxpCj6YSlbKSnsY98AgDzU0jEme+0gK4+ixFKtGT8F NDmYHtxwC+hbg37fiynwJXBGHT8KfDc6Bt+oD3+SWNbWhAjV1vAap7P1y9s5XrevhZfZsqCDB5g WfGY9JalNzakGbTaoKDePS4naM5IIs4i11jOhW3gd8YWSSNAcR6cGwEF1abRrLiMPEoq2O+SjCA /0vOTMv6Y/GxlLmYLAoXE= X-Received: by 2002:a05:6a00:368f:b0:82f:6e7:1527 with SMTP id d2e1a72fcca58-83a5d09a84bmr23434499b3a.23.1778496399633; Mon, 11 May 2026 03:46:39 -0700 (PDT) Received: from localhost ([2400:8902:e002:de3f:344e:4435:2c77:3920]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-839679c861esm24927599b3a.30.2026.05.11.03.46.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 03:46:39 -0700 (PDT) From: WANG Rui To: Huacai Chen , Ard Biesheuvel Cc: WANG Xuerui , Ilias Apalodimas , Haiyong Sun , Lisa Robinson , loongarch@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, WANG Rui , Huacai Chen Subject: [PATCH v5 1/3] efi/loongarch: Randomize kernel preferred address for KASLR Date: Mon, 11 May 2026 18:45:53 +0800 Message-ID: <20260511104555.196270-2-r@hev.cc> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260511104555.196270-1-r@hev.cc> References: <20260511104555.196270-1-r@hev.cc> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce efi_get_kimg_kaslr_address() helper to compute the preferred kernel image load address dynamically when CONFIG_RANDOMIZE_BASE is enabled. The function derives a random offset by using the EFI-provided randomness combined with the timer tick value, and constrains it within CONFIG_RANDOMIZE_BASE_MAX_OFFSET. Update EFI_KIMG_PREFERRED_ADDRESS to call this helper so that the EFI stub can select a randomized load address when KASLR is active, while preserving the original base address behavior when KASLR is disabled or "nokaslr" is specified. Note: LoongArch can't KASLR for hibernation, so set efi_nokaslr to true if "resume=3D" is explicitly specified in cmdline. Acked-by: Ard Biesheuvel Co-authored-by: Huacai Chen Signed-off-by: WANG Rui Signed-off-by: Huacai Chen --- arch/loongarch/include/asm/efi.h | 4 +++- drivers/firmware/efi/libstub/efi-stub-helper.c | 4 ++++ drivers/firmware/efi/libstub/loongarch.c | 16 ++++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/arch/loongarch/include/asm/efi.h b/arch/loongarch/include/asm/= efi.h index eddc8e79b3fa..1ad764b18c3e 100644 --- a/arch/loongarch/include/asm/efi.h +++ b/arch/loongarch/include/asm/efi.h @@ -30,6 +30,8 @@ static inline unsigned long efi_get_kimg_min_align(void) return SZ_2M; } =20 -#define EFI_KIMG_PREFERRED_ADDRESS PHYSADDR(VMLINUX_LOAD_ADDRESS) +unsigned long efi_get_kimg_kaslr_address(void); + +#define EFI_KIMG_PREFERRED_ADDRESS efi_get_kimg_kaslr_address() =20 #endif /* _ASM_LOONGARCH_EFI_H */ diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmw= are/efi/libstub/efi-stub-helper.c index 7aa2f9ad2935..f27f2e1f0019 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -79,6 +79,10 @@ efi_status_t efi_parse_options(char const *cmdline) efi_noinitrd =3D true; } else if (IS_ENABLED(CONFIG_X86_64) && !strcmp(param, "no5lvl")) { efi_no5lvl =3D true; + } else if (IS_ENABLED(CONFIG_LOONGARCH) && + IS_ENABLED(CONFIG_HIBERNATION) && + !strcmp(param, "resume") && val) { + efi_nokaslr =3D true; /* LoongArch can't KASLR for hibernation */ } else if (IS_ENABLED(CONFIG_ARCH_HAS_MEM_ENCRYPT) && !strcmp(param, "mem_encrypt") && val) { if (parse_option_str(val, "on")) diff --git a/drivers/firmware/efi/libstub/loongarch.c b/drivers/firmware/ef= i/libstub/loongarch.c index f7938d5c196a..2b0c87dc9908 100644 --- a/drivers/firmware/efi/libstub/loongarch.c +++ b/drivers/firmware/efi/libstub/loongarch.c @@ -23,6 +23,22 @@ void efi_cache_sync_image(unsigned long image_base, unsi= gned long alloc_size) asm volatile ("ibar 0" ::: "memory"); } =20 +unsigned long efi_get_kimg_kaslr_address(void) +{ + unsigned int random_offset =3D 0; + +#ifdef CONFIG_RANDOMIZE_BASE + if (!efi_nokaslr) { + efi_get_random_bytes(sizeof(random_offset), (u8 *)&random_offset); + random_offset ^=3D (random_get_entropy() << 16); + random_offset &=3D (CONFIG_RANDOMIZE_BASE_MAX_OFFSET - 1); + random_offset =3D ALIGN(random_offset + SZ_64K, SZ_64K); + } +#endif + + return PHYSADDR(VMLINUX_LOAD_ADDRESS) + random_offset; +} + struct exit_boot_struct { efi_memory_desc_t *runtime_map; int runtime_entry_count; --=20 2.54.0 From nobody Sat Jun 13 03:07:57 2026 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEEEE3DA7D4 for ; Mon, 11 May 2026 10:46:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496405; cv=none; b=IPjRp2y6JqPH6Do8dXF5cXWuIZgMcPPjYxNDp2b864juEH1PBgqou6SBfJYYZA7da9eSccTRRhIWT6S0Z5p1k6I7+/SWCGwVy5G5hYVKj37QynYosG9Pk6OeFlrtQPoeqK1T7R2bJsnzn7uhx5hJXysThHoFE0fZ9BleCm4vcgg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496405; c=relaxed/simple; bh=M7SzPCM13HJKsqptckY7Oq9QwJZQzoJVaF+FfkouS7w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NVPUwLFb0es5/Fu2Y6N1uheNCjTEYbiSySLphSFABTbnfi4Aujf+WI7UxTYOegxSCEZc/m/5EPBBioM26/yOQoPZTIgjeiTfA9bueMahUbadV0c0YM+snVEERqmFHHfrVKsSHXVH7tchi0qFT5xPe5UDEMER1ukHeo5jdD8uglc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc; spf=pass smtp.mailfrom=hev.cc; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b=Gf6+6qkG; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hev.cc Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b="Gf6+6qkG" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-c802803ac17so1753332a12.1 for ; Mon, 11 May 2026 03:46:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hev-cc.20251104.gappssmtp.com; s=20251104; t=1778496403; x=1779101203; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SCD5tvLyAyFU8kzoBKm4CiGZmi4/Go8gChPflbMKPN8=; b=Gf6+6qkG+flz3le5dyK0qQCHxbhfiYetKTbgJ3ZvhYoGeZIPJTCa2h5DJ8YxZMybx1 MJP7irTzujvfIXYOqxH975kjhYz/RVO1AQzp3oHyb07Hhej53OWoQ6CvN4R5qQQuL6kS PACfOG/3JPPVj176wEsvipCMQWxwtn7BvNQ+lcttt4w2QYQG3mu8AMvz9hSnH4zu+BEu XO44xzMwGZV/UDKXtf1tpzVisBSZssmi+twQEt1K+0jgJapc31y2pGq7ZklcnWhVrE6k lTVfiNh+1vsnQuu3PsH12ELTkNhUYilPQP3sCFLSH8mG11g1YHd8IlxsFgm3wKo/QNqB h6eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778496403; x=1779101203; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=SCD5tvLyAyFU8kzoBKm4CiGZmi4/Go8gChPflbMKPN8=; b=WGE0HKSrZh1eH/Rn7PC9RPQQ/gXwWKvQSlg9PLpH93fwT6OxAO3KFr5QS+TgJxnOBS Do1SbtVkDOJ9WZJiRD7ZpmMwqTcKczIbmnv6d5DeSv/2YbqaX0BrCg62BtJ7MC7LNcge 3oK5bHe0H3XZmfP+o+8Sn9RScoh9XFKAKDoF3w1yaNsnNyo6gSvYefCnsafhPiVkzyUa Sf8/pxOvJKd0viw9W20BJOSkwEyZtp7crrTH8oOxD2lXiMq4bHHpJg8eplEnAT5O26HT D6q5Y5MG7wOzizgSaI0dmXzx32G3uCv757QkFCuJaNZ8a9/05iqkQ9XCX/BYBJTHlHEK QzBw== X-Forwarded-Encrypted: i=1; AFNElJ/AN62r5CcX6G02JYXfz6/U0qfVkBTJbXEsfYVjUSRu6CjitDkCn2PXD3hPwXEJEIhaRy+NU80p3tT2/eI=@vger.kernel.org X-Gm-Message-State: AOJu0YzvVbz1uTM1/2axl2wuAiXYdfOyHzf5gAsxwb6ewllOVVSPNl98 HxQEsUKcfXgGsjltpl2ZXK4FGMJeMOqrYgBLifpxv6UnVc9fcsuNly/BM9aGWVbUEms= X-Gm-Gg: Acq92OFjBXZr2dMcYVEG01avBsMgTs9J3e4haDezV8h7r9FFjj6yi/I7zhhARyAxLbQ GLoz2wQXAx64/2INLOuwe1xchrn0JC3b3n3qTsWw0SU2W8SiPY2DWeMPRhGipNk4SWZiv1dvGsY bLxmhBpRkmvtucPWyfZI36aRvZ4y2AYUbXTrdhbftxP235DVTWxUg9zt01LO6rZEFYDQJgxdlww OZH2jMUlZttiO/uKCfOffB+kyOdzKopm+V5YfI2AiTXXMaVv3vKG/xM2oaeAqceCjzLNSro/gKh VzVrRQ2skQuR2O8qdfR9YrSObVWg9tQDJrbXxbwiyjgby0NiL4uYUYn8JkgwGbjN+W76TTl1Ktj z0bujeWBIrHm2efv8Hmg4sh5MyifAsGB8GgQCuk8TjwtONn986Q1YEQXBUGtU2rpvHtuojDR/NK voWIWlwL6x X-Received: by 2002:a05:6300:2189:b0:3ab:1680:c5d3 with SMTP id adf61e73a8af0-3ab1680c657mr3024235637.31.1778496402887; Mon, 11 May 2026 03:46:42 -0700 (PDT) Received: from localhost ([2400:8902:e002:de3f:344e:4435:2c77:3920]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-839679c861esm24927599b3a.30.2026.05.11.03.46.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 03:46:42 -0700 (PDT) From: WANG Rui To: Huacai Chen , Ard Biesheuvel Cc: WANG Xuerui , Ilias Apalodimas , Haiyong Sun , Lisa Robinson , loongarch@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, WANG Rui , Huacai Chen Subject: [PATCH v5 2/3] LoongArch: Skip relocation-time KASLR if already applied Date: Mon, 11 May 2026 18:45:54 +0800 Message-ID: <20260511104555.196270-3-r@hev.cc> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260511104555.196270-1-r@hev.cc> References: <20260511104555.196270-1-r@hev.cc> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When the kernel is relocated during early boot (efistub or kexec_file), a randomized load address may has already been selected and applied. In this case, performing KASLR again in relocate.c is unnecessary. Note: strictly-defined KASLR means the kernel's final runtime address has a random offset from the kernel's load address, which is implemented in relocate.c; broadly-defined KALSR means the kernel's final runtime address has a random offset from the kernel's link address (a.k.a. VMLINUX_LOAD_ADDRESS), which also include the efistlub implementation, kexec_file implementation and QEMU direct kernel boot. kaslr_disabled() return true only means strictly-defined KASLR is disabled. Acked-by: Ard Biesheuvel Co-authored-by: Huacai Chen Signed-off-by: WANG Rui Signed-off-by: Huacai Chen --- arch/loongarch/kernel/relocate.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/loongarch/kernel/relocate.c b/arch/loongarch/kernel/reloc= ate.c index 16f6a9b39659..0a045964fad5 100644 --- a/arch/loongarch/kernel/relocate.c +++ b/arch/loongarch/kernel/relocate.c @@ -134,11 +134,23 @@ early_param("nokaslr", nokaslr); =20 #define KASLR_DISABLED_MESSAGE "KASLR is disabled by %s in %s cmdline.\n" =20 +/* + * Note: strictly-defined KASLR means the kernel's final runtime address + * has a random offset from the kernel's load address, which is implemented + * in relocate.c; broadly-defined KALSR means the kernel's final runtime + * address has a random offset from the kernel's link address (a.k.a. + * VMLINUX_LOAD_ADDRESS), which also include the efistlub implementation, + * kexec_file implementation and QEMU direct kernel boot. kaslr_disabled() + * return true only means strictly-defined KASLR is disabled. + */ static