lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1499955578-13393-1-git-send-email-bhe@redhat.com>
Date:   Thu, 13 Jul 2017 22:19:34 +0800
From:   Baoquan He <bhe@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, keescook@...omium.org, matt@...eblueprint.co.uk,
        tglx@...utronix.de, mingo@...nel.org, hpa@...or.com,
        izumi.taku@...fujitsu.com, fanc.fnst@...fujitsu.com,
        thgarnie@...gle.com, n-horiguchi@...jp.nec.com,
        Baoquan He <bhe@...hat.com>
Subject: [PATCH v5 0/4] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

Our customer reported that Kernel text may be located on non-mirror
region (movable zone) when both address range mirroring feature and
KASLR are enabled.

The functions of address range mirroring feature are as follows.
- The physical memory region whose descriptors in EFI memory map have
  EFI_MEMORY_MORE_RELIABLE attribute (bit: 16) are mirrored
- The function arranges such mirror region into normal zone and other region
  into movable zone in order to locate kernel code and data on mirror region

So we need restrict kernel to be located inside mirror regions if it
is existed.

The method is very simple. If efi is enabled, just iterate all efi
memory map and pick mirror region to process for adding candidate
of slot. No matter how many mirror regions or what size of mirror region
are found, as long as mirror region is found, we won't enter into e820
processing code though mirror region might not big enough to provide
different position for kernel. If efi disabled or no mirror region
existed, still process e820 memory map. This won't bring much efficiency
loss, at worst we just go through all efi memory maps and found no mirror.

Changelog:
v4->v5:
  Refactor process_efi_entries code according to Kees's suggestion. 

v3->v4:
  Rearrange the old patch 1/2 to make it be done in three steps for
  easier review addcording to Kees's suggestion.

v2->v3:
  Put process_efi_entry invocation inside the #ifdef CONFIG_EFI according
  to tglx's suggestion. Since the efi related code is meaningful only if
  CONFIG_EFI=y.

v1->v2:
  Removed debug code.

  Taku suggested that we should put kernel to mirrored region always
  whether or not "kernelcore=mirror" is specified since kernel text is
  important and mirrored region is reliable.

  Change code according to kbuild report and Chao Fan's comment.

Baoquan He (4):
  x86/boot/KASLR: Wrap e820 entries walking code into new function
    process_e820_entries()
  x86/boot/KASLR: Switch to pass struct mem_vector to
    process_e820_entry()
  x86/boot/KASLR: Rename process_e820_entry() into process_mem_region()
  x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

 arch/x86/boot/compressed/kaslr.c | 125 ++++++++++++++++++++++++++++++---------
 1 file changed, 98 insertions(+), 27 deletions(-)

-- 
2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