| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jan 2019 17:40:02 +0100
From: Julian Stecklina <js@...en8.de>
To: x86@...nel.org
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
hpa@...or.com, linux-kernel@...r.kernel.org, jschoenh@...zon.de,
Julian Stecklina <jsteckli@...zon.de>
Subject: [PATCH 1/2] x86/boot: fix KASL when memmap range manipulation is used
From: Julian Stecklina <jsteckli@...zon.de>
When the user passes a memmap=<size>%<offset>-<oldtype>+<newtype>
parameter to the kernel to reclassify some memory, this information is
ignored during the randomization of the kernel base address. This in
turn leads to cases where the kernel is unpacked to memory regions that
the user marked as reserved.
Fix this situation to avoid any memory region for KASLR that is
reclassified.
Fixes: ef61f8a340fd6d49df6b367785743febc47320c1 ("x86/boot/e820: Implement a range manipulation operator")
Signed-off-by: Julian Stecklina <jsteckli@...zon.de>
---
arch/x86/boot/compressed/kaslr.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 9ed9709..5657e34 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -155,6 +155,12 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
case '#':
case '$':
case '!':
+ /*
+ * % would need some more complex parsing, because regions might
+ * actually become usable for KASLR, but the simple way of
+ * ignoring anything that is mentioned in % works for now.
+ */
+ case '%':
*start = memparse(p + 1, &p);
return 0;
case '@':
--
2.7.4
Powered by blists - more mailing lists