From: Dave Young <dyoung@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: kaslr should avoid setup_data region
Date: Fri, 25 Apr 2014 17:44:45 +0800 [thread overview]
Message-ID: <20140425094444.GA1896@darkstar.nay.redhat.com> (raw)
In-Reply-To: <CAGXu5jKaog6X+jw6Zh3iHSHS8KFUbLEHm75=HbVORJ-crpr7Fw@mail.gmail.com>
On 04/24/14 at 03:50pm, Kees Cook wrote:
> Ah, it sounds like boot_params.hdr.setup_data contains a series of
> e820-like entries chained together as a linked list? Which loaders
> currently populate that? Looks like EFI? Seems like
> arch/x86/boot/compressed/eboot.c works on setup_data at least.
AFAIK efi stub, kexec, also as HPA mentioned syslinux use it as well.
kexec use setup_data for passing e820 ext ranges, also use it for efi boot.
>
> I won't be in a position to test EFI booting for a while. If someone
> else took this, that would make it get fixed much faster.
Because kaslr is randomizing the base, it's hard to produce the failure.
>From the code itself, maybe just iterate the setup_data regions and add them
to avoid list, not necessary to care about the setup_data type..
>
> Do you have examples where this is actually causing failures?
As mentioned above I have no idea how to test. Probably need manually hack
the code to create a failure?
>
> -Kees
>
> On Wed, Apr 23, 2014 at 7:50 PM, Dave Young <dyoung@redhat.com> wrote:
> > On 04/23/14 at 07:43pm, Kees Cook wrote:
> >> On Wed, Apr 23, 2014 at 7:35 PM, Dave Young <dyoung@redhat.com> wrote:
> >> > Hello Kees
> >> >
> >> > I'm worrying that setup_data regions could be overwitten by randomize
> >> > kernel base. Would you like to fix it in kaslr code?
> >> >
> >> > One problem is there could be a lot of setup_data regions but current
> >> > mem_avoid is an fixed array.
> >>
> >> Sure, can you give me some examples? Seems like it shouldn't be too
> >> hard to have the mem_avoid logic walk additional areas.
> >
> > Great, To walk through the list just like the function parse_setup_data in
> > arch/x86/kernel/setup.c
> >
> > Thanks
> > Dave
>
>
>
> --
> Kees Cook
> Chrome OS Security
next prev parent reply other threads:[~2014-04-25 9:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-24 2:35 kaslr should avoid setup_data region Dave Young
2014-04-24 2:43 ` Kees Cook
2014-04-24 2:50 ` Dave Young
2014-04-24 22:50 ` Kees Cook
2014-04-24 23:46 ` H. Peter Anvin
2014-04-25 9:44 ` Dave Young [this message]
2014-05-05 8:58 ` Dave Young
2014-05-08 9:46 ` Dave Young
2014-05-08 19:31 ` Kees Cook
2014-05-09 3:21 ` Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140425094444.GA1896@darkstar.nay.redhat.com \
--to=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox