lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240220192144.2050167-2-jannh@google.com>
Date: Tue, 20 Feb 2024 20:21:42 +0100
From: Jann Horn <jannh@...gle.com>
To: Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	x86@...nel.org
Cc: "H. Peter Anvin" <hpa@...or.com>,
	linux-kernel@...r.kernel.org,
	Kees Cook <keescook@...omium.org>,
	Jann Horn <jannh@...gle.com>
Subject: [PATCH 1/3] x86/boot: fix KASLR hashing to use full input

rotate_xor() currently ignores up to 7 bytes of input. That likely doesn't
really matter but it's still kinda wrong, so fix it.

Signed-off-by: Jann Horn <jannh@...gle.com>
---
 arch/x86/boot/compressed/kaslr.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index dec961c6d16a..3ede59ad67eb 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -42,17 +42,30 @@ extern unsigned long get_cmd_line_ptr(void);
 static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
 		LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
 
+static unsigned long rotate_xor_one(unsigned long hash, unsigned long val)
+{
+	/* Rotate by odd number of bits and XOR. */
+	hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7);
+	hash ^= val;
+	return hash;
+}
+
 static unsigned long rotate_xor(unsigned long hash, const void *area,
 				size_t size)
 {
 	size_t i;
 	unsigned long *ptr = (unsigned long *)area;
+	unsigned long rest = 0;
+
+	for (i = 0; i < size / sizeof(hash); i++)
+		hash = rotate_xor_one(hash, ptr[i]);
 
-	for (i = 0; i < size / sizeof(hash); i++) {
-		/* Rotate by odd number of bits and XOR. */
-		hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7);
-		hash ^= ptr[i];
+	i = i * sizeof(hash);
+	for (; i < size; i++) {
+		rest <<= 8;
+		rest |= ((unsigned char *)area)[i];
 	}
+	hash = rotate_xor_one(hash, rest);
 
 	return hash;
 }
-- 
2.44.0.rc0.258.g7320e95886-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