From: tip-bot for Kees Cook <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: akpm@linux-foundation.org, luto@amacapital.net, bhe@redhat.com,
mingo@kernel.org, vgoyal@redhat.com, yinghai@kernel.org,
dvlasenk@redhat.com, peterz@infradead.org,
linux-kernel@vger.kernel.org, brgerst@gmail.com,
tglx@linutronix.de, keescook@chromium.org, luto@kernel.org,
hpa@zytor.com, torvalds@linux-foundation.org, dyoung@redhat.com,
bp@alien8.de
Subject: [tip:x86/boot] x86/boot: Clean up pointer casting
Date: Fri, 6 May 2016 00:45:41 -0700 [thread overview]
Message-ID: <tip-2bc1cd39fa9f659956b25e500422e700a6cd4ec3@git.kernel.org> (raw)
In-Reply-To: <1462486436-3707-2-git-send-email-keescook@chromium.org>
Commit-ID: 2bc1cd39fa9f659956b25e500422e700a6cd4ec3
Gitweb: http://git.kernel.org/tip/2bc1cd39fa9f659956b25e500422e700a6cd4ec3
Author: Kees Cook <keescook@chromium.org>
AuthorDate: Thu, 5 May 2016 15:13:46 -0700
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 6 May 2016 09:00:59 +0200
x86/boot: Clean up pointer casting
Currently extract_kernel() defines the input and output buffer pointers
as "unsigned char *" since that's effectively what they are. It passes
these to the decompressor routine and to the ELF parser, which both
logically deal with buffer pointers too. There is some casting ("unsigned
long") done to validate the numerical value of the pointers, but it is
relatively limited.
However, choose_random_location() operates almost exclusively on the
numerical representation of these pointers, so it ended up carrying
a lot of "unsigned long" casts. With the future physical/virtual split
these casts were going to multiply, so this attempts to solve the
problem by doing all the casting in choose_random_location()'s entry
and return instead of through-out the code. Adjusts argument names to
be more meaningful, and changes one us of "choice" to "output" to make
the future physical/virtual split more clear (i.e. "choice" should be
strictly a function return value and not used as an intermediate).
Suggested-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: kernel-hardening@lists.openwall.com
Cc: lasse.collin@tukaani.org
Link: http://lkml.kernel.org/r/1462486436-3707-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/boot/compressed/kaslr.c | 20 ++++++++++++++------
arch/x86/boot/compressed/misc.h | 10 +++++-----
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index f1818d9..2072d82 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -305,12 +305,21 @@ static unsigned long find_random_addr(unsigned long minimum,
return slots_fetch_random();
}
-unsigned char *choose_random_location(unsigned char *input,
+unsigned char *choose_random_location(unsigned char *input_ptr,
unsigned long input_size,
- unsigned char *output,
+ unsigned char *output_ptr,
unsigned long output_size)
{
- unsigned long choice = (unsigned long)output;
+ /*
+ * The caller of choose_random_location() uses unsigned char * for
+ * buffer pointers since it performs decompression, elf parsing, etc.
+ * Since this code examines addresses much more numerically,
+ * unsigned long is used internally here. Instead of sprinkling
+ * more casts into extract_kernel, do them here and at return.
+ */
+ unsigned long input = (unsigned long)input_ptr;
+ unsigned long output = (unsigned long)output_ptr;
+ unsigned long choice = output;
unsigned long random_addr;
#ifdef CONFIG_HIBERNATION
@@ -328,11 +337,10 @@ unsigned char *choose_random_location(unsigned char *input,
boot_params->hdr.loadflags |= KASLR_FLAG;
/* Record the various known unsafe memory ranges. */
- mem_avoid_init((unsigned long)input, input_size,
- (unsigned long)output, output_size);
+ mem_avoid_init(input, input_size, output, output_size);
/* Walk e820 and find a random address. */
- random_addr = find_random_addr(choice, output_size);
+ random_addr = find_random_addr(output, output_size);
if (!random_addr) {
warn("KASLR disabled: could not find suitable E820 region!");
goto out;
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 9887e0d..1f23d02 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -67,20 +67,20 @@ int cmdline_find_option_bool(const char *option);
#if CONFIG_RANDOMIZE_BASE
/* kaslr.c */
-unsigned char *choose_random_location(unsigned char *input,
+unsigned char *choose_random_location(unsigned char *input_ptr,
unsigned long input_size,
- unsigned char *output,
+ unsigned char *output_ptr,
unsigned long output_size);
/* cpuflags.c */
bool has_cpuflag(int flag);
#else
static inline
-unsigned char *choose_random_location(unsigned char *input,
+unsigned char *choose_random_location(unsigned char *input_ptr,
unsigned long input_size,
- unsigned char *output,
+ unsigned char *output_ptr,
unsigned long output_size)
{
- return output;
+ return output_ptr;
}
#endif
next prev parent reply other threads:[~2016-05-06 7:46 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-05 22:13 [kernel-hardening] [PATCH v6 0/11] x86/KASLR: Randomize virtual address separately Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 01/11] x86/boot: Clean up pointer casting Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-06 7:45 ` tip-bot for Kees Cook [this message]
2016-05-06 8:53 ` [tip:x86/boot] " Borislav Petkov
2016-05-06 10:10 ` Ingo Molnar
2016-05-06 15:21 ` Kees Cook
2016-05-06 10:36 ` Ingo Molnar
2016-05-06 10:44 ` Borislav Petkov
2016-05-06 11:50 ` [PATCH -v1.1] x86/boot: Simplify pointer casting in choose_random_location() Borislav Petkov
2016-05-07 6:35 ` [tip:x86/boot] " tip-bot for Borislav Petkov
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 02/11] x86/KASLR: Consolidate mem_avoid entries Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-06 7:46 ` [tip:x86/boot] x86/KASLR: Consolidate mem_avoid[] entries tip-bot for Yinghai Lu
2016-05-06 16:08 ` Borislav Petkov
2016-05-06 18:16 ` Kees Cook
2016-05-06 19:29 ` Borislav Petkov
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 03/11] x86/boot: Split out kernel_ident_mapping_init Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 04/11] x86/KASLR: Build identity mappings on demand Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-06 7:00 ` [kernel-hardening] " Ingo Molnar
2016-05-06 7:00 ` Ingo Molnar
2016-05-06 17:44 ` [kernel-hardening] " Kees Cook
2016-05-06 17:44 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 05/11] x86/KASLR: Add slot_area to manage random_addr slots Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 06/11] x86/KASLR: Return earliest overlap when avoiding regions Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 07/11] x86/KASLR: Add virtual address choosing function Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 08/11] x86/KASLR: Clarify purpose of each get_random_long Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 09/11] x86/KASLR: Randomize virtual address separately Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 10/11] x86/KASLR: Add physical address randomization >4G Kees Cook
2016-05-05 22:13 ` Kees Cook
2016-05-06 8:27 ` [kernel-hardening] " Baoquan He
2016-05-06 8:27 ` Baoquan He
2016-05-06 15:31 ` [kernel-hardening] " Kees Cook
2016-05-06 15:31 ` Kees Cook
2016-05-08 9:17 ` [kernel-hardening] " Baoquan He
2016-05-08 9:17 ` Baoquan He
2016-05-05 22:13 ` [kernel-hardening] [PATCH v6 11/11] x86/KASLR: Allow randomization below load address Kees Cook
2016-05-05 22:13 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-2bc1cd39fa9f659956b25e500422e700a6cd4ec3@git.kernel.org \
--to=tipbot@zytor.com \
--cc=akpm@linux-foundation.org \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vgoyal@redhat.com \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.