From: Thomas Garnier <thgarnie@google.com>
To: "H . Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@suse.de>,
Andy Lutomirski <luto@kernel.org>,
Thomas Garnier <thgarnie@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Dan Williams <dan.j.williams@intel.com>,
Kees Cook <keescook@chromium.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Seth Jennings <sjennings@variantweb.net>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Jonathan Corbet <corbet@lwn.net>,
Matt Fleming <matt@codeblueprint.co.uk>,
Toshi Kani <toshi.kani@hpe.com>,
Alexander Kuleshov <kuleshovmail@gmail.com>,
Alexander Popov <alpopov@ptsecurity.com>,
Joerg Roedel <jroedel@suse.de>, Dave Young <dyoung@redhat.com>,
Baoquan He <bhe@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Mark Salter <msalter@redhat.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, gthelen@google.com,
kernel-hardening@lists.openwall.com
Subject: [RFC v1 1/4] x86, boot: Refactor KASLR entropy functions
Date: Fri, 15 Apr 2016 15:03:10 -0700 [thread overview]
Message-ID: <1460757793-59020-2-git-send-email-thgarnie@google.com> (raw)
In-Reply-To: <1460757793-59020-1-git-send-email-thgarnie@google.com>
Move the KASLR entropy functions in x86/libray to be used in early
kernel boot for KASLR memory randomization.
Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
Based on next-20160413
---
arch/x86/boot/compressed/aslr.c | 76 +++------------------------------------
arch/x86/include/asm/kaslr.h | 6 ++++
arch/x86/lib/Makefile | 1 +
arch/x86/lib/kaslr.c | 79 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 91 insertions(+), 71 deletions(-)
create mode 100644 arch/x86/include/asm/kaslr.h
create mode 100644 arch/x86/lib/kaslr.c
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 6a9b96b..6584c0e 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -1,9 +1,5 @@
#include "misc.h"
-#include <asm/msr.h>
-#include <asm/archrandom.h>
-#include <asm/e820.h>
-
#include <generated/compile.h>
#include <linux/module.h>
#include <linux/uts.h>
@@ -14,26 +10,6 @@
static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
-#define I8254_PORT_CONTROL 0x43
-#define I8254_PORT_COUNTER0 0x40
-#define I8254_CMD_READBACK 0xC0
-#define I8254_SELECT_COUNTER0 0x02
-#define I8254_STATUS_NOTREADY 0x40
-static inline u16 i8254(void)
-{
- u16 status, timer;
-
- do {
- outb(I8254_PORT_CONTROL,
- I8254_CMD_READBACK | I8254_SELECT_COUNTER0);
- status = inb(I8254_PORT_COUNTER0);
- timer = inb(I8254_PORT_COUNTER0);
- timer |= inb(I8254_PORT_COUNTER0) << 8;
- } while (status & I8254_STATUS_NOTREADY);
-
- return timer;
-}
-
static unsigned long rotate_xor(unsigned long hash, const void *area,
size_t size)
{
@@ -50,7 +26,7 @@ static unsigned long rotate_xor(unsigned long hash, const void *area,
}
/* Attempt to create a simple but unpredictable starting entropy. */
-static unsigned long get_random_boot(void)
+static unsigned long get_boot_seed(void)
{
unsigned long hash = 0;
@@ -60,50 +36,6 @@ static unsigned long get_random_boot(void)
return hash;
}
-static unsigned long get_random_long(void)
-{
-#ifdef CONFIG_X86_64
- const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
-#else
- const unsigned long mix_const = 0x3f39e593UL;
-#endif
- unsigned long raw, random = get_random_boot();
- bool use_i8254 = true;
-
- debug_putstr("KASLR using");
-
- if (has_cpuflag(X86_FEATURE_RDRAND)) {
- debug_putstr(" RDRAND");
- if (rdrand_long(&raw)) {
- random ^= raw;
- use_i8254 = false;
- }
- }
-
- if (has_cpuflag(X86_FEATURE_TSC)) {
- debug_putstr(" RDTSC");
- raw = rdtsc();
-
- random ^= raw;
- use_i8254 = false;
- }
-
- if (use_i8254) {
- debug_putstr(" i8254");
- random ^= i8254();
- }
-
- /* Circular multiply for better bit diffusion */
- asm("mul %3"
- : "=a" (random), "=d" (raw)
- : "a" (random), "rm" (mix_const));
- random += raw;
-
- debug_putstr("...\n");
-
- return random;
-}
-
struct mem_vector {
unsigned long start;
unsigned long size;
@@ -111,7 +43,6 @@ struct mem_vector {
#define MEM_AVOID_MAX 5
static struct mem_vector mem_avoid[MEM_AVOID_MAX];
-
static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
{
/* Item at least partially before region. */
@@ -220,13 +151,16 @@ static void slots_append(unsigned long addr)
slots[slot_max++] = addr;
}
+#define KASLR_COMPRESSED_BOOT
+#include "../../lib/kaslr.c"
+
static unsigned long slots_fetch_random(void)
{
/* Handle case of no slots stored. */
if (slot_max == 0)
return 0;
- return slots[get_random_long() % slot_max];
