* [PATCH v2] x86: kaslr to avoid setup_data regions
@ 2014-05-14 8:02 Dave Young
2014-05-14 8:13 ` Mateusz Guzik
0 siblings, 1 reply; 4+ messages in thread
From: Dave Young @ 2014-05-14 8:02 UTC (permalink / raw)
To: keescook, hpa, linux-kernel
X86 will pass setup_data region while necessary, these regions could be
overwitten by kernel due to kaslr.
Thus iterate and add setup regions to mem_avoid[] in this patch.
Set max mem avoid entries 32, hopefully it will be enough.
Signed-off-by: Dave Young <dyoung@redhat.com>
---
arch/x86/boot/compressed/aslr.c | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
Index: linux-2.6/arch/x86/boot/compressed/aslr.c
===================================================================
--- linux-2.6.orig/arch/x86/boot/compressed/aslr.c
+++ linux-2.6/arch/x86/boot/compressed/aslr.c
@@ -110,8 +110,9 @@ struct mem_vector {
unsigned long size;
};
-#define MEM_AVOID_MAX 5
+#define MEM_AVOID_MAX 32
static struct mem_vector mem_avoid[MEM_AVOID_MAX];
+static int mem_avoid_nr;
static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
{
@@ -135,6 +136,28 @@ static bool mem_overlaps(struct mem_vect
return true;
}
+static void mem_avoid_setup_data(void)
+{
+ struct setup_data *data;
+ u64 pa_data;
+
+ if (mem_avoid_nr >= MEM_AVOID_MAX) {
+ debug_putstr("KASLR: too many setup_data ranges.\n");
+ return;
+ }
+
+ pa_data = real_mode->hdr.setup_data;
+ while (pa_data) {
+ data = (struct setup_data *)pa_data;
+ if (pa_data < CONFIG_RANDOMIZE_BASE_MAX_OFFSET) {
+ mem_avoid[mem_avoid_nr].start = pa_data;
+ mem_avoid[mem_avoid_nr].size = sizeof(*data) + data->len;
+ mem_avoid_nr++;
+ }
+ pa_data = data->next;
+ }
+}
+
static void mem_avoid_init(unsigned long input, unsigned long input_size,
unsigned long output, unsigned long output_size)
{
@@ -177,6 +200,9 @@ static void mem_avoid_init(unsigned long
/* Avoid stack memory. */
mem_avoid[4].start = (unsigned long)free_mem_end_ptr;
mem_avoid[4].size = BOOT_STACK_SIZE;
+ mem_avoid_nr = 5;
+
+ mem_avoid_setup_data();
}
/* Does this memory vector overlap a known avoided area? */
@@ -184,7 +210,7 @@ static bool mem_avoid_overlap(struct mem
{
int i;
- for (i = 0; i < MEM_AVOID_MAX; i++) {
+ for (i = 0; i < mem_avoid_nr; i++) {
if (mem_overlaps(img, &mem_avoid[i]))
return true;
}
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH v2] x86: kaslr to avoid setup_data regions
2014-05-14 8:02 [PATCH v2] x86: kaslr to avoid setup_data regions Dave Young
@ 2014-05-14 8:13 ` Mateusz Guzik
2014-05-14 8:23 ` Dave Young
0 siblings, 1 reply; 4+ messages in thread
From: Mateusz Guzik @ 2014-05-14 8:13 UTC (permalink / raw)
To: Dave Young; +Cc: keescook, hpa, linux-kernel
On Wed, May 14, 2014 at 04:02:01PM +0800, Dave Young wrote:
> X86 will pass setup_data region while necessary, these regions could be
> overwitten by kernel due to kaslr.
>
> Thus iterate and add setup regions to mem_avoid[] in this patch.
> Set max mem avoid entries 32, hopefully it will be enough.