inline __init bool kaslr_disabled(void) { char *str; const char *builtin_cmdline =3D CONFIG_CMDLINE; =20 + if (kaslr_offset()) + return true; /* KASLR is performed during early boot. */ + str =3D strstr(builtin_cmdline, "nokaslr"); if (str =3D=3D builtin_cmdline || (str > builtin_cmdline && *(str - 1) = =3D=3D ' ')) { pr_info(KASLR_DISABLED_MESSAGE, "\'nokaslr\'", "built-in"); --=20 2.54.0 From nobody Sat Jun 13 03:07:57 2026 Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF5253DA7CB for ; Mon, 11 May 2026 10:46:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496408; cv=none; b=N+vdmsYcnXGTLMzgw9ZYJJnkBLlOIi/yq8ZYS1ZuLR42Jmiie1z5HKh9ZcNg5SS3gpSeoJFB5DzjBRLBEeoCl3wJPyLt/1LHKPRD3K/kuJHjBZmI/d63qQNk0h+GC1aLFXEkuVwNnGjAWrYbRbXN73l2HW3YhlhmqKQW6Y89OoY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778496408; c=relaxed/simple; bh=4SXmfcgX9Xc7X+ECU2pGHF0IxLYkgbYx4JOLZXPQsjA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fsADssUIhMy0xeHJ02qWmQywMcJoMPT+YSFW5xpRu9DFC4oaAXu582oOLdg6Xj8ip2NTVvbkcNgo+PIXZbwiU8v+I7nmBi4XzAjec4RR17HnwT3pyfMYPeeIaVVeptoW3MmDE5TB3NapJdhBw5AKPbb4TAOQSCMQ6gTdZlmFTl4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc; spf=pass smtp.mailfrom=hev.cc; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b=LSnTkGc1; arc=none smtp.client-ip=209.85.215.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hev.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hev.cc Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=hev-cc.20251104.gappssmtp.com header.i=@hev-cc.20251104.gappssmtp.com header.b="LSnTkGc1" Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-c802803ac17so1753348a12.1 for ; Mon, 11 May 2026 03:46:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hev-cc.20251104.gappssmtp.com; s=20251104; t=1778496406; x=1779101206; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KGeGGvDHlwPJP9DOo96cEsEK7mSKv8XkYQ47F+mLwRA=; b=LSnTkGc1PkP43z/TY+94DNORbjhdx0ORrS9UBbmNOSWq6+MeT3OMYak42UlTHT50Gc MHSeOHrhZSLyjm4W3eDlqdCyr9us/AHw7dJjj3nImoihDHmMNznQ1B1QIaG2/N8jBKVj tjrrZkcqO8FGIZZN3GuPIetO3fu04WcuoDVIZTCYa9N0qn1k3oQ/K/rs16S0shKoUOde O8UP/Qv/P5F4Cq5b0I0VpbeB0Y8JiNOK7HTb1cB28luRsiJ/xJEAri/TrQnPevj2vWnv 6vS5QbgMsHjX7XCO4zRhD+9mNzLUh2SozoKpW0inRpVyRGnm65VMhQWsXdq4bZ/ib6LO jTiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778496406; x=1779101206; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KGeGGvDHlwPJP9DOo96cEsEK7mSKv8XkYQ47F+mLwRA=; b=Wmseupkpbw00UcMLsPasmBoqwQnhATtK+DgzEQDX2ia8prjK6ETttjyolf/Hh7O6as 0trQ1N8yM2s7R89qPxi/XjXnWsx2bq+YLT+jLJWREIbCgteLpaeyMyXvOM85GFb04GGU jQDoqspL34obtgvdIyp6lDywi9Zb+pgm4E9tLBnrtiRlNzcYLiRloohdtdOmsdfhYKB2 UAjksTu15rrUeEaCcuamyKvqFWuF5Uxabs2Ji7rvCfPclQJp7AP7g+cgGiKuuHaw8U0K qrvnB9pu16MUqcSzc845I5v2wSyndgKnWJ6WjJmh2qdKLnEXudfQkXqpjI7xUjcTKC9V go6Q== X-Forwarded-Encrypted: i=1; AFNElJ9yCbhtpnHwddFXneXj46UV5EXEKpJEq6Mk38M15rq9L1s7xbhkR+JAetpY6EpGVf/5PhTbGuE+aTHcgJ4=@vger.kernel.org X-Gm-Message-State: AOJu0YxXYaf5Z0NFDJLYwi386CV530ulFMXgknovXZa+CjEhWEVBVMeb JnU0D3SizOH3X9A+AAHpsFTagQxk3HCmeyJS/VBa5fugDKAte+kJ9Adx8tJa4PWtITjoSNQopBs 4qoCZoHHqNQ== X-Gm-Gg: Acq92OHNwu2op+R2rBGdgEGb0RTIcGz3TavJIMMN7mCnN6H6DzGuqF7rS+IWn7q2LVl lYGRHcXEOTkp+IoXqDXDu3NpeZ8Ol7NqFBrMmckpg8C/d4cMenqdBeKtPdf4gR97tWCq5PHd7g9 CQ08If8GnDSXzrKzjqEKFq7eGRE/UV4M0LhGTkAnEitueklKCMEFbScd3crn8Cq6oiDHr4CgN00 