From: Kees Cook <keescook@chromium.org>
To: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>,
Matt Fleming <matt.fleming@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Jiri Kosina <jkosina@suse.cz>,
Borislav Petkov <bp@suse.de>, Baoquan He <bhe@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
Josh Triplett <josh@joshtriplett.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Junjie Mao <eternal.n08@gmail.com>
Subject: Re: [PATCH v2 01/15] x86, kaslr: Use init_size instead of run_size
Date: Fri, 6 Mar 2015 10:55:11 -0800 [thread overview]
Message-ID: <CAGXu5jLf+=CMs0qj4nRG-kw1YiQ-eMFHFpAE8uVUitqmGOG7gA@mail.gmail.com> (raw)
In-Reply-To: <CAE9FiQXzv7TPMRA+RqSdV0ERiW3KYA-2KOyDKBrZDn3Zd5RcrQ@mail.gmail.com>
On Fri, Mar 6, 2015 at 10:44 AM, Yinghai Lu <yinghai@kernel.org> wrote:
> On Fri, Mar 6, 2015 at 5:55 AM, Borislav Petkov <bp@alien8.de> wrote:
>> On Wed, Mar 04, 2015 at 12:00:34AM -0800, Yinghai Lu wrote:
>>> commit e6023367d779 ("x86, kaslr: Prevent .bss from overlaping initrd")
>>>
>>> introduced one run_size for kaslr.
>>>
>>> We do not need to have home grown run_size.
>>>
>>> We should use real runtime size (include copy/decompress) aka init_size
>>
>> Why?
>
> New change log:
>
> Subject: [PATCH] x86, kaslr: Use init_size instead of run_size
>
> commit e6023367d779 ("x86, kaslr: Prevent .bss from overlaping initrd")
> introduced one run_size for kaslr.
> We should use real runtime size (include copy/decompress) aka init_size.
>
> run_size is size of VO (vmlinux).
> init_size is the size needed for decompress and it is bigger than run_size
> when decompress need more buff.
>
> According to arch/x86/boot/header.S:
> | #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
> | #define VO_INIT_SIZE (VO__end - VO__text)
> | #if ZO_INIT_SIZE > VO_INIT_SIZE
> | #define INIT_SIZE ZO_INIT_SIZE
> | #else
> | #define INIT_SIZE VO_INIT_SIZE
> | #endif
> | init_size: .long INIT_SIZE # kernel initialization size
>
> Bootloader allocate buffer according to init_size in hdr, and load the
> ZO (arch/x86/boot/compressed/vmlinux) from start of that buffer.
> During running of ZO, ZO move itself to the middle of buffer at
> z_extract_offset to make sure that decompressor would not have output
> overwrite input data before input data get consumed.
> But z_extract_offset calculating is based on size of VO (vmlinux) and size
> of compressed VO only at first.
> So need to make [z_extra_offset, init_size) will fit ZO, that means
> init_size need to be adjusted according to ZO size.
> That make init_size is always >= run_size.
>
> During aslr buffer searching, we need to make sure the buffer is bigger
> enough for decompress at first. So use init_size instead, and kill not
> needed run_size related code.
I don't see how bss and brk are related to these sizes. Can you
explain how bss, brk, and initrd factor into these sizes? Those were
what run_size was created to represent. I don't want to accidentally
start stomping on bss and brk again. :)
-Kees
--
Kees Cook
Chrome OS Security
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
To: Yinghai Lu <yinghai-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org>,
Matt Fleming
<matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Bjorn Helgaas <bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Jiri Kosina <jkosina-AlSwsSmVLrQ@public.gmane.org>,
Borislav Petkov <bp-l3A5Bk7waGM@public.gmane.org>,
Baoquan He <bhe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Linux Kernel Mailing List
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Josh Triplett <josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Ard Biesheuvel
<ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Junjie Mao <eternal.n08-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Subject: Re: [PATCH v2 01/15] x86, kaslr: Use init_size instead of run_size
Date: Fri, 6 Mar 2015 10:55:11 -0800 [thread overview]
Message-ID: <CAGXu5jLf+=CMs0qj4nRG-kw1YiQ-eMFHFpAE8uVUitqmGOG7gA@mail.gmail.com> (raw)
In-Reply-To: <CAE9FiQXzv7TPMRA+RqSdV0ERiW3KYA-2KOyDKBrZDn3Zd5RcrQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Fri, Mar 6, 2015 at 10:44 AM, Yinghai Lu <yinghai-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> wrote:
> On Fri, Mar 6, 2015 at 5:55 AM, Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org> wrote:
>> On Wed, Mar 04, 2015 at 12:00:34AM -0800, Yinghai Lu wrote:
>>> commit e6023367d779 ("x86, kaslr: Prevent .bss from overlaping initrd")
>>>
>>> introduced one run_size for kaslr.
>>>
>>> We do not need to have home grown run_size.
>>>
>>> We should use real runtime size (include copy/decompress) aka init_size
>>
>> Why?
>
> New change log:
>
> Subject: [PATCH] x86, kaslr: Use init_size instead of run_size
>
> commit e6023367d779 ("x86, kaslr: Prevent .bss from overlaping initrd")
> introduced one run_size for kaslr.
> We should use real runtime size (include copy/decompress) aka init_size.
>
> run_size is size of VO (vmlinux).
> init_size is the size needed for decompress and it is bigger than run_size
> when decompress need more buff.
>
> According to arch/x86/boot/header.S:
> | #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset)
> | #define VO_INIT_SIZE (VO__end - VO__text)
> | #if ZO_INIT_SIZE > VO_INIT_SIZE
> | #define INIT_SIZE ZO_INIT_SIZE
> | #else
> | #define INIT_SIZE VO_INIT_SIZE
> | #endif
> | init_size: .long INIT_SIZE # kernel initialization size
>
> Bootloader allocate buffer according to init_size in hdr, and load the
> ZO (arch/x86/boot/compressed/vmlinux) from start of that buffer.
> During running of ZO, ZO move itself to the middle of buffer at
> z_extract_offset to make sure that decompressor would not have output
> overwrite input data before input data get consumed.
> But z_extract_offset calculating is based on size of VO (vmlinux) and size
> of compressed VO only at first.
> So need to make [z_extra_offset, init_size) will fit ZO, that means
> init_size need to be adjusted according to ZO size.
> That make init_size is always >= run_size.
>
> During aslr buffer searching, we need to make sure the buffer is bigger
> enough for decompress at first. So use init_size instead, and kill not
> needed run_size related code.
I don't see how bss and brk are related to these sizes. Can you
explain how bss, brk, and initrd factor into these sizes? Those were
what run_size was created to represent. I don't want to accidentally
start stomping on bss and brk again. :)
-Kees
--
Kees Cook
Chrome OS Security
next prev parent reply other threads:[~2015-03-06 18:55 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-04 8:00 [PATCH v2 00/15] x86, boot: clean up kasl and setup_data handling Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 01/15] x86, kaslr: Use init_size instead of run_size Yinghai Lu
2015-03-06 13:55 ` Borislav Petkov
2015-03-06 18:44 ` Yinghai Lu
2015-03-06 18:55 ` Kees Cook [this message]
2015-03-06 18:55 ` Kees Cook
2015-03-06 19:28 ` Yinghai Lu
2015-03-06 19:56 ` Kees Cook
2015-03-06 19:56 ` Kees Cook
2015-03-07 0:52 ` Yinghai Lu
2015-03-07 0:52 ` Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 02/15] x86, boot: move ZO to end of buffer Yinghai Lu
2015-03-06 13:58 ` Borislav Petkov
2015-03-04 8:00 ` [PATCH v2 03/15] x86, boot: keep data from ZO boot stage to VO kernel stage Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 04/15] x86, kaslr: get kaslr_enabled back correctly Yinghai Lu
2015-03-04 8:00 ` Yinghai Lu
2015-03-04 10:16 ` Borislav Petkov
2015-03-04 15:54 ` Jiri Kosina
2015-03-04 18:12 ` Yinghai Lu
2015-03-04 18:12 ` Yinghai Lu
2015-03-04 19:41 ` Ingo Molnar
2015-03-04 19:41 ` Ingo Molnar
2015-03-05 2:58 ` joeyli
2015-03-05 3:20 ` Yinghai Lu
2015-03-04 18:06 ` Yinghai Lu
2015-03-04 18:56 ` Yinghai Lu
2015-03-04 20:00 ` Ingo Molnar
2015-03-04 20:00 ` Ingo Molnar
2015-03-04 21:32 ` Yinghai Lu
2015-03-06 13:33 ` Borislav Petkov
2015-03-06 17:49 ` Yinghai Lu
2015-03-06 17:49 ` Yinghai Lu
2015-03-07 20:50 ` Borislav Petkov
2015-03-06 19:50 ` Yinghai Lu
2015-03-06 19:50 ` Yinghai Lu
2015-03-06 19:53 ` Yinghai Lu
2015-03-06 19:53 ` Yinghai Lu
2015-03-07 21:05 ` Borislav Petkov
2015-03-07 21:11 ` Yinghai Lu
2015-03-07 20:56 ` Borislav Petkov
2015-03-04 8:00 ` [PATCH v2 05/15] x86, kaslr: consolidate the mem_avoid filling Yinghai Lu
2015-03-04 8:00 ` Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 06/15] x86, boot: split kernel_ident_mapping_init into another file Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 07/15] x86, kaslr, 64bit: set new or extra ident_mapping Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 08/15] x86: Kill E820_RESERVED_KERN Yinghai Lu
2015-03-04 8:00 ` Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 09/15] x86, efi: copy SETUP_EFI data and access directly Yinghai Lu
2015-03-04 8:00 ` Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 10/15] x86, of: let add_dtb reserve by itself Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 11/15] x86, boot: Add add_pci handler for SETUP_PCI Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 12/15] x86: kill not used setup_data handling code Yinghai Lu
2015-03-04 8:00 ` Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 13/15] x86, pci: convert SETUP_PCI data to list Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 14/15] x86, boot: copy rom to kernel space Yinghai Lu
2015-03-04 8:00 ` [PATCH v2 15/15] x86, pci: export SETUP_PCI data via sysfs Yinghai Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5jLf+=CMs0qj4nRG-kw1YiQ-eMFHFpAE8uVUitqmGOG7gA@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=bhe@redhat.com \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=eternal.n08@gmail.com \
--cc=hpa@zytor.com \
--cc=jkosina@suse.cz \
--cc=josh@joshtriplett.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.