提交 884143f6 编写于 作者: A AKASHI Takahiro 提交者: Will Deacon

arm64: kexec_file: add kaslr support

Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual
address randomization, at secondary kernel boot. We always do this as
it will have no harm on kaslr-incapable kernel.

We don't have any "switch" to turn off this feature directly, but still
can suppress it by passing "nokaslr" as a kernel boot argument.
Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
[will: Use rng_is_initialized()]
Signed-off-by: NWill Deacon <will.deacon@arm.com>
上级 732b7b93
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
#include <linux/libfdt.h> #include <linux/libfdt.h>
#include <linux/memblock.h> #include <linux/memblock.h>
#include <linux/of_fdt.h> #include <linux/of_fdt.h>
#include <linux/random.h>
#include <linux/string.h> #include <linux/string.h>
#include <linux/types.h> #include <linux/types.h>
#include <asm/byteorder.h> #include <asm/byteorder.h>
...@@ -24,6 +25,7 @@ ...@@ -24,6 +25,7 @@
#define FDT_PSTR_INITRD_STA "linux,initrd-start" #define FDT_PSTR_INITRD_STA "linux,initrd-start"
#define FDT_PSTR_INITRD_END "linux,initrd-end" #define FDT_PSTR_INITRD_END "linux,initrd-end"
#define FDT_PSTR_BOOTARGS "bootargs" #define FDT_PSTR_BOOTARGS "bootargs"
#define FDT_PSTR_KASLR_SEED "kaslr-seed"
const struct kexec_file_ops * const kexec_file_loaders[] = { const struct kexec_file_ops * const kexec_file_loaders[] = {
&kexec_image_ops, &kexec_image_ops,
...@@ -82,11 +84,26 @@ static int setup_dtb(struct kimage *image, ...@@ -82,11 +84,26 @@ static int setup_dtb(struct kimage *image,
return -EINVAL; return -EINVAL;
} }
/* add kaslr-seed */
ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED);
if (ret && (ret != -FDT_ERR_NOTFOUND))
return -EINVAL;
if (rng_is_initialized()) {
u64 r = get_random_u64();
ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED, r);
if (ret)
return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL);
} else {
pr_notice("RNG is not initialised: omitting \"%s\" property\n",
FDT_PSTR_KASLR_SEED);
}
return 0; return 0;
} }
/* /*
* More space needed so that we can add initrd and bootargs. * More space needed so that we can add initrd, bootargs and kaslr-seed.
*/ */
#define DTB_EXTRA_SPACE 0x1000 #define DTB_EXTRA_SPACE 0x1000
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册