From: AKASHI Takahiro takahiro.akashi@linaro.org
Adding "kaslr-seed" to dtb enables triggering kaslr, or kernel virtual address randomization, at secondary kernel boot. We always do this as it will have no harm on kaslr-incapable kernel.
We don't have any "switch" to turn off this feature directly, but still can suppress it by passing "nokaslr" as a kernel boot argument.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org Cc: Catalin Marinas catalin.marinas@arm.com Cc: Will Deacon will.deacon@arm.com [will: Use rng_is_initialized()] Signed-off-by: Will Deacon will.deacon@arm.com --- arch/arm64/kernel/machine_kexec_file.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c index 7e9d5ed3e238..0972c6d2c5bb 100644 --- a/arch/arm64/kernel/machine_kexec_file.c +++ b/arch/arm64/kernel/machine_kexec_file.c @@ -16,6 +16,7 @@ #include <linux/libfdt.h> #include <linux/memblock.h> #include <linux/of_fdt.h> +#include <linux/random.h> #include <linux/string.h> #include <linux/types.h> #include <asm/byteorder.h> @@ -24,6 +25,7 @@ #define FDT_PSTR_INITRD_STA "linux,initrd-start" #define FDT_PSTR_INITRD_END "linux,initrd-end" #define FDT_PSTR_BOOTARGS "bootargs" +#define FDT_PSTR_KASLR_SEED "kaslr-seed"
const struct kexec_file_ops * const kexec_file_loaders[] = { &kexec_image_ops, @@ -82,11 +84,26 @@ static int setup_dtb(struct kimage *image, return -EINVAL; }
+ /* add kaslr-seed */ + ret = fdt_delprop(dtb, nodeoffset, FDT_PSTR_KASLR_SEED); + if (ret && (ret != -FDT_ERR_NOTFOUND)) + return -EINVAL; + + if (rng_is_initialized()) { + u64 r = get_random_u64(); + ret = fdt_setprop_u64(dtb, nodeoffset, FDT_PSTR_KASLR_SEED, r); + if (ret) + return (ret == -FDT_ERR_NOSPACE ? -ENOMEM : -EINVAL); + } else { + pr_notice("RNG is not initialised: omitting "%s" property\n", + FDT_PSTR_KASLR_SEED); + } + return 0; }
/* - * More space needed so that we can add initrd and bootargs. + * More space needed so that we can add initrd, bootargs and kaslr-seed. */ #define DTB_EXTRA_SPACE 0x1000