From: Baoquan He <bhe@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: ak@linux.intel.com, mingo@redhat.com, whissi@whissi.de,
dyoung@redhat.com, tglx@linutronix.de, vgoyal@redhat.com,
keescook@chromium.org, chaowang@redhat.com,
Baoquan He <bhe@redhat.com>
Subject: [PATCH 1/4] kaslr: check user's config too when handle relocations
Date: Fri, 5 Sep 2014 22:08:14 +0800 [thread overview]
Message-ID: <1409926097-2101-2-git-send-email-bhe@redhat.com> (raw)
In-Reply-To: <1409926097-2101-1-git-send-email-bhe@redhat.com>
kaslr's action is splitted into 2 parts. The 1st is getting available memory
slots and randomly choose the kernel relocation address. After decompression
of kernel to the chosen place, the 2nd part begin to check if kaslr has got
a relocation address, and will do the relocations handling if yes.
However in current implementation, in the 2nd part, it doesn't check user's
config, just compare decompression output address and the LOAD_PHYSICAL_ADDR
where kernel was compiled to run. If they are equal, it means a kaslr is
taking action, and need do the relocation handling. This truly works when
bootloader always load kernel to LOAD_PHYSICAL_ADDR. But this doesn't always
happens. Kexec/kdump kernel loading is exceptional. Kdump/kexec can load
kernel anywhere, this is not fixed. So in this case, it will do the relocation
handling though user clearly set nokaslr in cmdline. This is not correct.
So in this patch, check user's config too in the 2nd part, namely in
handle_relocations().
Signed-off-by: Baoquan He <bhe@redhat.com>
---
arch/x86/boot/compressed/aslr.c | 2 ++
arch/x86/boot/compressed/misc.c | 12 ++++++++++++
2 files changed, 14 insertions(+)
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index fc6091a..975b07b 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -292,11 +292,13 @@ unsigned char *choose_kernel_location(unsigned char *input,
#ifdef CONFIG_HIBERNATION
if (!cmdline_find_option_bool("kaslr")) {
debug_putstr("KASLR disabled by default...\n");
+ debug_putstr("No need to choose kernel relocation...\n");
goto out;
}
#else
if (cmdline_find_option_bool("nokaslr")) {
debug_putstr("KASLR disabled by cmdline...\n");
+ debug_putstr("No need to choose kernel relocation...\n");
goto out;
}
#endif
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 57ab74d..7780a5b 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -238,6 +238,18 @@ static void handle_relocations(void *output, unsigned long output_len)
unsigned long min_addr = (unsigned long)output;
unsigned long max_addr = min_addr + output_len;
+#ifdef CONFIG_HIBERNATION
+ if (!cmdline_find_option_bool("kaslr")) {
+ debug_putstr("No relocation needed... ");
+ return;
+ }
+#else
+ if (cmdline_find_option_bool("nokaslr")) {
+ debug_putstr("No relocation needed... ");
+ return;
+ }
+#endif
+
/*
* Calculate the delta between where vmlinux was linked to load
* and where it was actually loaded.
--
1.8.5.3
next prev parent reply other threads:[~2014-09-05 14:10 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-05 14:08 [PATCH 0/4] fix the compatibility between kaslr and kexe Baoquan He
2014-09-05 14:08 ` Baoquan He [this message]
2014-09-05 17:11 ` [PATCH 1/4] kaslr: check user's config too when handle relocations Kees Cook
2014-09-05 22:37 ` Baoquan He
2014-09-09 6:24 ` Baoquan He
2014-09-09 15:53 ` Kees Cook
2014-09-09 19:28 ` Vivek Goyal
2014-09-09 21:13 ` Kees Cook
2014-09-10 7:21 ` Baoquan He
2014-09-10 14:30 ` Vivek Goyal
2014-09-10 14:41 ` Kees Cook
2014-09-10 15:05 ` Vivek Goyal
2014-09-10 15:27 ` Baoquan He
2014-09-10 15:38 ` Vivek Goyal
2014-09-11 9:31 ` Baoquan He
2014-09-11 16:18 ` Kees Cook
2014-09-10 14:53 ` Baoquan He
2014-09-10 15:04 ` Vivek Goyal
2014-09-10 15:13 ` Baoquan He
2014-09-10 6:10 ` Baoquan He
2014-09-10 13:20 ` Vivek Goyal
2014-09-05 14:08 ` [PATCH 2/4] kaslr: check if the random addr is available Baoquan He
2014-09-05 17:16 ` Kees Cook
2014-09-05 22:16 ` Baoquan He
2014-09-09 19:41 ` Vivek Goyal
2014-09-10 13:55 ` Baoquan He
2014-09-05 14:08 ` [PATCH 3/4] kaslr setup_data handling Baoquan He
2014-09-05 17:32 ` Kees Cook
2014-09-05 22:27 ` Baoquan He
2014-09-09 19:45 ` Vivek Goyal
2014-09-09 19:49 ` H. Peter Anvin
2014-09-09 21:10 ` Kees Cook
2014-09-05 14:08 ` [PATCH 4/4] export the kernel image size KERNEL_IMAGE_SIZE Baoquan He
2014-09-05 17:00 ` Kees Cook
2014-09-09 19:47 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1409926097-2101-2-git-send-email-bhe@redhat.com \
--to=bhe@redhat.com \
--cc=ak@linux.intel.com \
--cc=chaowang@redhat.com \
--cc=dyoung@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=vgoyal@redhat.com \
--cc=whissi@whissi.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox