lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1548866403-13390-1-git-send-email-js@alien8.de>
Date:   Wed, 30 Jan 2019 17:40:02 +0100
From:   Julian Stecklina <js@...en8.de>
To:     x86@...nel.org
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        hpa@...or.com, linux-kernel@...r.kernel.org, jschoenh@...zon.de,
        Julian Stecklina <jsteckli@...zon.de>
Subject: [PATCH 1/2] x86/boot: fix KASL when memmap range manipulation is used

From: Julian Stecklina <jsteckli@...zon.de>

When the user passes a memmap=<size>%<offset>-<oldtype>+<newtype>
parameter to the kernel to reclassify some memory, this information is
ignored during the randomization of the kernel base address. This in
turn leads to cases where the kernel is unpacked to memory regions that
the user marked as reserved.

Fix this situation to avoid any memory region for KASLR that is
reclassified.

Fixes: ef61f8a340fd6d49df6b367785743febc47320c1 ("x86/boot/e820: Implement a range manipulation operator")

Signed-off-by: Julian Stecklina <jsteckli@...zon.de>
---
 arch/x86/boot/compressed/kaslr.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 9ed9709..5657e34 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -155,6 +155,12 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
 	case '#':
 	case '$':
 	case '!':
+		/*
+		 * % would need some more complex parsing, because regions might
+		 * actually become usable for KASLR, but the simple way of
+		 * ignoring anything that is mentioned in % works for now.
+		 */
+	case '%':
 		*start = memparse(p + 1, &p);
 		return 0;
 	case '@':
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