Re: [tip:x86/boot] x86/KASLR: Build identity mappings on demand

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Borislav Petkov <bp@alien8.de>
To: Kees Cook <keescook@chromium.org>, Ingo Molnar <mingo@kernel.org>
Cc: bp@suse.de, jkosina@suse.cz, linux-kernel@vger.kernel.org,
	keescook@chromium.org, brgerst@gmail.com, vgoyal@redhat.com,
	akpm@linux-foundation.org, tglx@linutronix.de, bhe@redhat.com,
	luto@kernel.org, dyoung@redhat.com, yinghai@kernel.org,
	dvlasenk@redhat.com, mingo@kernel.org, peterz@infradead.org,
	luto@amacapital.net, torvalds@linux-foundation.org,
	hpa@zytor.com, linux-tip-commits@vger.kernel.org
Subject: Re: [tip:x86/boot] x86/KASLR: Build identity mappings on demand
Date: Sat, 7 May 2016 12:05:41 +0200	[thread overview]
Message-ID: <20160507100541.GA24613@pd.tnic> (raw)
In-Reply-To: <tip-3a94707d7a7bb1eb82acae5fbc035247dd1ba8a5@git.kernel.org>

On Fri, May 06, 2016 at 11:37:22PM -0700, tip-bot for Kees Cook wrote:
> Commit-ID:  3a94707d7a7bb1eb82acae5fbc035247dd1ba8a5
> Gitweb:     http://git.kernel.org/tip/3a94707d7a7bb1eb82acae5fbc035247dd1ba8a5
> Author:     Kees Cook <keescook@chromium.org>
> AuthorDate: Fri, 6 May 2016 15:01:35 -0700
> Committer:  Ingo Molnar <mingo@kernel.org>
> CommitDate: Sat, 7 May 2016 07:38:39 +0200
> 
> x86/KASLR: Build identity mappings on demand
> 
> Currently KASLR only supports relocation in a small physical range (from
> 16M to 1G), due to using the initial kernel page table identity mapping.
> To support ranges above this, we need to have an identity mapping for the
> desired memory range before we can decompress (and later run) the kernel.

...

> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index 8ef1186..f82975b 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -241,6 +241,8 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
>  	 */
>  	mem_avoid[MEM_AVOID_ZO_RANGE].start = input;
>  	mem_avoid[MEM_AVOID_ZO_RANGE].size = (output + init_size) - input;
> +	add_identity_map(mem_avoid[MEM_AVOID_ZO_RANGE].start,
> +			 mem_avoid[MEM_AVOID_ZO_RANGE].size);
>  
>  	/* Avoid initrd. */
>  	initrd_start  = (u64)boot_params->ext_ramdisk_image << 32;
> @@ -249,6 +251,7 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
>  	initrd_size |= boot_params->hdr.ramdisk_size;
>  	mem_avoid[MEM_AVOID_INITRD].start = initrd_start;
>  	mem_avoid[MEM_AVOID_INITRD].size = initrd_size;
> +	/* No need to set mapping for initrd, it will be handled in VO. */
>  
>  	/* Avoid kernel command line. */
>  	cmd_line  = (u64)boot_params->ext_cmd_line_ptr << 32;
> @@ -259,10 +262,21 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
>  		;
>  	mem_avoid[MEM_AVOID_CMDLINE].start = cmd_line;
>  	mem_avoid[MEM_AVOID_CMDLINE].size = cmd_line_size;
> +	add_identity_map(mem_avoid[MEM_AVOID_CMDLINE].start,
> +			 mem_avoid[MEM_AVOID_CMDLINE].size);
>  
>  	/* Avoid boot parameters. */
>  	mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params;
>  	mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params);
> +	add_identity_map(mem_avoid[MEM_AVOID_BOOTPARAMS].start,
> +			 mem_avoid[MEM_AVOID_BOOTPARAMS].size);
> +
> +	/* We don't need to set a mapping for setup_data. */
> +
> +#ifdef CONFIG_X86_VERBOSE_BOOTUP
> +	/* Make sure video RAM can be used. */
> +	add_identity_map(0, PMD_SIZE);
> +#endif
>  }
>  
>  /* Does this memory vector overlap a known avoided area? */
> @@ -421,6 +435,9 @@ unsigned char *choose_random_location(unsigned long input,
>  		goto out;
>  
>  	choice = random_addr;
> +
> +	add_identity_map(choice, output_size);
> +	finalize_identity_maps();