+ return slots[kaslr_get_random_boot_long() % slot_max];
}
static void process_e820_entry(struct e820entry *entry,
diff --git a/arch/x86/include/asm/kaslr.h b/arch/x86/include/asm/kaslr.h
new file mode 100644
index 0000000..2ae1429
--- /dev/null
+++ b/arch/x86/include/asm/kaslr.h
@@ -0,0 +1,6 @@
+#ifndef _ASM_KASLR_H_
+#define _ASM_KASLR_H_
+
+unsigned long kaslr_get_random_boot_long(void);
+
+#endif
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index 72a5767..cfa6d07 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -24,6 +24,7 @@ lib-y += usercopy_$(BITS).o usercopy.o getuser.o putuser.o
lib-y += memcpy_$(BITS).o
lib-$(CONFIG_RWSEM_XCHGADD_ALGORITHM) += rwsem.o
lib-$(CONFIG_INSTRUCTION_DECODER) += insn.o inat.o
+lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o
obj-y += msr.o msr-reg.o msr-reg-export.o
diff --git a/arch/x86/lib/kaslr.c b/arch/x86/lib/kaslr.c
new file mode 100644
index 0000000..ffb22ba
--- /dev/null
+++ b/arch/x86/lib/kaslr.c
@@ -0,0 +1,79 @@
+#include <asm/kaslr.h>
+#include <asm/msr.h>
+#include <asm/archrandom.h>
+#include <asm/e820.h>
+#include <asm/io.h>
+
+/* Replace boot functions on library build */
+#ifndef KASLR_COMPRESSED_BOOT
+#include <asm/cpufeature.h>
+#include <asm/setup.h>
+
+#define debug_putstr(v)
+#define has_cpuflag(f) boot_cpu_has(f)
+#define get_boot_seed() kaslr_offset()
+#endif
+
+#define I8254_PORT_CONTROL 0x43
+#define I8254_PORT_COUNTER0 0x40
+#define I8254_CMD_READBACK 0xC0
+#define I8254_SELECT_COUNTER0 0x02
+#define I8254_STATUS_NOTREADY 0x40
+static inline u16 i8254(void)
+{
+ u16 status, timer;
+
+ do {
+ outb(I8254_PORT_CONTROL,
+ I8254_CMD_READBACK | I8254_SELECT_COUNTER0);
+ status = inb(I8254_PORT_COUNTER0);
+ timer = inb(I8254_PORT_COUNTER0);
+ timer |= inb(I8254_PORT_COUNTER0) << 8;
+ } while (status & I8254_STATUS_NOTREADY);
+
+ return timer;
+}
+
+unsigned long kaslr_get_random_boot_long(void)
+{
+#ifdef CONFIG_X86_64
+ const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
+#else
+ const unsigned long mix_const = 0x3f39e593UL;
+#endif
+ unsigned long raw, random = get_boot_seed();
+ bool use_i8254 = true;
+
+ debug_putstr("KASLR using");
+
+ if (has_cpuflag(X86_FEATURE_RDRAND)) {
+ debug_putstr(" RDRAND");
+ if (rdrand_long(&raw)) {
+ random ^= raw;
+ use_i8254 = false;
+ }
+ }
+
+ if (has_cpuflag(X86_FEATURE_TSC)) {
+ debug_putstr(" RDTSC");
+ raw = rdtsc();
+
+ random ^= raw;
+ use_i8254 = false;
+ }
+
+ if (use_i8254) {
+ debug_putstr(" i8254");
+ random ^= i8254();
+ }
+
+ /* Circular multiply for better bit diffusion */
+ asm("mul %3"
+ : "=a" (random), "=d" (raw)
+ : "a" (random), "rm" (mix_const));
+ random += raw;
+
+ debug_putstr("...\n");
+
+ return random;
+}
--
2.8.0.rc3.226.g39d4020
next prev parent reply other threads:[~2016-04-15 22:03 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-15 22:03 [RFC v1 0/4] x86, boot: KASLR memory implementation (x86_64) Thomas Garnier
2016-04-15 22:03 ` Thomas Garnier [this message]
2016-04-15 22:03 ` [RFC v1 2/4] x86, boot: PUD VA support for physical mapping (x86_64) Thomas Garnier
2016-04-15 22:03 ` [RFC v1 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64) Thomas Garnier
2016-04-18 14:46 ` Joerg Roedel
2016-04-18 14:56 ` Thomas Garnier
2016-04-18 19:01 ` H. Peter Anvin
2016-04-19 14:27 ` Joerg Roedel
2016-04-19 15:49 ` Thomas Garnier
2016-04-21 13:30 ` Boris Ostrovsky
2016-04-21 15:11 ` Thomas Garnier
2016-04-21 15:46 ` H. Peter Anvin
2016-04-21 15:52 ` Thomas Garnier
2016-04-21 20:15 ` H. Peter Anvin
2016-04-21 20:18 ` Thomas Garnier
2016-06-17 9:07 ` Ingo Molnar
2016-06-17 9:35 ` Ingo Molnar
2016-06-17 9:40 ` Ingo Molnar
2016-04-15 22:03 ` [RFC v1 4/4] x86, boot: Memory hotplug support for KASLR memory randomization Thomas Garnier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1460757793-59020-2-git-send-email-thgarnie@google.com \
--to=thgarnie@google.com \
--cc=alpopov@ptsecurity.com \
--cc=bhe@redhat.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@suse.de \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=gthelen@google.com \
--cc=hpa@zytor.com \
--cc=jroedel@suse.de \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kuleshovmail@gmail.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=msalter@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=sjennings@variantweb.net \
--cc=tglx@linutronix.de \
--cc=toshi.kani@hpe.com \
--cc=wangkefeng.wang@huawei.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).