Commit c3d1c3ac authored by Jason Yan's avatar Jason Yan Committed by GUO Zihua
Browse files

powerpc/fsl_booke/kaslr: rename kaslr-booke32.rst to kaslr-booke.rst and add 64bit part 

maillist inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I8OHAZ
CVE: NA

Reference: https://patchwork.ozlabs.org/project/linuxppc-dev/patch/20200330022023.3691-7-yanaijie@huawei.com/



-------------------------------------------------

Now we support both 32 and 64 bit KASLR for fsl booke. Add document for
64 bit part and rename kaslr-booke32.rst to kaslr-booke.rst.

Signed-off-by: default avatarJason Yan <yanaijie@huawei.com>
Cc: Scott Wood <oss@buserror.net>
Cc: Diana Craciun <diana.craciun@nxp.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: default avatarCui GaoSheng <cuigaosheng1@huawei.com>
Signed-off-by: default avatarGUO Zihua <guozihua@huawei.com>
parent fcd3b483

Documentation/powerpc/index.rst

+1 −1
Original line number Diff line number Diff line
@@ -24,7 +24,7 @@ powerpc 
    hvcs

    imc

    isa-versions

    kaslr-booke32

    kaslr-booke

    mpc52xx

    papr_hcalls

    pci_iov_resource_on_powernv

Documentation/powerpc/kaslr-booke32.rstDocumentation/powerpc/kaslr-booke.rst

+31 −4
Original line number Diff line number Diff line 
.. SPDX-License-Identifier: GPL-2.0



===========================

KASLR for Freescale BookE32

===========================

=========================

KASLR for Freescale BookE

=========================



The word KASLR stands for Kernel Address Space Layout Randomization.



This document tries to explain the implementation of the KASLR for

Freescale BookE32. KASLR is a security feature that deters exploit

Freescale BookE. KASLR is a security feature that deters exploit

attempts relying on knowledge of the location of kernel internals.



KASLR for Freescale BookE32

-------------------------



Since CONFIG_RELOCATABLE has already supported, what we need to do is

map or copy kernel to a proper place and relocate. Freescale Book-E

parts expect lowmem to be mapped by fixed TLB entries(TLB1). The TLB1
@@ -38,5 +41,29 @@ bit of the entropy to decide the index of the 64M zone. Then we chose a 


                              kernstart_virt_addr





KASLR for Freescale BookE64

---------------------------



The implementation for Freescale BookE64 is similar to BookE32. One

difference is that Freescale BookE64 set up a TLB mapping of 1G during

booting. Another difference is that ppc64 needs the kernel to be

64K-aligned. So we can randomize the kernel in this 1G mapping and make

it 64K-aligned. This can save some code to creat another TLB map at early

boot. The disadvantage is that we only have about 1G/64K = 16384 slots to

put the kernel in::



    KERNELBASE



          64K                     |--> kernel <--|

           |                      |              |

        +--+--+--+    +--+--+--+--+--+--+--+--+--+    +--+--+

        |  |  |  |....|  |  |  |  |  |  |  |  |  |....|  |  |

        +--+--+--+    +--+--+--+--+--+--+--+--+--+    +--+--+

        |                         |                        1G

        |----->   offset    <-----|



                              kernstart_virt_addr



To enable KASLR, set CONFIG_RANDOMIZE_BASE = y. If KASLR is enabled and you

want to disable it at runtime, add "nokaslr" to the kernel cmdline.