From: Baoquan He <bhe@redhat.com>
To: mingo@kernel.org, linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de, hpa@zytor.com, Baoquan He <bhe@redhat.com>
Subject: [PATCH v2 1/2] x86/boot/KASLR: Add checking for the offset of kernel virtual address randomization
Date: Tue, 27 Jun 2017 20:39:05 +0800
Message-ID: <1498567146-11990-2-git-send-email-bhe@redhat.com> (raw)
In-Reply-To: <1498567146-11990-1-git-send-email-bhe@redhat.com>
For kernel text KASLR, the virtual address is confined to area of 1G,
[0xffffffff80000000, 0xffffffffc0000000). For the implemenataion of
virtual address randomization, we only randomize to get an offset
between 16M and 1G, then add this offset to the starting address,
0xffffffff80000000. Here 16M is the offset which is decided at linking
stage. So the amount of the local variable 'virt_addr' which respresents
the offset plus the kernel output size can not exceed KERNEL_IMAGE_SIZE.
Add a judgement to check the offset. If out of bounds, print error
message and hang there.
Suggested-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Baoquan He <bhe@redhat.com>
---
arch/x86/boot/compressed/misc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index b3c5a5f030ce..6008fa9b74d9 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -390,6 +390,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap,
#ifdef CONFIG_X86_64
if (heap > 0x3fffffffffffUL)
error("Destination address too large");
+ if (virt_addr + max(output_len, kernel_total_size) > KERNEL_IMAGE_SIZE)
+ error("Destination virtual address is beyond the kernel mapping area");
#else
if (heap > ((-__PAGE_OFFSET-(128<<20)-1) & 0x7fffffff))
error("Destination address too large");
--
2.5.5
next prev parent reply index
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-27 12:39 [PATCH v2 0/2] x86/boot/KASLR: Code bug fix about " Baoquan He
2017-06-27 12:39 ` Baoquan He [this message]
2017-06-30 13:07 ` [tip:x86/urgent] x86/boot/KASLR: Add checking for the offset of " tip-bot for Baoquan He
2017-06-27 12:39 ` [PATCH v2 2/2] x86/boot/KASLR: Fix the wrong assignment to 'virt_addr' Baoquan He
2017-06-30 13:08 ` [tip:x86/urgent] x86/boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug tip-bot for Baoquan He
2017-06-30 6:14 ` [PATCH v2 0/2] x86/boot/KASLR: Code bug fix about kernel virtual address randomization Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1498567146-11990-2-git-send-email-bhe@redhat.com \
--to=bhe@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git