Looks ok except that finalize_identity_maps()'s name is kinda not really
telling me that we're writing CR3 inside and we're thus switching to the
new pagetable. I thought about maybe having something like

	write_cr3(get_identity_map());

to make it really explicit at the callsite that we're loading the
pagetable but you have all that scheme of stubbed functions on 32-bit
and functions doing something on 64-bit.

So how about at least commenting it?

---
From: Borislav Petkov <bp@suse.de>
Date: Sat, 7 May 2016 11:59:40 +0200
Subject: [PATCH] x86/boot: Comment what finalize_identity_maps() does

So it is not really obvious that finalize_identity_maps() doesn't do any
finalization but it *actually* writes CR3 with the ident PGD. Comment
that at the call site.

Signed-off-by: Borislav Petkov <bp@suse.de>
---
 arch/x86/boot/compressed/kaslr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index f82975b0f9d6..f5a138c3fe96 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -437,6 +437,8 @@ unsigned char *choose_random_location(unsigned long input,
 	choice = random_addr;
 
 	add_identity_map(choice, output_size);
+
+	/* This actually loads the identity pagetable on x86_64. */
 	finalize_identity_maps();
 out:
 	return (unsigned char *)choice;
-- 
2.7.3

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.

next prev parent reply	other threads:[~2016-05-07 10:05 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-06 22:01 [kernel-hardening] [PATCH 0/3] x86/KASLR: Build identity mappings on demand Kees Cook
2016-05-06 22:01 ` Kees Cook
2016-05-06 22:01 ` [kernel-hardening] [PATCH 1/3] x86/boot: Clean up indenting for asm/boot.h Kees Cook
2016-05-06 22:01   ` Kees Cook
2016-05-07  6:36   ` [tip:x86/boot] " tip-bot for Kees Cook
2016-05-06 22:01 ` [kernel-hardening] [PATCH 2/3] x86/boot: Split out kernel_ident_mapping_init Kees Cook
2016-05-06 22:01   ` Kees Cook
2016-05-07  6:36   ` [tip:x86/boot] x86/boot: Split out kernel_ident_mapping_init() tip-bot for Yinghai Lu
2016-05-06 22:01 ` [kernel-hardening] [PATCH 3/3] x86/KASLR: Build identity mappings on demand Kees Cook
2016-05-06 22:01   ` Kees Cook
2016-05-07  6:37   ` [tip:x86/boot] " tip-bot for Kees Cook
2016-05-07 10:05     ` Borislav Petkov [this message]
2016-05-10  8:40       ` [tip:x86/boot] x86/boot: Comment what finalize_identity_maps() does tip-bot for Borislav Petkov
2016-05-07  5:40 ` [kernel-hardening] Re: [PATCH 0/3] x86/KASLR: Build identity mappings on demand Ingo Molnar
2016-05-07  5:40   ` Ingo Molnar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f82975b0f9d dfblob:f5a138c3fe9 )
 OR (
bs:"x86/boot: Comment what finalize_identity_maps() does" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160507100541.GA24613@pd.tnic \
    --to=bp@alien8.de \
    --cc=akpm@linux-foundation.org \
    --cc=bhe@redhat.com \
    --cc=bp@suse.de \
    --cc=brgerst@gmail.com \
    --cc=dvlasenk@redhat.com \
    --cc=dyoung@redhat.com \
    --cc=hpa@zytor.com \
    --cc=jkosina@suse.cz \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=luto@kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=vgoyal@redhat.com \
    --cc=yinghai@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.