mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
209 lines
6.2 KiB
209 lines
6.2 KiB
// SPDX-License-Identifier: GPL-2.0 |
|
/* |
|
* Copyright IBM Corp. 2019 |
|
*/ |
|
#include <linux/pgtable.h> |
|
#include <asm/mem_detect.h> |
|
#include <asm/cpacf.h> |
|
#include <asm/timex.h> |
|
#include <asm/sclp.h> |
|
#include <asm/kasan.h> |
|
#include "compressed/decompressor.h" |
|
#include "boot.h" |
|
|
|
#define PRNG_MODE_TDES 1 |
|
#define PRNG_MODE_SHA512 2 |
|
#define PRNG_MODE_TRNG 3 |
|
|
|
struct prno_parm { |
|
u32 res; |
|
u32 reseed_counter; |
|
u64 stream_bytes; |
|
u8 V[112]; |
|
u8 C[112]; |
|
}; |
|
|
|
struct prng_parm { |
|
u8 parm_block[32]; |
|
u32 reseed_counter; |
|
u64 byte_counter; |
|
}; |
|
|
|
static int check_prng(void) |
|
{ |
|
if (!cpacf_query_func(CPACF_KMC, CPACF_KMC_PRNG)) { |
|
sclp_early_printk("KASLR disabled: CPU has no PRNG\n"); |
|
return 0; |
|
} |
|
if (cpacf_query_func(CPACF_PRNO, CPACF_PRNO_TRNG)) |
|
return PRNG_MODE_TRNG; |
|
if (cpacf_query_func(CPACF_PRNO, CPACF_PRNO_SHA512_DRNG_GEN)) |
|
return PRNG_MODE_SHA512; |
|
else |
|
return PRNG_MODE_TDES; |
|
} |
|
|
|
static int get_random(unsigned long limit, unsigned long *value) |
|
{ |
|
struct prng_parm prng = { |
|
/* initial parameter block for tdes mode, copied from libica */ |
|
.parm_block = { |
|
0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52, |
|
0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4, |
|
0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF, |
|
0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0 |
|
}, |
|
}; |
|
unsigned long seed, random; |
|
struct prno_parm prno; |
|
__u64 entropy[4]; |
|
int mode, i; |
|
|
|
mode = check_prng(); |
|
seed = get_tod_clock_fast(); |
|
switch (mode) { |
|
case PRNG_MODE_TRNG: |
|
cpacf_trng(NULL, 0, (u8 *) &random, sizeof(random)); |
|
break; |
|
case PRNG_MODE_SHA512: |
|
cpacf_prno(CPACF_PRNO_SHA512_DRNG_SEED, &prno, NULL, 0, |
|
(u8 *) &seed, sizeof(seed)); |
|
cpacf_prno(CPACF_PRNO_SHA512_DRNG_GEN, &prno, (u8 *) &random, |
|
sizeof(random), NULL, 0); |
|
break; |
|
case PRNG_MODE_TDES: |
|
/* add entropy */ |
|
*(unsigned long *) prng.parm_block ^= seed; |
|
for (i = 0; i < 16; i++) { |
|
cpacf_kmc(CPACF_KMC_PRNG, prng.parm_block, |
|
(u8 *) entropy, (u8 *) entropy, |
|
sizeof(entropy)); |
|
memcpy(prng.parm_block, entropy, sizeof(entropy)); |
|
} |
|
random = seed; |
|
cpacf_kmc(CPACF_KMC_PRNG, prng.parm_block, (u8 *) &random, |
|
(u8 *) &random, sizeof(random)); |
|
break; |
|
default: |
|
return -1; |
|
} |
|
*value = random % limit; |
|
return 0; |
|
} |
|
|
|
/* |
|
* To randomize kernel base address we have to consider several facts: |
|
* 1. physical online memory might not be continuous and have holes. mem_detect |
|
* info contains list of online memory ranges we should consider. |
|
* 2. we have several memory regions which are occupied and we should not |
|
* overlap and destroy them. Currently safe_addr tells us the border below |
|
* which all those occupied regions are. We are safe to use anything above |
|
* safe_addr. |
|
* 3. the upper limit might apply as well, even if memory above that limit is |
|
* online. Currently those limitations are: |
|
* 3.1. Limit set by "mem=" kernel command line option |
|
* 3.2. memory reserved at the end for kasan initialization. |
|
* 4. kernel base address must be aligned to THREAD_SIZE (kernel stack size). |
|
* Which is required for CONFIG_CHECK_STACK. Currently THREAD_SIZE is 4 pages |
|
