lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAE9FiQW_ZMzRh4C5nEaU6LNBUN+ATL8wqDmJ+Kmq5Ga0+v-_qw@mail.gmail.com>
Date:	Wed, 15 Jun 2016 16:23:33 -0700
From:	Yinghai Lu <yinghai@...nel.org>
To:	Kees Cook <keescook@...omium.org>
Cc:	Ingo Molnar <mingo@...hat.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	"the arch/x86 maintainers" <x86@...nel.org>,
	Baoquan He <bhe@...hat.com>, Borislav Petkov <bp@...e.de>,
	Andy Lutomirski <luto@...nel.org>,
	Thomas Garnier <thgarnie@...gle.com>
Subject: Re: [PATCH v10] x86/KASLR: Clarify identity map interface

On Wed, Jun 15, 2016 at 12:03 PM, Kees Cook <keescook@...omium.org> wrote:
> index cfeb0259ed81..03a6f5d85a6b 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -485,6 +485,9 @@ unsigned char *choose_random_location(unsigned long input,
>
>         boot_params->hdr.loadflags |= KASLR_FLAG;
>
> +       /* Prepare to add new identity pagetables on demand. */
> +       initialize_identity_maps();
> +
>         /* Record the various known unsafe memory ranges. */
>         mem_avoid_init(input, input_size, output);
>
...
>
> -       /* Make sure we have a top level page table ready to use. */
> -       if (!level4p)
> -               prepare_level4();
> -
>         /* Align boundary to 2M. */
>         start = round_down(start, PMD_SIZE);
>         end = round_up(end, PMD_SIZE);

it is good to avoid that checking.

BTW, can you continue simplify mem_avoid_init() ?
something like:

Index: linux-2.6/arch/x86/boot/compressed/kaslr.c
===================================================================
--- linux-2.6.orig/arch/x86/boot/compressed/kaslr.c
+++ linux-2.6/arch/x86/boot/compressed/kaslr.c
@@ -122,16 +122,6 @@ struct mem_vector {
        unsigned long size;
 };

-enum mem_avoid_index {
-       MEM_AVOID_ZO_RANGE = 0,
-       MEM_AVOID_INITRD,
-       MEM_AVOID_CMDLINE,
-       MEM_AVOID_BOOTPARAMS,
-       MEM_AVOID_MAX,
-};
-
-static struct mem_vector mem_avoid[MEM_AVOID_MAX];
-
 static bool mem_contains(struct mem_vector *region, struct mem_vector *item)
 {
        /* Item at least partially before region. */
@@ -154,6 +144,25 @@ static bool mem_overlaps(struct mem_vect
        return true;
 }

+#define MEM_AVOID_MAX 4
+static int avoid_count;
+static struct mem_vector mem_avoid[MEM_AVOID_MAX];
+static void mem_avoid_add_map(unsigned long start, unsigned long size,
+                               int add_map)
+{
+       if (avoid_count >= ARRAY_SIZE(mem_avoid)) {
+               warn("KASLR disabled: mem_avoid too small");
+               return;
+       mem_avoid[avoid_count].start = start;
+       mem_avoid[avoid_count].size = size;
+       if (add_map)
+               add_identity_map(start, size);
+
+       avoid_count++;
+}
+
 /*
  * In theory, KASLR can put the kernel anywhere in the range of [16M, 64T).
  * The mem_avoid array is used to store the ranges that need to be avoided
@@ -240,19 +249,15 @@ static void mem_avoid_init(unsigned long
         * Avoid the region that is unsafe to overlap during
         * decompression.
         */
-       mem_avoid[MEM_AVOID_ZO_RANGE].start = input;
-       mem_avoid[MEM_AVOID_ZO_RANGE].size = (output + init_size) - input;
-       add_identity_map(mem_avoid[MEM_AVOID_ZO_RANGE].start,
-                        mem_avoid[MEM_AVOID_ZO_RANGE].size);
+       mem_avoid_add_map(input, (output + init_size) - input, 1);

        /* Avoid initrd. */
        initrd_start  = (u64)boot_params->ext_ramdisk_image << 32;
        initrd_start |= boot_params->hdr.ramdisk_image;
        initrd_size  = (u64)boot_params->ext_ramdisk_size << 32;
        initrd_size |= boot_params->hdr.ramdisk_size;
-       mem_avoid[MEM_AVOID_INITRD].start = initrd_start;
-       mem_avoid[MEM_AVOID_INITRD].size = initrd_size;
        /* No need to set mapping for initrd, it will be handled in VO. */
+       mem_avoid_add_map(initrd_start, initrd_size, 0);

        /* Avoid kernel command line. */
        cmd_line  = (u64)boot_params->ext_cmd_line_ptr << 32;
@@ -261,16 +266,10 @@ static void mem_avoid_init(unsigned long
        ptr = (char *)(unsigned long)cmd_line;
        for (cmd_line_size = 0; ptr[cmd_line_size++]; )
                ;
-       mem_avoid[MEM_AVOID_CMDLINE].start = cmd_line;
-       mem_avoid[MEM_AVOID_CMDLINE].size = cmd_line_size;
-       add_identity_map(mem_avoid[MEM_AVOID_CMDLINE].start,
-                        mem_avoid[MEM_AVOID_CMDLINE].size);
+       mem_avoid_add_map(cmd_line, cmd_line_size, 1);

        /* Avoid boot parameters. */
-       mem_avoid[MEM_AVOID_BOOTPARAMS].start = (unsigned long)boot_params;
-       mem_avoid[MEM_AVOID_BOOTPARAMS].size = sizeof(*boot_params);
-       add_identity_map(mem_avoid[MEM_AVOID_BOOTPARAMS].start,
-                        mem_avoid[MEM_AVOID_BOOTPARAMS].size);
+       mem_avoid_add_map((unsigned long)boot_params, sizeof(*boot_params), 1);

        /* We don't need to set a mapping for setup_data. */

@@ -292,7 +291,7 @@ static bool mem_avoid_overlap(struct mem
        unsigned long earliest = img->start + img->size;
        bool is_overlapping = false;

-       for (i = 0; i < MEM_AVOID_MAX; i++) {
+       for (i = 0; i < avoid_count; i++) {
                if (mem_overlaps(img, &mem_avoid[i]) &&
                    mem_avoid[i].start < earliest) {
                        *overlap = mem_avoid[i];

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