E5xzd3zRMbvytjE/17g1Is2+cUvZUN3lG22bWa1u6nefv6qtf9wmw7+k5wbzn0w4e+BaaN2ePSA ulIVvszrxA0qStLqIn8nMqTsZCl3pZY0nPK0ZV9slRSAmPKtEqpt9wdcmE6UR6rJXrLoLWEgY9i KVfqfnPdLcrfftJHi0KiJeGwHwOB+aGj9EweiSa4q5cO4AWumzN2v2o+b/av9SVTdejjnQla/gh 7igGtt8Kae X-Received: by 2002:a05:6a21:3390:b0:39f:94cb:1bc with SMTP id adf61e73a8af0-3aa5a901f0amr27108324637.1.1778496406048; Mon, 11 May 2026 03:46:46 -0700 (PDT) Received: from localhost ([2400:8902:e002:de3f:344e:4435:2c77:3920]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-839679c861esm24927599b3a.30.2026.05.11.03.46.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 03:46:45 -0700 (PDT) From: WANG Rui To: Huacai Chen , Ard Biesheuvel Cc: WANG Xuerui , Ilias Apalodimas , Haiyong Sun , Lisa Robinson , loongarch@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, WANG Rui , Huacai Chen Subject: [PATCH v5 3/3] LoongArch: Avoid initrd overlap during kernel relocation Date: Mon, 11 May 2026 18:45:55 +0800 Message-ID: <20260511104555.196270-4-r@hev.cc> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260511104555.196270-1-r@hev.cc> References: <20260511104555.196270-1-r@hev.cc> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Validate the relocation address against the initrd region specified via "initrd=3D" or "initrdmem=3D" on the command line. Reject relocation targets that overlap the initrd to prevent memory corruption during early boot. Acked-by: Ard Biesheuvel Co-authored-by: Huacai Chen Signed-off-by: WANG Rui Signed-off-by: Huacai Chen --- arch/loongarch/kernel/relocate.c | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/arch/loongarch/kernel/relocate.c b/arch/loongarch/kernel/reloc= ate.c index 0a045964fad5..4b61a9632a98 100644 --- a/arch/loongarch/kernel/relocate.c +++ b/arch/loongarch/kernel/relocate.c @@ -222,14 +222,52 @@ static inline void __init *determine_relocation_addre= ss(void) return RELOCATED_KASLR(destination); } =20 +static unsigned long __init determine_initrd_address(unsigned long *size) +{ + unsigned long start =3D 0; + unsigned long key_length; + char *p, *endp, *key =3D "initrd=3D"; + + key_length =3D strlen(key); + p =3D strstr(boot_command_line, key); + + if (!p) { + key =3D "initrdmem=3D"; + key_length =3D strlen(key); + p =3D strstr(boot_command_line, key); + } + + if (p =3D=3D boot_command_line || (p > boot_command_line && *(p - 1) =3D= =3D ' ')) { + p +=3D key_length; + start =3D memparse(p, &endp); + if (*endp =3D=3D ',') + *size =3D memparse(endp + 1, NULL); + } + + return start; +} + static inline int __init relocation_addr_valid(void *location_new) { + unsigned long kernel_start, kernel_size; + unsigned long initrd_start, initrd_size =3D 0; + if ((unsigned long)location_new & 0x00000ffff) return 0; /* Inappropriately aligned new location */ =20 if ((unsigned long)location_new < (unsigned long)_end) return 0; /* New location overlaps original kernel */ =20 + initrd_start =3D determine_initrd_address(&initrd_size); + if (initrd_start && initrd_size) { + kernel_start =3D PHYSADDR(location_new); + kernel_size =3D (unsigned long)_end - (unsigned long)_text; + + if (kernel_start < (initrd_start + initrd_size) && + initrd_start < (kernel_start + kernel_size)) + return 0; /* initrd/initramfs overlaps kernel */ + } + return 1; } #endif --=20 2.54.0