| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jun 2016 05:23:46 -0700
From: tip-bot for Yinghai Lu <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: keescook@...omium.org, dvyukov@...gle.com, tglx@...utronix.de,
jpoimboe@...hat.com, hpa@...or.com, torvalds@...ux-foundation.org,
dvlasenk@...hat.com, luto@...nel.org, yinghai@...nel.org,
peterz@...radead.org, hjl.tools@...il.com, mingo@...nel.org,
akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
bhe@...hat.com, brgerst@...il.com, aryabinin@...tuozzo.com,
bp@...en8.de
Subject: [tip:x86/boot] x86/KASLR: Allow randomization below the load
address
Commit-ID: 00bdbb0a0d6e5c7235cb8faa298c9f494e088499
Gitweb: http://git.kernel.org/tip/00bdbb0a0d6e5c7235cb8faa298c9f494e088499
Author: Yinghai Lu <yinghai@...nel.org>
AuthorDate: Wed, 25 May 2016 15:45:34 -0700
Committer: Ingo Molnar <mingo@...nel.org>
CommitDate: Fri, 17 Jun 2016 11:03:49 +0200
x86/KASLR: Allow randomization below the load address
Currently the kernel image physical address randomization's lower
boundary is the original kernel load address.
For bootloaders that load kernels into very high memory (e.g. kexec),
this means randomization takes place in a very small window at the
top of memory, ignoring the large region of physical memory below
the load address.
Since mem_avoid[] is already correctly tracking the regions that must be
avoided, this patch changes the minimum address to whatever is less:
512M (to conservatively avoid unknown things in lower memory) or the
load address. Now, for example, if the kernel is loaded at 8G, [512M,
8G) will be added to the list of possible physical memory positions.
Signed-off-by: Yinghai Lu <yinghai@...nel.org>
[ Rewrote the changelog, refactored the code to use min(). ]
Signed-off-by: Kees Cook <keescook@...omium.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Baoquan He <bhe@...hat.com>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: H.J. Lu <hjl.tools@...il.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Link: http://lkml.kernel.org/r/1464216334-17200-6-git-send-email-keescook@chromium.org
[ Edited the changelog some more, plus the code comment as well. ]
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
arch/x86/boot/compressed/kaslr.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 36e2811..749c9e0 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -492,7 +492,7 @@ void choose_random_location(unsigned long input,
unsigned long output_size,
unsigned long *virt_addr)
{
- unsigned long random_addr;
+ unsigned long random_addr, min_addr;
/* By default, keep output position unchanged. */
*virt_addr = *output;
@@ -510,8 +510,15 @@ void choose_random_location(unsigned long input,
/* Record the various known unsafe memory ranges. */
mem_avoid_init(input, input_size, *output);
+ /*
+ * Low end of the randomization range should be the
+ * smaller of 512M or the initial kernel image
+ * location:
+ */
+ min_addr = min(*output, 512UL << 20);
+
/* Walk e820 and find a random address. */
- random_addr = find_random_phys_addr(*output, output_size);
+ random_addr = find_random_phys_addr(min_addr, output_size);
if (!random_addr) {
warn("KASLR disabled: could not find suitable E820 region!");
} else {
Powered by blists - more mailing lists