[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ia64
Subject:    Re: [PATCH 0/2] Add support to relocate kernel image to mirrored region
From:       mawupeng <mawupeng1 () huawei ! com>
Date:       2022-05-24 1:11:59
Message-ID: 262cab19-0bca-a088-77a5-6a41f475f4a4 () huawei ! com
[Download RAW message or body]



在 2022/5/23 22:41, Ard Biesheuvel 写道:
> On Mon, 23 May 2022 at 03:18, mawupeng <mawupeng1@huawei.com> wrote:
> > 
> > 
> > 
> > 在 2022/5/20 14:52, Ard Biesheuvel 写道:
> > > On Thu, 19 May 2022 at 13:09, mawupeng <mawupeng1@huawei.com> wrote:
> > > > 
> > > > 
> > > > 
> > > > 在 2022/5/7 17:28, mawupeng 写道:
> > > > > 
> > > > > 
> > > > > 在 2022/5/3 17:58, Ard Biesheuvel 写道:
> > > > > > On Tue, 19 Apr 2022 at 08:43, Wupeng Ma <mawupeng1@huawei.com> wrote:
> > > > > > > 
> > > > > > > From: Ma Wupeng <mawupeng1@huawei.com>
> > > > > > > 
> > > > > > > Now system image will perfer to be located to mirrored regions both \
> > > > > > > KASLR on and off.
> > > > > > > 
> > > > > > 
> > > > > > Hello Ma Wupeng,
> > > > > > 
> > > > > > I wonder if we could simplify this as follows:
> > > > > > - ignore the non-KASLR case for now, and rely on the bootloader  > load \
> > > > > > the image into mirrored memory if it exists;
> > > > > 
> > > > > In grub, memory for static image is allocated via the following path:
> > > > > 
> > > > > grub_cmd_linux
> > > > > kernel = grub_malloc(filelen)
> > > > > kernel_alloc_addr = grub_efi_allocate_any_pages (kernel_alloc_pages)
> > > > > grub_memcpy (kernel_addr, kernel, grub_min(filelen, kernel_size))
> > > > > grub_loader_set (grub_linux_boot, grub_linux_unload, 0)
> > > > > 
> > > > > Can we get memory from mirrored region by the following steps:
> > > > > 1. get memory map by calling grub_efi_get_memory_map()
> > > > > 2. iter all memory map to find a suitable mirrored memory area
> > > > > 3. locate kernel image to this area
> > > > > 
> > > > > So, if kaslr is not enabled
> > > > > - grub will load kernel into mirrored region
> > > > > else
> > > > > - arm64-stub.c will relocate kernel image to mirrored region
> > > > > 
> > > > > Is this feasible?
> > > > 
> > > > Is this a feasible proposal to relocate the static kernel image itself
> > > > into more reliable memory?
> > > > 
> > > 
> > > I'm not sure, it all depends on the firmware.
> > > 
> > > When GRUB calls LoadImage(), the firmware will reallocate the image
> > > and unpack it there. So it is really the firmware's job to ensure that
> > > the image is loaded into a suitable location.
> > > 
> > > I have some code here that implements a EFI based decompressor, and
> > > which loads the kernel image into mirrored memory if it exists,
> > > without the need to move it again. It could trivially be modified to
> > > deal with non-randomized loads as well.
> > > 
> > > But the bottom line is that UEFI should expose the ability to target
> > > mirrored memory, hacking around it like this is not a sustainable
> > > approach.
> > 
> > Since firmware is responsible for put kernel static image into mirrored
> > region and kernel is responsible for relocate this image into mirrored
> > region if kaslr is enabled. There is no conflict between these two.
> > 
> > Can we integrate the kernel part(introduce mirrored support to arm64) first?
> > 
> 
> Yes. If you drop the changes related to fake memmap and rebase, please
> resend them after -rc1 is released.

Ok, I will drop the changes related to fake memmap and rebase and then
resend them after -rc1 is released.

Thanks for reviewing.

> .


[prev in list] [next in list] [prev in thread] [next in thread]