[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240220192144.2050167-2-jannh@google.com>
Date: Tue, 20 Feb 2024 20:21:42 +0100
From: Jann Horn <jannh@...gle.com>
To: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org
Cc: "H. Peter Anvin" <hpa@...or.com>,
linux-kernel@...r.kernel.org,
Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>
Subject: [PATCH 1/3] x86/boot: fix KASLR hashing to use full input
rotate_xor() currently ignores up to 7 bytes of input. That likely doesn't
really matter but it's still kinda wrong, so fix it.
Signed-off-by: Jann Horn <jannh@...gle.com>
---
arch/x86/boot/compressed/kaslr.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index dec961c6d16a..3ede59ad67eb 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -42,17 +42,30 @@ extern unsigned long get_cmd_line_ptr(void);
static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
+static unsigned long rotate_xor_one(unsigned long hash, unsigned long val)
+{
+ /* Rotate by odd number of bits and XOR. */
+ hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7);
+ hash ^= val;
+ return hash;
+}
+
static unsigned long rotate_xor(unsigned long hash, const void *area,
size_t size)
{
size_t i;
unsigned long *ptr = (unsigned long *)area;
+ unsigned long rest = 0;
+
+ for (i = 0; i < size / sizeof(hash); i++)
+ hash = rotate_xor_one(hash, ptr[i]);
- for (i = 0; i < size / sizeof(hash); i++) {
- /* Rotate by odd number of bits and XOR. */
- hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7);
- hash ^= ptr[i];
+ i = i * sizeof(hash);
+ for (; i < size; i++) {
+ rest <<= 8;
+ rest |= ((unsigned char *)area)[i];
}
+ hash = rotate_xor_one(hash, rest);
return hash;
}
--
2.44.0.rc0.258.g7320e95886-goog
Powered by blists - more mailing lists