diff options
Diffstat (limited to 'common/recipes-kernel/linux/linux-yocto-4.9.21/0009-x86-KASLR-Fix-kexec-kernel-boot-crash-when-KASLR-ran.patch')
-rw-r--r-- | common/recipes-kernel/linux/linux-yocto-4.9.21/0009-x86-KASLR-Fix-kexec-kernel-boot-crash-when-KASLR-ran.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/common/recipes-kernel/linux/linux-yocto-4.9.21/0009-x86-KASLR-Fix-kexec-kernel-boot-crash-when-KASLR-ran.patch b/common/recipes-kernel/linux/linux-yocto-4.9.21/0009-x86-KASLR-Fix-kexec-kernel-boot-crash-when-KASLR-ran.patch new file mode 100644 index 00000000..1e9973e7 --- /dev/null +++ b/common/recipes-kernel/linux/linux-yocto-4.9.21/0009-x86-KASLR-Fix-kexec-kernel-boot-crash-when-KASLR-ran.patch @@ -0,0 +1,79 @@ +From 29fa51519ae0978980c8fc154eba5b244ad7980f Mon Sep 17 00:00:00 2001 +From: Baoquan He <bhe@redhat.com> +Date: Thu, 27 Apr 2017 15:42:20 +0800 +Subject: [PATCH 09/93] x86/KASLR: Fix kexec kernel boot crash when KASLR + randomization fails + +[ Upstream commit da63b6b20077469bd6bd96e07991ce145fc4fbc4 ] + +Dave found that a kdump kernel with KASLR enabled will reset to the BIOS +immediately if physical randomization failed to find a new position for +the kernel. A kernel with the 'nokaslr' option works in this case. + +The reason is that KASLR will install a new page table for the identity +mapping, while it missed building it for the original kernel location +if KASLR physical randomization fails. + +This only happens in the kexec/kdump kernel, because the identity mapping +has been built for kexec/kdump in the 1st kernel for the whole memory by +calling init_pgtable(). Here if physical randomizaiton fails, it won't build +the identity mapping for the original area of the kernel but change to a +new page table '_pgtable'. Then the kernel will triple fault immediately +caused by no identity mappings. + +The normal kernel won't see this bug, because it comes here via startup_32() +and CR3 will be set to _pgtable already. In startup_32() the identity +mapping is built for the 0~4G area. In KASLR we just append to the existing +area instead of entirely overwriting it for on-demand identity mapping +building. So the identity mapping for the original area of kernel is still +there. + +To fix it we just switch to the new identity mapping page table when physical +KASLR succeeds. Otherwise we keep the old page table unchanged just like +"nokaslr" does. + +Signed-off-by: Baoquan He <bhe@redhat.com> +Signed-off-by: Dave Young <dyoung@redhat.com> +Acked-by: Kees Cook <keescook@chromium.org> +Cc: Borislav Petkov <bp@suse.de> +Cc: Dave Jiang <dave.jiang@intel.com> +Cc: Linus Torvalds <torvalds@linux-foundation.org> +Cc: Peter Zijlstra <peterz@infradead.org> +Cc: Thomas Garnier <thgarnie@google.com> +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: Yinghai Lu <yinghai@kernel.org> +Link: http://lkml.kernel.org/r/1493278940-5885-1-git-send-email-bhe@redhat.com +Signed-off-by: Ingo Molnar <mingo@kernel.org> +Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + arch/x86/boot/compressed/kaslr.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c +index a66854d..af42b4d 100644 +--- a/arch/x86/boot/compressed/kaslr.c ++++ b/arch/x86/boot/compressed/kaslr.c +@@ -463,10 +463,17 @@ void choose_random_location(unsigned long input, + add_identity_map(random_addr, output_size); + *output = random_addr; + } ++ ++ /* ++ * This loads the identity mapping page table. ++ * This should only be done if a new physical address ++ * is found for the kernel, otherwise we should keep ++ * the old page table to make it be like the "nokaslr" ++ * case. ++ */ ++ finalize_identity_maps(); + } + +- /* This actually loads the identity pagetable on x86_64. */ +- finalize_identity_maps(); + + /* Pick random virtual address starting from LOAD_PHYSICAL_ADDR. */ + if (IS_ENABLED(CONFIG_X86_64)) +-- +2.7.4 + |