lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 26 Apr 2017 18:39:20 +0800
From:   Baoquan He <bhe@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     mingo@...hat.com, keescook@...omium.org, thgarnie@...gle.com,
        dyoung@...hat.com, xlpang@...hat.com, Baoquan He <bhe@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>, x86@...nel.org,
        Yinghai Lu <yinghai@...nel.org>, Borislav Petkov <bp@...e.de>,
        Dave Jiang <dave.jiang@...el.com>
Subject: [PATCH 2/2] x86/KASLR: Use old ident map page table if physical randomization failed

Dave found when kdump kernel will reset to bios immediately if kaslr
is enabled and physical randomization failed to faind a new position
for kernel. But nokaslr works in this case.

The reason is kaslr will install a new page table for ident mapping,
while it missed to consider building ident mapping for original area
of kernel if kaslr failed on physical randomization.

In fact bootloaders including kexec/kdump have built ident mapping
for original place of kernel. We can only install new ident mapping
page table when physical kaslr succeeds. Otherwise we just keep the
old page table unchanged just like nokaslr does.

Signed-off-by: Baoquan He <bhe@...hat.com>
Signed-off-by: Dave Young <dyoung@...hat.com>
Cc: "H. Peter Anvin" <hpa@...or.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: x86@...nel.org
Cc: Kees Cook <keescook@...omium.org>
Cc: Yinghai Lu <yinghai@...nel.org>
Cc: Borislav Petkov <bp@...e.de>
Cc: Dave Jiang <dave.jiang@...el.com>
Cc: Thomas Garnier <thgarnie@...gle.com>
---
 arch/x86/boot/compressed/kaslr.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index e5eb0c3..7a8b443 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -650,10 +650,16 @@ void choose_random_location(unsigned long input,
 			add_identity_map(random_addr, output_size);
 			*output = random_addr;
 		}
+
+		/*
+		 * This actually loads the identity pagetable on x86_64.
+		 * And this should only be done only if a new position
+		 * is found. Otherwise we should keep the old page table
+		 * to make it be like nokaslr case.
+		 */
+		finalize_identity_maps();
 	}
 
-	/* This actually loads the identity pagetable on x86_64. */
-	finalize_identity_maps();
 
 	/* Pick random virtual address starting from LOAD_PHYSICAL_ADDR. */
 	if (IS_ENABLED(CONFIG_X86_64))
-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