From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02E48C433DB for ; Sun, 10 Jan 2021 14:22:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A977E2388A for ; Sun, 10 Jan 2021 14:22:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726522AbhAJOVy (ORCPT ); Sun, 10 Jan 2021 09:21:54 -0500 Received: from mail1.protonmail.ch ([185.70.40.18]:62764 "EHLO mail1.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726250AbhAJOVx (ORCPT ); Sun, 10 Jan 2021 09:21:53 -0500 Date: Sun, 10 Jan 2021 14:21:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail; t=1610288470; bh=VGX0PRLKNwrqHDEXkOqUUZwUy5aJ1pV/tRE9+Arq0VI=; h=Date:To:From:Cc:Reply-To:Subject:From; b=aCJf4p3jmFPCVY0b8/vbBTqZ3xWaHVQARclhn/7SqULUBNlcRd7YrCsEeII20qKic wyCP+tV9UrkXGFCCaIfsvE1RfjLMdPUnMDAMVR8e83vUpEDvTyaAqtH3Jzt8y4RxzH 35Lz8H1AUueVhTYf5LUxfBuLOjUH9aFOwK5aNohrUoo2Gny26WlhEXNO/Y886SHa9I ukXhmKtx3bdiHyWgYlc5yb+YUzxyXxHfKQzoBCXpaXyrOCRsgKM61nBjBf3+3kJuJB tyHuyuq5vCQL9cMc5QHrRXGIDjOmBPppvwH5BuW87n41bpx4P8igHwH39LV3AzToXu +QqlU4nQ4rJyQ== To: Thomas Bogendoerfer From: Alexander Lobakin Cc: Nathan Chancellor , Nick Desaulniers , Kees Cook , Jinyang He , Alexander Lobakin , Ralf Baechle , Matt Redfearn , linux-mips@vger.kernel.org, stable@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com Reply-To: Alexander Lobakin Subject: [PATCH mips-fixes] MIPS: relocatable: fix possible boot hangup with KASLR enabled Message-ID: <20210110142023.185275-1-alobakin@pm.me> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org LLVM-built Linux triggered a boot hangup with KASLR enabled. arch/mips/kernel/relocate.c:get_random_boot() uses linux_banner, which is a string constant, as a random seed, but accesses it as an array of unsigned long (in rotate_xor()). When the address of linux_banner is not aligned to sizeof(long), such access emits unaligned access exception and hangs the kernel. Use PTR_ALIGN() to align input address to sizeof(long) and also align down the input length to prevent possible access-beyond-end. Fixes: 405bc8fd12f5 ("MIPS: Kernel: Implement KASLR using CONFIG_RELOCATABL= E") Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Alexander Lobakin --- arch/mips/kernel/relocate.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/mips/kernel/relocate.c b/arch/mips/kernel/relocate.c index 47aeb3350a76..0e365b7c742d 100644 --- a/arch/mips/kernel/relocate.c +++ b/arch/mips/kernel/relocate.c @@ -187,8 +187,14 @@ static int __init relocate_exception_table(long offset= ) static inline __init unsigned long rotate_xor(unsigned long hash, =09=09=09=09=09 const void *area, size_t size) { -=09size_t i; -=09unsigned long *ptr =3D (unsigned long *)area; +=09const typeof(hash) *ptr =3D PTR_ALIGN(area, sizeof(hash)); +=09size_t diff, i; + +=09diff =3D (void *)ptr - area; +=09if (unlikely(size < diff + sizeof(hash))) +=09=09return hash; + +=09size =3D ALIGN_DOWN(size - diff, sizeof(hash)); =20 =09for (i =3D 0; i < size / sizeof(hash); i++) { =09=09/* Rotate by odd number of bits and XOR. */ --=20 2.30.0