s390/mm: Pin identity mapping base to zero

SIE instruction performs faster when the virtual address of
SIE block matches the physical one. Pin the identity mapping
base to zero for the benefit of SIE and other instructions
that have similar performance impact. Still, randomize the
base when DEBUG_VM kernel configuration option is enabled.

Suggested-by: Vasily Gorbik <gor@linux.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index a822f952f64a9c6cafadd3e8b96f905edfcc5829..c60e699e99f5b3614e922dbf87c52c28042e98f6 100644 (file)
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -604,6 +604,19 @@ config RANDOMIZE_BASE
          as a security feature that deters exploit attempts relying on
          knowledge of the location of kernel internals.
 
+config RANDOMIZE_IDENTITY_BASE
+       bool "Randomize the address of the identity mapping base"
+       depends on RANDOMIZE_BASE
+       default DEBUG_VM
+       help
+         The identity mapping base address is pinned to zero by default.
+         Allow randomization of that base to expose otherwise missed
+         notion of physical and virtual addresses of data structures.
+         That does not have any impact on the base address at which the
+         kernel image is loaded.
+
+         If unsure, say N
+
 config KERNEL_IMAGE_BASE
        hex "Kernel image base address"
        range 0x100000 0x1FFFFFE0000000 if !KASAN

diff --git a/arch/s390/boot/startup.c b/arch/s390/boot/startup.c
index ce232552bc1c38684ad8036203041ec9874eb8af..cff34744b5a9bf5c3219120d38a412cfb182477a 100644 (file)
--- a/arch/s390/boot/startup.c
+++ b/arch/s390/boot/startup.c
@@ -341,7 +341,8 @@ static unsigned long setup_kernel_memory_layout(unsigned long kernel_size)
        BUILD_BUG_ON(MAX_DCSS_ADDR > (1UL << MAX_PHYSMEM_BITS));
        max_mappable = max(ident_map_size, MAX_DCSS_ADDR);
        max_mappable = min(max_mappable, vmemmap_start);
-       __identity_base = round_down(vmemmap_start - max_mappable, rte_size);
+       if (IS_ENABLED(CONFIG_RANDOMIZE_IDENTITY_BASE))
+               __identity_base = round_down(vmemmap_start - max_mappable, rte_size);
 
        return asce_limit;
 }