>
> Signed-off-by: Dave Young <dyoung@redhat.com>
> ---
> arch/x86/boot/compressed/aslr.c | 30 ++++++++++++++++++++++++++++--
> 1 file changed, 28 insertions(+), 2 deletions(-)
>
> Index: linux-2.6/arch/x86/boot/compressed/aslr.c
> ===================================================================
> --- linux-2.6.orig/arch/x86/boot/compressed/aslr.c
> +++ linux-2.6/arch/x86/boot/compressed/aslr.c
> @@ -110,8 +110,9 @@ struct mem_vector {
> unsigned long size;
> };
>
> -#define MEM_AVOID_MAX 5
> +#define MEM_AVOID_MAX 32
> static struct mem_vector mem_avoid[MEM_AVOID_MAX];
> +static int mem_avoid_nr;
>
> static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
> {
> @@ -135,6 +136,28 @@ static bool mem_overlaps(struct mem_vect
> return true;
> }
>
> +static void mem_avoid_setup_data(void)
> +{
> + struct setup_data *data;
> + u64 pa_data;
> +
> + if (mem_avoid_nr >= MEM_AVOID_MAX) {
> + debug_putstr("KASLR: too many setup_data ranges.\n");
> + return;
> + }
> +
> + pa_data = real_mode->hdr.setup_data;
> + while (pa_data) {
> + data = (struct setup_data *)pa_data;
> + if (pa_data < CONFIG_RANDOMIZE_BASE_MAX_OFFSET) {
> + mem_avoid[mem_avoid_nr].start = pa_data;
> + mem_avoid[mem_avoid_nr].size = sizeof(*data) + data->len;
> + mem_avoid_nr++;
> + }
> + pa_data = data->next;
> + }
> +}
> +
I have no idea if this real_mode->hdr.setup_data examination is correct,
so not commenting on that.
What prevents the loop from overflowing the table?
Additinally reaching the limit should at least result in a big fat warning.
--
Mateusz Guzik
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH v2] x86: kaslr to avoid setup_data regions
2014-05-14 8:13 ` Mateusz Guzik
@ 2014-05-14 8:23 ` Dave Young
2014-05-14 9:09 ` Dave Young
0 siblings, 1 reply; 4+ messages in thread
From: Dave Young @ 2014-05-14 8:23 UTC (permalink / raw)
To: Mateusz Guzik; +Cc: keescook, hpa, linux-kernel
On 05/14/14 at 10:13am, Mateusz Guzik wrote:
> On Wed, May 14, 2014 at 04:02:01PM +0800, Dave Young wrote:
> > X86 will pass setup_data region while necessary, these regions could be
> > overwitten by kernel due to kaslr.
> >
> > Thus iterate and add setup regions to mem_avoid[] in this patch.
> > Set max mem avoid entries 32, hopefully it will be enough.
> >
> > Signed-off-by: Dave Young <dyoung@redhat.com>
> > ---
> > arch/x86/boot/compressed/aslr.c | 30 ++++++++++++++++++++++++++++--
> > 1 file changed, 28 insertions(+), 2 deletions(-)
> >
> > Index: linux-2.6/arch/x86/boot/compressed/aslr.c
> > ===================================================================
> > --- linux-2.6.orig/arch/x86/boot/compressed/aslr.c
> > +++ linux-2.6/arch/x86/boot/compressed/aslr.c
> > @@ -110,8 +110,9 @@ struct mem_vector {
> > unsigned long size;
> > };
> >
> > -#define MEM_AVOID_MAX 5
> > +#define MEM_AVOID_MAX 32
> > static struct mem_vector mem_avoid[MEM_AVOID_MAX];
> > +static int mem_avoid_nr;
> >
> > static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
> > {
> > @@ -135,6 +136,28 @@ static bool mem_overlaps(struct mem_vect
> > return true;
> > }
> >
> > +static void mem_avoid_setup_data(void)
> > +{
> > + struct setup_data *data;
> > + u64 pa_data;
> > +
> > + if (mem_avoid_nr >= MEM_AVOID_MAX) {
> > + debug_putstr("KASLR: too many setup_data ranges.\n");
> > + return;
> > + }
> > +
> > + pa_data = real_mode->hdr.setup_data;
> > + while (pa_data) {
> > + data = (struct setup_data *)pa_data;
> > + if (pa_data < CONFIG_RANDOMIZE_BASE_MAX_OFFSET) {
> > + mem_avoid[mem_avoid_nr].start = pa_data;
> > + mem_avoid[mem_avoid_nr].size = sizeof(*data) + data->len;
> > + mem_avoid_nr++;
> > + }
> > + pa_data = data->next;
> > + }
> > +}
> > +
>
> I have no idea if this real_mode->hdr.setup_data examination is correct,
> so not commenting on that.
>
> What prevents the loop from overflowing the table?
Ooooops, the checking should be in the loop instead of our of it.
Will repost. Thanks for catching.
Dave
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH v2] x86: kaslr to avoid setup_data regions
2014-05-14 8:23 ` Dave Young
@ 2014-05-14 9:09 ` Dave Young
0 siblings, 0 replies; 4+ messages in thread
From: Dave Young @ 2014-05-14 9:09 UTC (permalink / raw)
To: Mateusz Guzik; +Cc: keescook, hpa, linux-kernel
On 05/14/14 at 04:23pm, Dave Young wrote:
> On 05/14/14 at 10:13am, Mateusz Guzik wrote:
> > On Wed, May 14, 2014 at 04:02:01PM +0800, Dave Young wrote:
> > > X86 will pass setup_data region while necessary, these regions could be
> > > overwitten by kernel due to kaslr.
> > >
> > > Thus iterate and add setup regions to mem_avoid[] in this patch.
> > > Set max mem avoid entries 32, hopefully it will be enough.
> > >
> > > Signed-off-by: Dave Young <dyoung@redhat.com>
> > > ---
> > > arch/x86/boot/compressed/aslr.c | 30 ++++++++++++++++++++++++++++--
> > > 1 file changed, 28 insertions(+), 2 deletions(-)
> > >
> > > Index: linux-2.6/arch/x86/boot/compressed/aslr.c
> > > ===================================================================
> > > --- linux-2.6.orig/arch/x86/boot/compressed/aslr.c
> > > +++ linux-2.6/arch/x86/boot/compressed/aslr.c
> > > @@ -110,8 +110,9 @@ struct mem_vector {
> > > unsigned long size;
> > > };
> > >
> > > -#define MEM_AVOID_MAX 5
> > > +#define MEM_AVOID_MAX 32
> > > static struct mem_vector mem_avoid[MEM_AVOID_MAX];
> > > +static int mem_avoid_nr;
> > >
> > > static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
> > > {
> > > @@ -135,6 +136,28 @@ static bool mem_overlaps(struct mem_vect
> > > return true;
> > > }
> > >
> > > +static void mem_avoid_setup_data(void)
> > > +{
> > > + struct setup_data *data;
> > > + u64 pa_data;
> > > +
> > > + if (mem_avoid_nr >= MEM_AVOID_MAX) {
> > > + debug_putstr("KASLR: too many setup_data ranges.\n");
> > > + return;
> > > + }
> > > +
> > > + pa_data = real_mode->hdr.setup_data;
> > > + while (pa_data) {
> > > + data = (struct setup_data *)pa_data;
> > > + if (pa_data < CONFIG_RANDOMIZE_BASE_MAX_OFFSET) {
> > > + mem_avoid[mem_avoid_nr].start = pa_data;
> > > + mem_avoid[mem_avoid_nr].size = sizeof(*data) + data->len;
> > > + mem_avoid_nr++;
> > > + }
> > > + pa_data = data->next;
> > > + }
> > > +}
> > > +
> >
> > I have no idea if this real_mode->hdr.setup_data examination is correct,
> > so not commenting on that.
Probably should return early when pa_data > 4G because of 4G early mapping.
Not sure for 32bit though. I'm not familar with the detail of x86 early boot.
Help will be appreciate.
> >
> > What prevents the loop from overflowing the table?
>
> Ooooops, the checking should be in the loop instead of our of it.
> Will repost. Thanks for catching.
>
> Dave
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-05-14 9:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-14 8:02 [PATCH v2] x86: kaslr to avoid setup_data regions Dave Young
2014-05-14 8:13 ` Mateusz Guzik
2014-05-14 8:23 ` Dave Young
2014-05-14 9:09 ` Dave Young
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.