* [PATCH] x86, kaslr: avoid setup_data when picking location
@ 2014-09-11 16:19 Kees Cook
2014-09-19 11:49 ` [tip:x86/urgent] x86/kaslr: Avoid the setup_data area " tip-bot for Kees Cook
2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
0 siblings, 2 replies; 5+ messages in thread
From: Kees Cook @ 2014-09-11 16:19 UTC (permalink / raw)
To: H. Peter Anvin
Cc: linux-kernel, Baoquan He, Vivek Goyal, Thomas Gleixner,
Ingo Molnar, x86, Rafael J. Wysocki, Wei Yongjun, Pavel Machek
The KASLR location-choosing logic needs to avoid the setup_data list
memory areas as well. Without this, it would be possible to have the
ASLR position stomp on the memory, ultimately causing the boot to fail.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Baoquan He <bhe@redhat.com>
Cc: stable@vger.kernel.org
---
arch/x86/boot/compressed/aslr.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index fc6091abedb7..d39189ba7f8e 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
static bool mem_avoid_overlap(struct mem_vector *img)
{
int i;
+ struct setup_data *ptr;
for (i = 0; i < MEM_AVOID_MAX; i++) {
if (mem_overlaps(img, &mem_avoid[i]))
return true;
}
+ /* Avoid all entries in the setup_data linked list. */
+ ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
+ while (ptr) {
+ struct mem_vector avoid;
+
+ avoid.start = (u64)ptr;
+ avoid.size = sizeof(*ptr) + ptr->len;
+
+ if (mem_overlaps(img, &avoid))
+ return true;
+
+ ptr = (struct setup_data *)(unsigned long)ptr->next;
+ }
+
return false;
}
--
1.9.1
--
Kees Cook
Chrome OS Security
^ permalink raw reply related [flat|nested] 5+ messages in thread* [tip:x86/urgent] x86/kaslr: Avoid the setup_data area when picking location
2014-09-11 16:19 [PATCH] x86, kaslr: avoid setup_data when picking location Kees Cook
@ 2014-09-19 11:49 ` tip-bot for Kees Cook
2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
1 sibling, 0 replies; 5+ messages in thread
From: tip-bot for Kees Cook @ 2014-09-19 11:49 UTC (permalink / raw)
To: linux-tip-commits
Cc: linux-kernel, hpa, mingo, torvalds, bhe, rafael.j.wysocki,
vgoyal, pavel, keescook, yongjun_wei, tglx
Commit-ID: 0cacbfbeb5077b63d5d3cf6df88b14ac12ad584b
Gitweb: http://git.kernel.org/tip/0cacbfbeb5077b63d5d3cf6df88b14ac12ad584b
Author: Kees Cook <keescook@chromium.org>
AuthorDate: Thu, 11 Sep 2014 09:19:31 -0700
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 19 Sep 2014 13:04:29 +0200
x86/kaslr: Avoid the setup_data area when picking location
The KASLR location-choosing logic needs to avoid the setup_data
list memory areas as well. Without this, it would be possible to
have the ASLR position stomp on the memory, ultimately causing
the boot to fail.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Baoquan He <bhe@redhat.com>
Cc: stable@vger.kernel.org
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140911161931.GA12001@www.outflux.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/boot/compressed/aslr.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index fc6091a..d39189b 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
static bool mem_avoid_overlap(struct mem_vector *img)
{
int i;
+ struct setup_data *ptr;
for (i = 0; i < MEM_AVOID_MAX; i++) {
if (mem_overlaps(img, &mem_avoid[i]))
return true;
}
+ /* Avoid all entries in the setup_data linked list. */
+ ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
+ while (ptr) {
+ struct mem_vector avoid;
+
+ avoid.start = (u64)ptr;
+ avoid.size = sizeof(*ptr) + ptr->len;
+
+ if (mem_overlaps(img, &avoid))
+ return true;
+
+ ptr = (struct setup_data *)(unsigned long)ptr->next;
+ }
+
return false;
}
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH] x86, kaslr: avoid setup_data when picking location
2014-09-11 16:19 [PATCH] x86, kaslr: avoid setup_data when picking location Kees Cook
2014-09-19 11:49 ` [tip:x86/urgent] x86/kaslr: Avoid the setup_data area " tip-bot for Kees Cook
@ 2014-10-01 18:01 ` H. Peter Anvin
2014-10-01 18:08 ` Kees Cook
1 sibling, 1 reply; 5+ messages in thread
From: H. Peter Anvin @ 2014-10-01 18:01 UTC (permalink / raw)
To: Kees Cook
Cc: linux-kernel, Baoquan He, Vivek Goyal, Thomas Gleixner,
Ingo Molnar, x86, Rafael J. Wysocki, Wei Yongjun, Pavel Machek
On 09/11/2014 09:19 AM, Kees Cook wrote:
> --- a/arch/x86/boot/compressed/aslr.c
> +++ b/arch/x86/boot/compressed/aslr.c
> @@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
> static bool mem_avoid_overlap(struct mem_vector *img)
> {
> int i;
> + struct setup_data *ptr;
>
> for (i = 0; i < MEM_AVOID_MAX; i++) {
> if (mem_overlaps(img, &mem_avoid[i]))
> return true;
> }
>
> + /* Avoid all entries in the setup_data linked list. */
> + ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
> + while (ptr) {
> + struct mem_vector avoid;
> +
> + avoid.start = (u64)ptr;
> + avoid.size = sizeof(*ptr) + ptr->len;
> +
> + if (mem_overlaps(img, &avoid))
> + return true;
> +
> + ptr = (struct setup_data *)(unsigned long)ptr->next;
> + }
> +
> return false;
> }
>
>
The use of (u64) in the assignment to avoid.start gives a nuisance
warning on 32 bits.
