From: Yinghai Lu <yinghai@kernel.org>
To: Matt Fleming <matt.fleming@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Jiri Kosina <jkosina@suse.cz>, Kees Cook <keescook@chromium.org>,
Borislav Petkov <bp@suse.de>, Baoquan He <bhe@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org
Subject: [PATCH v5 17/19] x86, kaslr: Add support of kernel physical address randomization above 4G
Date: Wed, 18 Mar 2015 00:28:24 -0700 [thread overview]
Message-ID: <1426663706-23979-18-git-send-email-yinghai@kernel.org> (raw)
In-Reply-To: <1426663706-23979-1-git-send-email-yinghai@kernel.org>
From: Baoquan He <bhe@redhat.com>
In kaslr implementation mechanism, mainly process_e820_entry and
slots_fetch_random do the job. process_e820_entry is responsible
for storing the slot information. slots_fetch_random takes care
of fetching slot information. In this patch, for adding support
of kernel physical address randomization above 4G, both of these
two functions are changed based on the new slot_area data structure.
Now kernel can be reloaded and decompressed anywhere of the whole
physical memory, even near 64T at most.
Signed-off-by: Baoquan He <bhe@redhat.com>
---
arch/x86/boot/compressed/aslr.c | 68 ++++++++++++++++++++++++++++++-----------
1 file changed, 51 insertions(+), 17 deletions(-)
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index ae0aed9..2f60f41 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -296,27 +296,40 @@ static void slots_append(unsigned long addr)
static unsigned long slots_fetch_random(void)
{
+ unsigned long random;
+ int i;
+
/* Handle case of no slots stored. */
if (slot_max == 0)
return 0;
- return slots[get_random_long() % slot_max];
+ random = get_random_long() % slot_max;
+
+ for (i = 0; i < slot_area_index; i++) {
+ if (random >= slot_areas[i].num) {
+ random -= slot_areas[i].num;
+ continue;
+ }
+ return slot_areas[i].addr + random * CONFIG_PHYSICAL_ALIGN;
+ }
+
+ if (i == slot_area_index)
+ debug_putstr("Something wrong happened in slots_fetch_random()...\n");
+ return 0;
}
static void process_e820_entry(struct e820entry *entry,
unsigned long minimum,
unsigned long image_size)
{
- struct mem_vector region, img;
+ struct mem_vector region, out;
+ struct slot_area slot_area;
+ unsigned long min, start_orig;
/* Skip non-RAM entries. */
if (entry->type != E820_RAM)
return;
- /* Ignore entries entirely above our maximum. */
- if (entry->addr >= CONFIG_RANDOMIZE_BASE_MAX_OFFSET)
- return;
-
/* Ignore entries entirely below our minimum. */
if (entry->addr + entry->size < minimum)
return;
@@ -324,10 +337,17 @@ static void process_e820_entry(struct e820entry *entry,
region.start = entry->addr;
region.size = entry->size;
+repeat:
+ start_orig = region.start;
+
/* Potentially raise address to minimum location. */
if (region.start < minimum)
region.start = minimum;
+ /* Return if slot area array is full */
+ if (slot_area_index == MAX_SLOT_AREA)
+ return;
+
/* Potentially raise address to meet alignment requirements. */
region.start = ALIGN(region.start, CONFIG_PHYSICAL_ALIGN);
@@ -336,20 +356,30 @@ static void process_e820_entry(struct e820entry *entry,
return;
/* Reduce size by any delta from the original address. */
- region.size -= region.start - entry->addr;
+ region.size -= region.start - start_orig;
- /* Reduce maximum size to fit end of image within maximum limit. */
- if (region.start + region.size > CONFIG_RANDOMIZE_BASE_MAX_OFFSET)
- region.size = CONFIG_RANDOMIZE_BASE_MAX_OFFSET - region.start;
+ /* Return if region can't contain decompressed kernel */
+ if (region.size < image_size)
+ return;
- /* Walk each aligned slot and check for avoided areas. */
- for (img.start = region.start, img.size = image_size ;
- mem_contains(®ion, &img) ;
- img.start += CONFIG_PHYSICAL_ALIGN) {
- if (mem_avoid_overlap(&img))
- continue;
- slots_append(img.start);
+ if (!mem_avoid_overlap(®ion)) {
