lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160727081115.GB3009@nazgul.tnic>
Date:	Wed, 27 Jul 2016 10:11:15 +0200
From:	Borislav Petkov <bp@...e.de>
To:	Kees Cook <keescook@...omium.org>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Thomas Garnier <thgarnie@...gle.com>,
	Nicolai Stange <nicstange@...il.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>,
	Peter Zijlstra <peterz@...radead.org>,
	"linux-tip-commits@...r.kernel.org" 
	<linux-tip-commits@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH -v2 2/2] x86/microcode/intel: Fix initrd loading with
 CONFIG_RANDOMIZE_MEMORY

From: Borislav Petkov <bp@...e.de>

CONFIG_RANDOMIZE_MEMORY randomizes the physical memmap and thus the
address where the initrd is located. Therefore, we need to add the
offset KASLR put us to in order to find the initrd again on the AP path.

In the future, we will get rid of the initrd address caching and query
the address on both the BSP and AP paths but that would need more work.

Thanks to Nicolai Stange for the good bisection and debugging work.

Reported-and-tested-by: Nicolai Stange <nicstange@...il.com>
Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: Kees Cook <keescook@...omium.org>
---
 arch/x86/kernel/cpu/microcode/intel.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 6515c802346a..2a542b71d910 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -793,10 +793,10 @@ void __init load_ucode_intel_bsp(void)
 void load_ucode_intel_ap(void)
 {
 	struct ucode_blobs *blobs_p;
+	unsigned long *ptrs, start = 0;
 	struct mc_saved_data *mcs;
 	struct ucode_cpu_info uci;
 	enum ucode_state ret;
-	unsigned long *ptrs;
 
 #ifdef CONFIG_X86_32
 	mcs	= (struct mc_saved_data *)__pa_nodebug(&mc_saved_data);
@@ -815,8 +815,18 @@ void load_ucode_intel_ap(void)
 	if (!mcs->num_saved)
 		return;
 
+	if (blobs_p->valid) {
+		start = blobs_p->start;
+
+		/*
+		 * Pay attention to CONFIG_RANDOMIZE_MEMORY as it shuffles
+		 * physmem mapping too and there we have the initrd.
+		 */
+		start += (PAGE_OFFSET - __PAGE_OFFSET_BASE);
+	}
+
 	collect_cpu_info_early(&uci);
-	ret = load_microcode(mcs, ptrs, blobs_p->start, &uci);
+	ret = load_microcode(mcs, ptrs, start, &uci);
 	if (ret != UCODE_OK)
 		return;
 
-- 
2.8.4


-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