-hpa
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] x86, kaslr: avoid setup_data when picking location
2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
@ 2014-10-01 18:08 ` Kees Cook
2014-10-01 18:13 ` H. Peter Anvin
0 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2014-10-01 18:08 UTC (permalink / raw)
To: H. Peter Anvin
Cc: LKML, Baoquan He, Vivek Goyal, Thomas Gleixner, Ingo Molnar, x86,
Rafael J. Wysocki, Wei Yongjun, Pavel Machek
On Wed, Oct 1, 2014 at 11:01 AM, H. Peter Anvin <hpa@zytor.com> wrote:
> On 09/11/2014 09:19 AM, Kees Cook wrote:
>> --- a/arch/x86/boot/compressed/aslr.c
>> +++ b/arch/x86/boot/compressed/aslr.c
>> @@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
>> static bool mem_avoid_overlap(struct mem_vector *img)
>> {
>> int i;
>> + struct setup_data *ptr;
>>
>> for (i = 0; i < MEM_AVOID_MAX; i++) {
>> if (mem_overlaps(img, &mem_avoid[i]))
>> return true;
>> }
>>
>> + /* Avoid all entries in the setup_data linked list. */
>> + ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
>> + while (ptr) {
>> + struct mem_vector avoid;
>> +
>> + avoid.start = (u64)ptr;
>> + avoid.size = sizeof(*ptr) + ptr->len;
>> +
>> + if (mem_overlaps(img, &avoid))
>> + return true;
>> +
>> + ptr = (struct setup_data *)(unsigned long)ptr->next;
>> + }
>> +
>> return false;
>> }
>>
>>
>
> The use of (u64) in the assignment to avoid.start gives a nuisance
> warning on 32 bits.
Ah, good catch! This should be (unsigned long), I think. Shall I send
a follow-up patch, or do you want to fix this directly?
-Kees
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] x86, kaslr: avoid setup_data when picking location
2014-10-01 18:08 ` Kees Cook
@ 2014-10-01 18:13 ` H. Peter Anvin
0 siblings, 0 replies; 5+ messages in thread
From: H. Peter Anvin @ 2014-10-01 18:13 UTC (permalink / raw)
To: Kees Cook
Cc: LKML, Baoquan He, Vivek Goyal, Thomas Gleixner, Ingo Molnar, x86,
Rafael J. Wysocki, Wei Yongjun, Pavel Machek
On 10/01/2014 11:08 AM, Kees Cook wrote:
>>
>> The use of (u64) in the assignment to avoid.start gives a nuisance
>> warning on 32 bits.
>
> Ah, good catch! This should be (unsigned long), I think. Shall I send
> a follow-up patch, or do you want to fix this directly?
>
Please do.
In theory it is possible for a bootloader to put an object above 4G even
for a 32-bit kernel, but that is likely to break any kind of other
things, so I'm not worried about it. You don't need to worry about
avoiding such a zone, the problem is mostly that you can't follow the
list any further without adding PAE-handling code.
-hpa
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-10-01 18:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-11 16:19 [PATCH] x86, kaslr: avoid setup_data when picking location Kees Cook
2014-09-19 11:49 ` [tip:x86/urgent] x86/kaslr: Avoid the setup_data area " tip-bot for Kees Cook
2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
2014-10-01 18:08 ` Kees Cook
2014-10-01 18:13 ` H. Peter Anvin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.