| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Oct 2020 17:39:16 -0700 From: Junaid Shahid <junaids@...gle.com> To: dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org Cc: linux-kernel@...r.kernel.org Subject: [PATCH] x86/mm/KASLR: Account for minimum padding when calculating entropy Subtract the minimum padding between regions from the initial remain_entropy. Without this, the last region could potentially overflow past vaddr_end if we happen to get a specific sequence of random numbers (although extremely unlikely in practice). The bug can be demonstrated by replacing the prandom_bytes_state call with "rand = entropy;" Signed-off-by: Junaid Shahid <junaids@...gle.com> --- arch/x86/mm/kaslr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 6e6b39710e5f..fe3eec30f736 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -109,7 +109,8 @@ void __init kernel_randomize_memory(void) kaslr_regions[2].size_tb = DIV_ROUND_UP(vmemmap_size, 1UL << TB_SHIFT); /* Calculate entropy available between regions */ - remain_entropy = vaddr_end - vaddr_start; + remain_entropy = vaddr_end - vaddr_start - + (ARRAY_SIZE(kaslr_regions) - 1) * PUD_SIZE; for (i = 0; i < ARRAY_SIZE(kaslr_regions); i++) remain_entropy -= get_padding(&kaslr_regions[i]); -- 2.29.0.rc2.309.g374f81d7ae-goog
Powered by blists - more mailing lists