+ store_slot_info(®ion, image_size);
+ return;
}
+
+ min = mem_min_overlap(®ion, &out);
+
+ if (min > region.start + image_size) {
+ struct mem_vector tmp;
+
+ tmp.start = region.start;
+ tmp.size = min - region.start;
+ store_slot_info(&tmp, image_size);
+ }
+
+ region.size -= out.start - region.start + out.size;
+ region.start = out.start + out.size;
+ goto repeat;
}
static unsigned long find_random_phy_addr(unsigned long minimum,
@@ -364,6 +394,10 @@ static unsigned long find_random_phy_addr(unsigned long minimum,
/* Verify potential e820 positions, appending to slots list. */
for (i = 0; i < real_mode->e820_entries; i++) {
process_e820_entry(&real_mode->e820_map[i], minimum, size);
+ if (slot_area_index == MAX_SLOT_AREA) {
+ debug_putstr("Stop processing e820 since slot_areas is full...\n");
+ break;
+ }
}
return slots_fetch_random();
--
1.8.4.5
next prev parent reply other threads:[~2015-03-18 7:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 7:28 [PATCH v5 00/19] x86, boot: kaslr cleanup and 64bit kaslr support Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 01/19] x86, boot: Make data from decompress_kernel stage live longer Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 02/19] x86, kaslr: Propagate base load address calculation v2 Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 03/19] x86, boot: Simplify run_size calculation Yinghai Lu
[not found] ` <1426663706-23979-4-git-send-email-yinghai-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-03-23 3:25 ` Baoquan He
[not found] ` <20150323032522.GC2068-je1gSBvt1TeLcxizHhUEZR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2015-03-23 7:12 ` Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 04/19] x86, kaslr: Kill not used run_size related code Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 05/19] x86, kaslr: Use output_run_size Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 06/19] x86, kaslr: Consolidate mem_avoid array filling Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 07/19] x86, boot: Move z_extract_offset calculation to header.S Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 08/19] x86, kaslr: Get correct max_addr for relocs pointer Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 10/19] x86, 64bit: Set ident_mapping for kaslr Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 12/19] x86, kaslr: Fix a bug that relocation can not be handled when kernel is loaded above 2G Yinghai Lu
[not found] ` <1426663706-23979-1-git-send-email-yinghai-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-03-18 7:28 ` [PATCH v5 09/19] x86, boot: Split kernel_ident_mapping_init to another file Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 11/19] x86, boot: Add checking for memcpy Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 13/19] x86, kaslr: Introduce struct slot_area to manage randomization slot info Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 15/19] x86, kaslr: Introduce fetch_random_virt_offset to randomize the kernel text mapping address Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 16/19] x86, kaslr: Randomize physical and virtual address of kernel separately Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 18/19] x86, kaslr: Remove useless codes Yinghai Lu
2015-04-05 1:25 ` [PATCH v5 00/19] x86, boot: kaslr cleanup and 64bit kaslr support Baoquan He
2015-03-18 7:28 ` [PATCH v5 14/19] x86, kaslr: Add two functions which will be used later Yinghai Lu
2015-03-18 7:28 ` Yinghai Lu [this message]
2015-03-18 7:28 ` [PATCH v5 19/19] x86, kaslr: Allow random address could be below loaded address Yinghai Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426663706-23979-18-git-send-email-yinghai@kernel.org \
--to=yinghai@kernel.org \
--cc=bhe@redhat.com \
--cc=bp@suse.de \
--cc=hpa@zytor.com \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox