All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] x86, kaslr: avoid setup_data when picking location
@ 2014-09-11 16:19 Kees Cook
  2014-09-19 11:49 ` [tip:x86/urgent] x86/kaslr: Avoid the setup_data area " tip-bot for Kees Cook
  2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
  0 siblings, 2 replies; 5+ messages in thread
From: Kees Cook @ 2014-09-11 16:19 UTC (permalink / raw)
  To: H. Peter Anvin
  Cc: linux-kernel, Baoquan He, Vivek Goyal, Thomas Gleixner,
	Ingo Molnar, x86, Rafael J. Wysocki, Wei Yongjun, Pavel Machek

The KASLR location-choosing logic needs to avoid the setup_data list
memory areas as well. Without this, it would be possible to have the
ASLR position stomp on the memory, ultimately causing the boot to fail.

Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Baoquan He <bhe@redhat.com>
Cc: stable@vger.kernel.org
---
 arch/x86/boot/compressed/aslr.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index fc6091abedb7..d39189ba7f8e 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
 static bool mem_avoid_overlap(struct mem_vector *img)
 {
 	int i;
+	struct setup_data *ptr;
 
 	for (i = 0; i < MEM_AVOID_MAX; i++) {
 		if (mem_overlaps(img, &mem_avoid[i]))
 			return true;
 	}
 
+	/* Avoid all entries in the setup_data linked list. */
+	ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
+	while (ptr) {
+		struct mem_vector avoid;
+
+		avoid.start = (u64)ptr;
+		avoid.size = sizeof(*ptr) + ptr->len;
+
+		if (mem_overlaps(img, &avoid))
+			return true;
+
+		ptr = (struct setup_data *)(unsigned long)ptr->next;
+	}
+
 	return false;
 }
 
-- 
1.9.1


-- 
Kees Cook
Chrome OS Security

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [tip:x86/urgent] x86/kaslr: Avoid the setup_data area when picking location
  2014-09-11 16:19 [PATCH] x86, kaslr: avoid setup_data when picking location Kees Cook
@ 2014-09-19 11:49 ` tip-bot for Kees Cook
  2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
  1 sibling, 0 replies; 5+ messages in thread
From: tip-bot for Kees Cook @ 2014-09-19 11:49 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, torvalds, bhe, rafael.j.wysocki,
	vgoyal, pavel, keescook, yongjun_wei, tglx

Commit-ID:  0cacbfbeb5077b63d5d3cf6df88b14ac12ad584b
Gitweb:     http://git.kernel.org/tip/0cacbfbeb5077b63d5d3cf6df88b14ac12ad584b
Author:     Kees Cook <keescook@chromium.org>
AuthorDate: Thu, 11 Sep 2014 09:19:31 -0700
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 19 Sep 2014 13:04:29 +0200

x86/kaslr: Avoid the setup_data area when picking location

The KASLR location-choosing logic needs to avoid the setup_data
list memory areas as well. Without this, it would be possible to
have the ASLR position stomp on the memory, ultimately causing
the boot to fail.

Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Baoquan He <bhe@redhat.com>
Cc: stable@vger.kernel.org
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20140911161931.GA12001@www.outflux.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/boot/compressed/aslr.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index fc6091a..d39189b 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
 static bool mem_avoid_overlap(struct mem_vector *img)
 {
 	int i;
+	struct setup_data *ptr;
 
 	for (i = 0; i < MEM_AVOID_MAX; i++) {
 		if (mem_overlaps(img, &mem_avoid[i]))
 			return true;
 	}
 
+	/* Avoid all entries in the setup_data linked list. */
+	ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
+	while (ptr) {
+		struct mem_vector avoid;
+
+		avoid.start = (u64)ptr;
+		avoid.size = sizeof(*ptr) + ptr->len;
+
+		if (mem_overlaps(img, &avoid))
+			return true;
+
+		ptr = (struct setup_data *)(unsigned long)ptr->next;
+	}
+
 	return false;
 }
 

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86, kaslr: avoid setup_data when picking location
  2014-09-11 16:19 [PATCH] x86, kaslr: avoid setup_data when picking location Kees Cook
  2014-09-19 11:49 ` [tip:x86/urgent] x86/kaslr: Avoid the setup_data area " tip-bot for Kees Cook
@ 2014-10-01 18:01 ` H. Peter Anvin
  2014-10-01 18:08   ` Kees Cook
  1 sibling, 1 reply; 5+ messages in thread
From: H. Peter Anvin @ 2014-10-01 18:01 UTC (permalink / raw)
  To: Kees Cook
  Cc: linux-kernel, Baoquan He, Vivek Goyal, Thomas Gleixner,
	Ingo Molnar, x86, Rafael J. Wysocki, Wei Yongjun, Pavel Machek

