From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754668AbdDQNf7 (ORCPT ); Mon, 17 Apr 2017 09:35:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41552 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753347AbdDQNfb (ORCPT ); Mon, 17 Apr 2017 09:35:31 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 2C55C37EE1 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=bhe@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 2C55C37EE1 From: Baoquan He To: linux-kernel@vger.kernel.org Cc: keescook@chromium.org, dave.jiang@intel.com, dan.j.williams@intel.com, hpa@zytor.com, tglx@linutronix.de, mingo@kernel.org, dyoung@redhat.com, Baoquan He , Ingo Molnar , x86@kernel.org, Yinghai Lu , Borislav Petkov Subject: [PATCH 3/4] KASLR: Handle memory limit specified by memmap and mem option Date: Mon, 17 Apr 2017 21:34:58 +0800 Message-Id: <1492436099-4017-4-git-send-email-bhe@redhat.com> In-Reply-To: <1492436099-4017-1-git-send-email-bhe@redhat.com> References: <1492436099-4017-1-git-send-email-bhe@redhat.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 17 Apr 2017 13:35:31 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Option mem= will limit the max address system can use. Any memory region above the limit will be removed. And memmap=nn[KMG] which has no offset specified has the same behaviour as mem=. KASLR need consider this when choose the random position for decompressing kernel. Do it in this patch. Signed-off-by: Baoquan He Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Ingo Molnar Cc: x86@kernel.org Cc: Kees Cook Cc: Yinghai Lu Cc: Borislav Petkov --- arch/x86/boot/compressed/kaslr.c | 53 +++++++++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 11 deletions(-) diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 36ab429..5361abd 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -67,6 +67,10 @@ int mem_avoid_memmap_index; extern unsigned long get_cmd_line_ptr(void); +/* Store memory limit specified by "mem=nn[KMG]" or "memmap=nn[KMG]" */ +unsigned long long mem_limit = ULLONG_MAX; + + enum mem_avoid_index { MEM_AVOID_ZO_RANGE = 0, MEM_AVOID_INITRD, @@ -117,15 +121,18 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size) return -EINVAL; switch (*p) { - case '@': - /* Skip this region, usable */ - *size = 0; - *start = 0; case '#': case '$': case '!': *start = memparse(p + 1, &p); return 0; + case '@': + /* Skip this region, usable */ + *size = 0; + default: + /* Avoid the region which is above the amount limit */ + *start = 0; + return 0; } return -EINVAL; @@ -151,9 +158,14 @@ static void mem_avoid_memmap(char *str) if (rc < 0) break; str = k; - /* A usable region that should not be skipped */ - if (size == 0) + + if (start == 0) { + /* Store the specified memory limit if size > 0 */ + if (size > 0) + mem_limit = size; + continue; + } mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].start = start; mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size; @@ -173,6 +185,7 @@ static int handle_mem_memmap(void) char tmp_cmdline[COMMAND_LINE_SIZE]; size_t len = strlen((char *)args); char *param, *val; + u64 mem_size; len = (len >= COMMAND_LINE_SIZE) ? COMMAND_LINE_SIZE - 1 : len; memcpy(tmp_cmdline, args, len); @@ -195,8 +208,18 @@ static int handle_mem_memmap(void) return -1; } - if (!strcmp(param, "memmap")) + if (!strcmp(param, "memmap")) { mem_avoid_memmap(val); + } else if (!strcmp(param, "mem")) { + char *p = val; + + if (!strcmp(p, "nopentium")) + continue; + mem_size = memparse(p, &p); + if (mem_size == 0) + return -EINVAL; + mem_limit = mem_size; + } } return 0; @@ -432,7 +455,8 @@ static void process_e820_entry(struct e820entry *entry, { struct mem_vector region, overlap; struct slot_area slot_area; - unsigned long start_orig; + unsigned long start_orig, end; + struct e820entry cur_entry; /* Skip non-RAM entries. */ if (entry->type != E820_RAM) @@ -446,8 +470,15 @@ static void process_e820_entry(struct e820entry *entry, if (entry->addr + entry->size < minimum) return; - region.start = entry->addr; - region.size = entry->size; + /* Ignore entries above memory limit */ + end = min(entry->size + entry->addr - 1, mem_limit); + if (entry->addr >= end) + return; + cur_entry.addr = entry->addr; + cur_entry.size = end - entry->addr + 1; + + region.start = cur_entry.addr; + region.size = cur_entry.size; /* Give up if slot area array is full. */ while (slot_area_index < MAX_SLOT_AREA) { @@ -461,7 +492,7 @@ static void process_e820_entry(struct e820entry *entry, region.start = ALIGN(region.start, CONFIG_PHYSICAL_ALIGN); /* Did we raise the address above this e820 region? */ - if (region.start > entry->addr + entry->size) + if (region.start > cur_entry.addr + cur_entry.size) return; /* Reduce size by any delta from the original address. */ -- 2.5.5