From: Felix Fu fuzhen5@huawei.com
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8RJ1I CVE: NA
--------------------------------
allow users to mark at most 4 regions as not available for kaslr
Signed-off-by: Felix Fu fuzhen5@huawei.com --- drivers/firmware/efi/libstub/arm64-stub.c | 44 ++++++++++++++++++- .../firmware/efi/libstub/efi-stub-helper.c | 7 ++- drivers/firmware/efi/libstub/efistub.h | 3 ++ 3 files changed, 52 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index ca54333ece32..e71dc57daa99 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -18,11 +18,19 @@ #define MAX_MEMMAP_REGIONS 32 #endif
+#ifdef CONFIG_NOKASLR_MEM_RANGE +#define MAX_MEM_NOKASLR_REGIONS 4 +#endif + #if defined CONFIG_UEFI_KASLR_SKIP_MEMMAP || defined(CONFIG_NOKASLR_MEM_RANGE) enum mem_avoid_index { #if defined CONFIG_UEFI_KASLR_SKIP_MEMMAP MAX_MEMMAP_REGIONS_BEGIN = 0, MAX_MEMMAP_REGIONS_END = MAX_MEMMAP_REGIONS_BEGIN + MAX_MEMMAP_REGIONS - 1, +#endif +#ifdef CONFIG_NOKASLR_MEM_RANGE + MEM_AVOID_MEM_NOKASLR_BEGIN, + MEM_AVOID_MEM_NOKASLR_END = MEM_AVOID_MEM_NOKASLR_BEGIN + MAX_MEM_NOKASLR_REGIONS - 1, #endif MEM_AVOID_MAX, }; @@ -103,7 +111,7 @@ unsigned long cal_slots_avoid_overlap(efi_memory_desc_t *md, unsigned long size, } }
- /* Clip off the overlapping region and start over. */ + /* Clip off the overlapping region and start over.*/ region.start = overlap.start + overlap.size; }
@@ -145,6 +153,40 @@ void mem_avoid_memmap(char *str) } #endif
+#if defined CONFIG_NOKASLR_MEM_RANGE +void mem_avoid_mem_nokaslr(char *str) +{ + int i = 0; + + while (str && (i < MAX_MEM_NOKASLR_REGIONS)) { + char *oldstr; + u64 start, end; + char *k = strchr(str, ','); + + if (k) + *k++ = 0; + + oldstr = str; + start = memparse(str, &str); + if (str == oldstr || *str != '-') { + efi_warn("nokaslr values error.\n"); + break; + } + + end = memparse(str + 1, &str); + if (start >= end) { + efi_warn("nokaslr values error, start should be less than end.\n"); + break; + } + + mem_avoid[MEM_AVOID_MEM_NOKASLR_BEGIN + i].start = start; + mem_avoid[MEM_AVOID_MEM_NOKASLR_BEGIN + i].size = end - start; + str = k; + i++; + } +} +#endif + efi_status_t handle_kernel_image(unsigned long *image_addr, unsigned long *image_size, unsigned long *reserve_addr, diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 70ae49aefbee..37c80be133f6 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -68,7 +68,12 @@ efi_status_t efi_parse_options(char const *cmdline) break;
if (!strcmp(param, "nokaslr")) { - efi_nokaslr = true; +#if defined(CONFIG_NOKASLR_MEM_RANGE) && defined(CONFIG_ARM64) + if (val) + mem_avoid_mem_nokaslr(val); + else +#endif + efi_nokaslr = true; } else if (!strcmp(param, "quiet")) { efi_loglevel = CONSOLE_LOGLEVEL_QUIET; } else if (!strcmp(param, "noinitrd")) { diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index 344b38b0cee8..ff79a01d145c 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -1010,6 +1010,9 @@ unsigned long cal_slots_avoid_overlap(efi_memory_desc_t *md, unsigned long size, #if defined CONFIG_UEFI_KASLR_SKIP_MEMMAP void mem_avoid_memmap(char *str); #endif +#if defined CONFIG_NOKASLR_MEM_RANGE && defined(CONFIG_ARM64) +void mem_avoid_mem_nokaslr(char *str); +#endif
efi_status_t efi_setup_gop(struct screen_info *si, efi_guid_t *proto, unsigned long size);