* (16 pages when the kernel is built with kasan enabled) |
|
* Assumptions: |
|
* 1. kernel size (including .bss size) and upper memory limit are page aligned. |
|
* 2. mem_detect memory region start is THREAD_SIZE aligned / end is PAGE_SIZE |
|
* aligned (in practice memory configurations granularity on z/VM and LPAR |
|
* is 1mb). |
|
* |
|
* To guarantee uniform distribution of kernel base address among all suitable |
|
* addresses we generate random value just once. For that we need to build a |
|
* continuous range in which every value would be suitable. We can build this |
|
* range by simply counting all suitable addresses (let's call them positions) |
|
* which would be valid as kernel base address. To count positions we iterate |
|
* over online memory ranges. For each range which is big enough for the |
|
* kernel image we count all suitable addresses we can put the kernel image at |
|
* that is |
|
* (end - start - kernel_size) / THREAD_SIZE + 1 |
|
* Two functions count_valid_kernel_positions and position_to_address help |
|
* to count positions in memory range given and then convert position back |
|
* to address. |
|
*/ |
|
static unsigned long count_valid_kernel_positions(unsigned long kernel_size, |
|
unsigned long _min, |
|
unsigned long _max) |
|
{ |
|
unsigned long start, end, pos = 0; |
|
int i; |
|
|
|
for_each_mem_detect_block(i, &start, &end) { |
|
if (_min >= end) |
|
continue; |
|
if (start >= _max) |
|
break; |
|
start = max(_min, start); |
|
end = min(_max, end); |
|
if (end - start < kernel_size) |
|
continue; |
|
pos += (end - start - kernel_size) / THREAD_SIZE + 1; |
|
} |
|
|
|
return pos; |
|
} |
|
|
|
static unsigned long position_to_address(unsigned long pos, unsigned long kernel_size, |
|
unsigned long _min, unsigned long _max) |
|
{ |
|
unsigned long start, end; |
|
int i; |
|
|
|
for_each_mem_detect_block(i, &start, &end) { |
|
if (_min >= end) |
|
continue; |
|
if (start >= _max) |
|
break; |
|
start = max(_min, start); |
|
end = min(_max, end); |
|
if (end - start < kernel_size) |
|
continue; |
|
if ((end - start - kernel_size) / THREAD_SIZE + 1 >= pos) |
|
return start + (pos - 1) * THREAD_SIZE; |
|
pos -= (end - start - kernel_size) / THREAD_SIZE + 1; |
|
} |
|
|
|
return 0; |
|
} |
|
|
|
unsigned long get_random_base(unsigned long safe_addr) |
|
{ |
|
unsigned long memory_limit = get_mem_detect_end(); |
|
unsigned long base_pos, max_pos, kernel_size; |
|
unsigned long kasan_needs; |
|
int i; |
|
|
|
memory_limit = min(memory_limit, ident_map_size); |
|
|
|
/* |
|
* Avoid putting kernel in the end of physical memory |
|
* which kasan will use for shadow memory and early pgtable |
|
* mapping allocations. |
|
*/ |
|
memory_limit -= kasan_estimate_memory_needs(memory_limit); |
|
|
|
if (IS_ENABLED(CONFIG_BLK_DEV_INITRD) && INITRD_START && INITRD_SIZE) { |
|
if (safe_addr < INITRD_START + INITRD_SIZE) |
|
safe_addr = INITRD_START + INITRD_SIZE; |
|
} |
|
safe_addr = ALIGN(safe_addr, THREAD_SIZE); |
|
|
|
kernel_size = vmlinux.image_size + vmlinux.bss_size; |
|
if (safe_addr + kernel_size > memory_limit) |
|
return 0; |
|
|
|
max_pos = count_valid_kernel_positions(kernel_size, safe_addr, memory_limit); |
|
if (!max_pos) { |
|
sclp_early_printk("KASLR disabled: not enough memory\n"); |
|
return 0; |
|
} |
|
|
|
/* we need a value in the range [1, base_pos] inclusive */ |
|
if (get_random(max_pos, &base_pos)) |
|
return 0; |
|
return position_to_address(base_pos + 1, kernel_size, safe_addr, memory_limit); |
|
}
|
|
|