From: Yinghai Lu <yinghai@kernel.org>
To: Matt Fleming <matt.fleming@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Jiri Kosina <jkosina@suse.cz>, Kees Cook <keescook@chromium.org>,
Borislav Petkov <bp@suse.de>, Baoquan He <bhe@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
Yinghai Lu <yinghai@kernel.org>
Subject: [PATCH v5 06/19] x86, kaslr: Consolidate mem_avoid array filling
Date: Wed, 18 Mar 2015 00:28:13 -0700 [thread overview]
Message-ID: <1426663706-23979-7-git-send-email-yinghai@kernel.org> (raw)
In-Reply-To: <1426663706-23979-1-git-send-email-yinghai@kernel.org>
We are going to support kaslr with 64bit above 4G, and new random output
buffer could be anywhere.
mem_avoid array is used for kaslr to search new output buffer.
Current code only track range that is after output+output_run_size.
We need to track all range not just after output+output_run_size.
Current code has first entry is extra bytes after input+input_size, and it
is according to output_run_size. Other entries are for initrd, cmdline,
and heap/stack for ZO running.
At first, check the first entry that should be in the mem_avoid array.
Now ZO sit end of the buffer always, we can find out where is ZO text
and data/bss etc.
output+run_size
|
0 output input input+input_size | output+init_size
| | | | | |
|-----|-----------------|--|---------------|------|---|----------|
| |
output+init_size-ZO_SIZE output+output_size
[output, output+init_size) is the buffer for decompress.
[output, output+run_size) is for VO run size.
[output, output+output_size) is (VO (vmlinux after objcopy) plus relocs)
[output+init_size-ZO_SIZE, output+init_size) is copied ZO.
[input, input+input_size) is copied compressed (VO (vmlinux after objcopy)
plus relocs), not the ZO.
[input+input_size, output+init_size) is [_text, _end) for ZO. that could be
first range in mem_avoid.
That new first entry already include heap and stack for ZO running. So we
don't need to put them separatedly into mem_avoid array.
Also we need to put [input, input+input_size) in mem_avoid array, ant it
is connected to first one, so merge them.
At last we need to put boot_params into the mem_avoid too. As with 64bit bootloader
could put it anywhere.
After those changes, we have all range needed to be avoided in mem_avoid array.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
---
arch/x86/boot/compressed/aslr.c | 29 +++++++++++++----------------
1 file changed, 13 insertions(+), 16 deletions(-)
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 5dc1a65..9dab0d6 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -112,7 +112,7 @@ struct mem_vector {
unsigned long size;
};
-#define MEM_AVOID_MAX 5
+#define MEM_AVOID_MAX 4
static struct mem_vector mem_avoid[MEM_AVOID_MAX];
static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
@@ -138,21 +138,22 @@ static bool mem_overlaps(struct mem_vector *one, struct mem_vector *two)
}
static void mem_avoid_init(unsigned long input, unsigned long input_size,
- unsigned long output, unsigned long output_run_size)
+ unsigned long output)
{
+ unsigned long init_size = real_mode->hdr.init_size;
u64 initrd_start, initrd_size;
u64 cmd_line, cmd_line_size;
- unsigned long unsafe, unsafe_len;
char *ptr;
/*
* Avoid the region that is unsafe to overlap during
- * decompression (see calculations at top of misc.c).
+ * decompression.
+ * As we already move ZO (arch/x86/boot/compressed/vmlinux)
+ * to the end of buffer, [input+input_size, output+init_size)
+ * has [_text, _end) for ZO.
*/
- unsafe_len = (output_run_size >> 12) + 32768 + 18;
- unsafe = (unsigned long)input + input_size - unsafe_len;
- mem_avoid[0].start = unsafe;
- mem_avoid[0].size = unsafe_len;
+ mem_avoid[0].start = input;
+ mem_avoid[0].size = (output + init_size) - input;
/* Avoid initrd. */
initrd_start = (u64)real_mode->ext_ramdisk_image << 32;
@@ -172,13 +173,9 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
mem_avoid[2].start = cmd_line;
mem_avoid[2].size = cmd_line_size;
- /* Avoid heap memory. */
- mem_avoid[3].start = (unsigned long)free_mem_ptr;
- mem_avoid[3].size = BOOT_HEAP_SIZE;
-
- /* Avoid stack memory. */
- mem_avoid[4].start = (unsigned long)free_mem_end_ptr;
- mem_avoid[4].size = BOOT_STACK_SIZE;
+ /* Avoid params */
+ mem_avoid[3].start = (unsigned long)real_mode;
+ mem_avoid[3].size = sizeof(*real_mode);
}
/* Does this memory vector overlap a known avoided area? */
@@ -343,7 +340,7 @@ unsigned char *choose_kernel_location(unsigned char *input,
/* Record the various known unsafe memory ranges. */
mem_avoid_init((unsigned long)input, input_size,
- (unsigned long)output, output_run_size);
+ (unsigned long)output);
/* Walk e820 and find a random address. */
random = find_random_addr(choice, output_run_size);
--
1.8.4.5
next prev parent reply other threads:[~2015-03-18 7:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 7:28 [PATCH v5 00/19] x86, boot: kaslr cleanup and 64bit kaslr support Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 01/19] x86, boot: Make data from decompress_kernel stage live longer Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 02/19] x86, kaslr: Propagate base load address calculation v2 Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 03/19] x86, boot: Simplify run_size calculation Yinghai Lu
[not found] ` <1426663706-23979-4-git-send-email-yinghai-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-03-23 3:25 ` Baoquan He
[not found] ` <20150323032522.GC2068-je1gSBvt1TeLcxizHhUEZR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
2015-03-23 7:12 ` Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 04/19] x86, kaslr: Kill not used run_size related code Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 05/19] x86, kaslr: Use output_run_size Yinghai Lu
2015-03-18 7:28 ` Yinghai Lu [this message]
2015-03-18 7:28 ` [PATCH v5 07/19] x86, boot: Move z_extract_offset calculation to header.S Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 08/19] x86, kaslr: Get correct max_addr for relocs pointer Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 10/19] x86, 64bit: Set ident_mapping for kaslr Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 12/19] x86, kaslr: Fix a bug that relocation can not be handled when kernel is loaded above 2G Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 14/19] x86, kaslr: Add two functions which will be used later Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 17/19] x86, kaslr: Add support of kernel physical address randomization above 4G Yinghai Lu
[not found] ` <1426663706-23979-1-git-send-email-yinghai-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-03-18 7:28 ` [PATCH v5 09/19] x86, boot: Split kernel_ident_mapping_init to another file Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 11/19] x86, boot: Add checking for memcpy Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 13/19] x86, kaslr: Introduce struct slot_area to manage randomization slot info Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 15/19] x86, kaslr: Introduce fetch_random_virt_offset to randomize the kernel text mapping address Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 16/19] x86, kaslr: Randomize physical and virtual address of kernel separately Yinghai Lu
2015-03-18 7:28 ` [PATCH v5 18/19] x86, kaslr: Remove useless codes Yinghai Lu
2015-04-05 1:25 ` [PATCH v5 00/19] x86, boot: kaslr cleanup and 64bit kaslr support Baoquan He
2015-03-18 7:28 ` [PATCH v5 19/19] x86, kaslr: Allow random address could be below loaded address Yinghai Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426663706-23979-7-git-send-email-yinghai@kernel.org \
--to=yinghai@kernel.org \
--cc=bhe@redhat.com \
--cc=bp@suse.de \
--cc=hpa@zytor.com \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox