diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index eb7334370cfe33612983cbb96c381f2d8ecfaa54..cae54a9bf65df9dcd099bfac63777e2b4b6eadc1 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2111,6 +2111,16 @@ config RANDOMIZE_MODULE_REGION_FULL a limited range that contains the [_stext, _etext] interval of the core kernel, so branch relocations are always in range. +config UEFI_KASLR_SKIP_MEMMAP + bool "Skip the memmap address when randomize the kernel image" + depends on RANDOMIZE_BASE + default n + help + In some cases we hopes to reserve memory by memmap for other + features, the reserved memory may conflict with the kernel + image, so we need skip the memmap reserved memory when randomize + the kernel image to avoid it. + config CC_HAVE_STACKPROTECTOR_SYSREG def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index 1233ce00c72cf8811c2d5930b6a514aab775b13f..1c45bb8694bccd5c18616e0f44dd76cd66fe45b4 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -548,6 +548,7 @@ CONFIG_ARM64_PSEUDO_NMI=y CONFIG_RELOCATABLE=y CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_UEFI_KASLR_SKIP_MEMMAP=y CONFIG_NOKASLR_MEM_RANGE=y CONFIG_CC_HAVE_STACKPROTECTOR_SYSREG=y CONFIG_STACKPROTECTOR_PER_TASK=y diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h index 3a68772a63fb6f5ec066c874398478e0fb962c92..89c8365e1998d1fd61f194bcb2930895b1b248c0 100644 --- a/arch/arm64/kernel/image-vars.h +++ b/arch/arm64/kernel/image-vars.h @@ -32,7 +32,9 @@ __efistub_strnlen = __pi_strnlen; __efistub_strcmp = __pi_strcmp; __efistub_strncmp = __pi_strncmp; __efistub_strrchr = __pi_strrchr; +#if defined(CONFIG_UEFI_KASLR_SKIP_MEMMAP) || defined(CONFIG_NOKASLR_MEM_RANGE) __efistub_strchr = __pi_strchr; +#endif __efistub___clean_dcache_area_poc = __pi___clean_dcache_area_poc; __efistub__text = _text; diff --git a/arch/arm64/lib/strchr.S b/arch/arm64/lib/strchr.S index 5893ad8d448487a620206059bbbb976e81b0e74d..21fb7039dba36de1d7b1e2dbc200bfe91487f62e 100644 --- a/arch/arm64/lib/strchr.S +++ b/arch/arm64/lib/strchr.S @@ -18,7 +18,11 @@ * Returns: * x0 - address of first occurrence of 'c' or 0 */ +#if defined(CONFIG_UEFI_KASLR_SKIP_MEMMAP) || defined(CONFIG_NOKASLR_MEM_RANGE) SYM_FUNC_START_WEAK_PI(strchr) +#else +SYM_FUNC_START_WEAK(strchr) +#endif and w1, w1, #0xff 1: ldrb w2, [x0], #1 cmp w2, w1 @@ -28,5 +32,9 @@ SYM_FUNC_START_WEAK_PI(strchr) cmp w2, w1 csel x0, x0, xzr, eq ret +#if defined(CONFIG_UEFI_KASLR_SKIP_MEMMAP) || defined(CONFIG_NOKASLR_MEM_RANGE) SYM_FUNC_END_PI(strchr) +#else +SYM_FUNC_END(strchr) +#endif EXPORT_SYMBOL_NOKASAN(strchr) diff --git a/drivers/firmware/efi/libstub/arm64-stub.c b/drivers/firmware/efi/libstub/arm64-stub.c index d6b48ad59d949c99f3ed42d996325b1c7bbaf183..5a8704176c4c537dd16cd9f33fb06a166b660f07 100644 --- a/drivers/firmware/efi/libstub/arm64-stub.c +++ b/drivers/firmware/efi/libstub/arm64-stub.c @@ -15,6 +15,7 @@ #include "efistub.h" +#ifdef CONFIG_UEFI_KASLR_SKIP_MEMMAP #define MAX_MEMMAP_REGIONS 32 struct mem_vector { @@ -103,6 +104,7 @@ void free_avoid_memmap(void) efi_free(mem_avoid[i].size, mem_avoid[i].start); } } +#endif #ifdef CONFIG_NOKASLR_MEM_RANGE #define MAX_MEM_NOKASLR_REGIONS 4 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index dc3fbd0914f5bced93dfad9ad21994516fe3bfc7..cbeac12e6662c3d61e42beaf43b756b1c29d803a 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -238,8 +238,10 @@ efi_status_t efi_parse_options(char const *cmdline) } else if (!strcmp(param, "video") && val && strstarts(val, "efifb:")) { efi_parse_option_graphics(val + strlen("efifb:")); +#ifdef CONFIG_UEFI_KASLR_SKIP_MEMMAP } else if (!strcmp(param, "memmap") && val) { efi_parse_option_memmap(val); +#endif } else if (!strcmp(param, "pbha")) { efi_pbha = true; } diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c index 96129f0fc60e3221abea4820b9e66e01a11ceb78..66f1f9b93b0de7aa03cac9f06fd93c41b1bfd5d5 100644 --- a/drivers/firmware/efi/libstub/efi-stub.c +++ b/drivers/firmware/efi/libstub/efi-stub.c @@ -204,7 +204,9 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, si = setup_graphics(); +#ifdef CONFIG_UEFI_KASLR_SKIP_MEMMAP mem_avoid_memmap(); +#endif status = handle_kernel_image(&image_addr, &image_size, &reserve_addr, @@ -323,7 +325,9 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, efi_free(image_size, image_addr); efi_free(reserve_size, reserve_addr); fail_free_screeninfo: +#ifdef CONFIG_UEFI_KASLR_SKIP_MEMMAP free_avoid_memmap(); +#endif free_screen_info(si); fail_free_cmdline: efi_bs_call(free_pool, cmdline_ptr); diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index ee4c57a285e7aceeed54b1d44da7191d34241d81..8dfd83427d2f047a280669fbe2fd4171f0bc450d 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -828,14 +828,10 @@ efi_status_t efi_parse_options(char const *cmdline); void efi_parse_option_graphics(char *option); -#ifdef CONFIG_ARM64 +#ifdef CONFIG_UEFI_KASLR_SKIP_MEMMAP void efi_parse_option_memmap(const char *str); void mem_avoid_memmap(void); void free_avoid_memmap(void); -#else -static inline void efi_parse_option_memmap(const char *str) { } -static inline void mem_avoid_memmap(void) { } -static inline void free_avoid_memmap(void) { } #endif #if defined(CONFIG_NOKASLR_MEM_RANGE) && defined(CONFIG_ARM64) diff --git a/drivers/firmware/efi/libstub/string.c b/drivers/firmware/efi/libstub/string.c index 006c9f0a8e0c7b71d8dae9e9dfa6095fa8a1397b..8503101f66a361700210315fac439903f871520b 100644 --- a/drivers/firmware/efi/libstub/string.c +++ b/drivers/firmware/efi/libstub/string.c @@ -114,6 +114,7 @@ long simple_strtol(const char *cp, char **endp, unsigned int base) return simple_strtoull(cp, endp, base); } +#if defined(CONFIG_UEFI_KASLR_SKIP_MEMMAP) || defined(CONFIG_NOKASLR_MEM_RANGE) #ifndef __HAVE_ARCH_STRCHR /** * strchr - Find the first occurrence of a character in a string @@ -131,3 +132,4 @@ char *strchr(const char *s, int c) return (char *)s; } #endif +#endif