On 09/11/2014 09:19 AM, Kees Cook wrote:
> --- a/arch/x86/boot/compressed/aslr.c
> +++ b/arch/x86/boot/compressed/aslr.c
> @@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
>  static bool mem_avoid_overlap(struct mem_vector *img)
>  {
>  	int i;
> +	struct setup_data *ptr;
>  
>  	for (i = 0; i < MEM_AVOID_MAX; i++) {
>  		if (mem_overlaps(img, &mem_avoid[i]))
>  			return true;
>  	}
>  
> +	/* Avoid all entries in the setup_data linked list. */
> +	ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
> +	while (ptr) {
> +		struct mem_vector avoid;
> +
> +		avoid.start = (u64)ptr;
> +		avoid.size = sizeof(*ptr) + ptr->len;
> +
> +		if (mem_overlaps(img, &avoid))
> +			return true;
> +
> +		ptr = (struct setup_data *)(unsigned long)ptr->next;
> +	}
> +
>  	return false;
>  }
>  
> 

The use of (u64) in the assignment to avoid.start gives a nuisance
warning on 32 bits.

	-hpa


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86, kaslr: avoid setup_data when picking location
  2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
@ 2014-10-01 18:08   ` Kees Cook
  2014-10-01 18:13     ` H. Peter Anvin
  0 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2014-10-01 18:08 UTC (permalink / raw)
  To: H. Peter Anvin
  Cc: LKML, Baoquan He, Vivek Goyal, Thomas Gleixner, Ingo Molnar, x86,
	Rafael J. Wysocki, Wei Yongjun, Pavel Machek

On Wed, Oct 1, 2014 at 11:01 AM, H. Peter Anvin <hpa@zytor.com> wrote:
> On 09/11/2014 09:19 AM, Kees Cook wrote:
>> --- a/arch/x86/boot/compressed/aslr.c
>> +++ b/arch/x86/boot/compressed/aslr.c
>> @@ -183,12 +183,27 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
>>  static bool mem_avoid_overlap(struct mem_vector *img)
>>  {
>>       int i;
>> +     struct setup_data *ptr;
>>
>>       for (i = 0; i < MEM_AVOID_MAX; i++) {
>>               if (mem_overlaps(img, &mem_avoid[i]))
>>                       return true;
>>       }
>>
>> +     /* Avoid all entries in the setup_data linked list. */
>> +     ptr = (struct setup_data *)(unsigned long)real_mode->hdr.setup_data;
>> +     while (ptr) {
>> +             struct mem_vector avoid;
>> +
>> +             avoid.start = (u64)ptr;
>> +             avoid.size = sizeof(*ptr) + ptr->len;
>> +
>> +             if (mem_overlaps(img, &avoid))
>> +                     return true;
>> +
>> +             ptr = (struct setup_data *)(unsigned long)ptr->next;
>> +     }
>> +
>>       return false;
>>  }
>>
>>
>
> The use of (u64) in the assignment to avoid.start gives a nuisance
> warning on 32 bits.

Ah, good catch! This should be (unsigned long), I think. Shall I send
a follow-up patch, or do you want to fix this directly?

-Kees

-- 
Kees Cook
Chrome OS Security

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86, kaslr: avoid setup_data when picking location
  2014-10-01 18:08   ` Kees Cook
@ 2014-10-01 18:13     ` H. Peter Anvin
  0 siblings, 0 replies; 5+ messages in thread
From: H. Peter Anvin @ 2014-10-01 18:13 UTC (permalink / raw)
  To: Kees Cook
  Cc: LKML, Baoquan He, Vivek Goyal, Thomas Gleixner, Ingo Molnar, x86,
	Rafael J. Wysocki, Wei Yongjun, Pavel Machek

On 10/01/2014 11:08 AM, Kees Cook wrote:
>>
>> The use of (u64) in the assignment to avoid.start gives a nuisance
>> warning on 32 bits.
> 
> Ah, good catch! This should be (unsigned long), I think. Shall I send
> a follow-up patch, or do you want to fix this directly?
> 

Please do.

In theory it is possible for a bootloader to put an object above 4G even
for a 32-bit kernel, but that is likely to break any kind of other
things, so I'm not worried about it.  You don't need to worry about
avoiding such a zone, the problem is mostly that you can't follow the
list any further without adding PAE-handling code.

	-hpa



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-10-01 18:14 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-11 16:19 [PATCH] x86, kaslr: avoid setup_data when picking location Kees Cook
2014-09-19 11:49 ` [tip:x86/urgent] x86/kaslr: Avoid the setup_data area " tip-bot for Kees Cook
2014-10-01 18:01 ` [PATCH] x86, kaslr: avoid setup_data " H. Peter Anvin
2014-10-01 18:08   ` Kees Cook
2014-10-01 18:13     ` H. Peter Anvin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.