| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201119162543.78001-1-dbrazdil@google.com>
Date: Thu, 19 Nov 2020 16:25:37 +0000
From: David Brazdil <dbrazdil@...gle.com>
To: kvmarm@...ts.cs.columbia.edu
Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
Marc Zyngier <maz@...nel.org>,
James Morse <james.morse@....com>,
Julien Thierry <julien.thierry.kdev@...il.com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Andrew Scull <ascull@...gle.com>,
Ard Biesheuvel <ardb@...nel.org>, kernel-team@...roid.com,
David Brazdil <dbrazdil@...gle.com>
Subject: [RFC PATCH 0/6] kvm: arm64: Fix up hyp relocations
Hi,
KVM nVHE hyp code runs under different VA mapping than the kernel, which
meant that .hyp.text code had to use PC-relative addressing because
relocations would produce a kernel VA. Programmers had to be extremely
careful with C semantics to not break this fragile setup. See
hyp_symbol_addr comments for details.
Now that we're moving to all nVHE hyp code/data being in separate ELF
sections from the rest of the kernel, it is becoming possible to revisit
relocations during early boot, filter those used by nVHE hyp and
converting those (already relocated) kern VAs to hyp VAs.
Sending this as an RFC, mainly to get feedback but also because it's
only lightly tested. It still feels hacky but much more robust than the
existing approach. The one place where I see somebody breaking this is
the list of ELF sections owned by ELF. That list is currently evolving
but should stabilize over time.
The patches are based on kvmarm/queue (with Marc's "Host EL2 entry
improvements") and my "Opt-in always-on nVHE hypervisor" v2 series.
-David
David Brazdil (6):
kvm: arm64: Set up .hyp.rodata ELF section
kvm: arm64: Fix up RELA relocations in hyp code/data
kvm: arm64: Fix up RELR relocation in hyp code/data
kvm: arm64: Remove patching of fn pointers in hyp
kvm: arm64: Fix constant-pool users in hyp
kvm: arm64: Remove hyp_symbol_addr
arch/arm64/include/asm/kvm_asm.h | 20 ----
arch/arm64/include/asm/kvm_mmu.h | 48 ++++-----
arch/arm64/include/asm/sections.h | 2 +-
arch/arm64/kernel/image-vars.h | 1 -
arch/arm64/kernel/smp.c | 4 +-
arch/arm64/kernel/vmlinux.lds.S | 7 +-
arch/arm64/kvm/arm.c | 7 +-
arch/arm64/kvm/hyp/include/hyp/switch.h | 4 +-
arch/arm64/kvm/hyp/nvhe/host.S | 29 +++---
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 11 +-
arch/arm64/kvm/hyp/nvhe/hyp-smp.c | 4 +-
arch/arm64/kvm/hyp/nvhe/hyp.lds.S | 1 +
arch/arm64/kvm/hyp/nvhe/psci-relay.c | 4 +-
arch/arm64/kvm/hyp/vgic-v2-cpuif-proxy.c | 2 +-
arch/arm64/kvm/va_layout.c | 123 +++++++++++++++++++++--
15 files changed, 175 insertions(+), 92 deletions(-)
--
2.29.2.299.gdc1121823c-goog
Powered by blists - more mailing lists