Re: port-amd64/58366: KASLR broken

To: port-amd64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,logix%foobar.franken.de@localhost
Subject: Re: port-amd64/58366: KASLR broken
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Tue, 25 Jun 2024 13:40:01 +0000 (UTC)

The following reply was made to PR port-amd64/58366; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: logix%foobar.franken.de@localhost
Cc: gnats-bugs%NetBSD.org@localhost, port-amd64-maintainer%NetBSD.org@localhost,
	gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: port-amd64/58366: KASLR broken
Date: Tue, 25 Jun 2024 13:36:07 +0000

 This is a multi-part message in MIME format.
 --=_fvz4bw6Sgb7EvIjKFB6Nr1oMeWUc8Daj
 
 Can you please try the attached patch?
 
 --=_fvz4bw6Sgb7EvIjKFB6Nr1oMeWUc8Daj
 Content-Type: text/plain; charset="ISO-8859-1"; name="pr58366-rndseedkaslr"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: attachment; filename="pr58366-rndseedkaslr.patch"
 
 From ed2bcd44cce72438419b29c38717a205e311a60e Mon Sep 17 00:00:00 2001
 From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
 Date: Tue, 25 Jun 2024 12:18:59 +0000
 Subject: [PATCH] x86: Defer x86_rndseed until after pmap_bootstrap.
 
 Loading the random seed, which is what x86_rndseed does, requires
 direct map access on KASLR kernels, which requires pmap_bootstrap to
 have run.
 
 This had been broken in
 
 amd64/machdep.c 1.359
 i386/machdep.c 1.832
 
 because we apparently don't have any automatic test setup for KASLR
 kernels, which we should address.
 
 This change shouldn't cause any security regression on kernels that
 previously owrked, because none of the logic that now happens before
 x86_rndseed uses the entropy pool anyway (uvm_md_init,
 init_x86_clusters, xen_parse_cmdline, .
 
 PR port-amd64/58366
 ---
  sys/arch/amd64/amd64/machdep.c | 25 ++++++++++++++++---------
  sys/arch/i386/i386/machdep.c   | 25 ++++++++++++++++---------
  2 files changed, 32 insertions(+), 18 deletions(-)
 
 diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
 index bc91a3595ae5..b77bcf98c4c9 100644
 --- a/sys/arch/amd64/amd64/machdep.c
 +++ b/sys/arch/amd64/amd64/machdep.c
 @@ -1754,15 +1754,6 @@ init_x86_64(paddr_t first_avail)
 =20
  	consinit();	/* XXX SHOULD NOT BE DONE HERE */
 =20
 -	/*
 -	 * Initialize RNG to get entropy ASAP either from CPU
 -	 * RDRAND/RDSEED or from seed on disk.  Must happen after
 -	 * cpu_init_msrs.  Prefer to happen after consinit so we have
 -	 * the opportunity to print useful feedback.
 -	 */
 -	cpu_rng_init();
 -	x86_rndseed();
 -
  	/*
  	 * Initialize PAGE_SIZE-dependent variables.
  	 */
 @@ -1803,6 +1794,22 @@ init_x86_64(paddr_t first_avail)
  	 */
  	pmap_bootstrap(VM_MIN_KERNEL_ADDRESS);
 =20
 +	/*
 +	 * Initialize RNG to get entropy ASAP either from CPU
 +	 * RDRAND/RDSEED or from seed on disk.  Constraints:
 +	 *
 +	 * - Must happen after cpu_init_msrs so that curcpu() and
 +	 *   curlwp work.
 +	 *
 +	 * - Must happen after consinit so we have the opportunity to
 +	 *   print useful feedback.
 +	 *
 +	 * - On KASLR kernels, must happen after pmap_bootstrap because
 +	 *   x86_rndseed requires access to the direct map.
 +	 */
 +	cpu_rng_init();
 +	x86_rndseed();
 +
  #ifndef XENPV
  	/* Internalize the physical pages into the VM system. */
  	init_x86_vm(avail_start);
 diff --git a/sys/arch/i386/i386/machdep.c b/sys/arch/i386/i386/machdep.c
 index f176330f9d64..dd46efb6afe4 100644
 --- a/sys/arch/i386/i386/machdep.c
 +++ b/sys/arch/i386/i386/machdep.c
 @@ -1280,15 +1280,6 @@ init386(paddr_t first_avail)
 =20
  	consinit();	/* XXX SHOULD NOT BE DONE HERE */
 =20
 -	/*
 -	 * Initialize RNG to get entropy ASAP either from CPU
 -	 * RDRAND/RDSEED or from seed on disk.  Must happen after
 -	 * cpu_init_msrs.  Prefer to happen after consinit so we have
 -	 * the opportunity to print useful feedback.
 -	 */
 -	cpu_rng_init();
 -	x86_rndseed();
 -
  #ifdef DEBUG_MEMLOAD
  	printf("mem_cluster_count: %d\n", mem_cluster_cnt);
  #endif
 @@ -1299,6 +1290,22 @@ init386(paddr_t first_avail)
  	 */
  	pmap_bootstrap((vaddr_t)atdevbase + IOM_SIZE);
 =20
 +	/*
 +	 * Initialize RNG to get entropy ASAP either from CPU
 +	 * RDRAND/RDSEED or from seed on disk.  Constraints:
 +	 *
 +	 * - Must happen after cpu_init_msrs so that curcpu() and
 +	 *   curlwp work.
 +	 *
 +	 * - Must happen after consinit so we have the opportunity to
 +	 *   print useful feedback.
 +	 *
 +	 * - On KASLR kernels, must happen after pmap_bootstrap because
 +	 *   x86_rndseed requires access to the direct map.
 +	 */
 +	cpu_rng_init();
 +	x86_rndseed();
 +
  #ifndef XENPV
  	/* Initialize the memory clusters. */
  	init_x86_clusters();
 
 --=_fvz4bw6Sgb7EvIjKFB6Nr1oMeWUc8Daj--

Prev by Date: Re: port-amd64/58366: KASLR broken
Next by Date: kern/58370: Do not disable ALTINST for VIA C7 and above CPUs
Previous by Thread: Re: port-amd64/58366: KASLR broken
Next by Thread: Re: port-amd64/58366: KASLR broken
Indexes:

Home | Main Index | Thread Index | Old Index