[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1367003005-5560-6-git-send-email-keescook@chromium.org>
Date: Fri, 26 Apr 2013 12:03:24 -0700
From: Kees Cook <keescook@...omium.org>
To: linux-kernel@...r.kernel.org
Cc: kernel-hardening@...ts.openwall.com, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
x86@...nel.org, Jarkko Sakkinen <jarkko.sakkinen@...el.com>,
Matthew Garrett <mjg@...hat.com>,
Matt Fleming <matt.fleming@...el.com>,
Eric Northup <digitaleric@...gle.com>,
Dan Rosenberg <drosenberg@...curity.com>,
Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org>,
Kees Cook <keescook@...omium.org>
Subject: [PATCH 5/6] x86: kaslr: select memory region from e820 maps
This chooses the largest contiguous RAM region for the KASLR offset
to live in.
Signed-off-by: Kees Cook <keescook@...omium.org>
---
v2:
- make sure to exclude e820 regions outside the 32-bit memory range.
---
arch/x86/boot/compressed/aslr.c | 47 ++++++++++++++++++++++++++++++++++-----
1 file changed, 41 insertions(+), 6 deletions(-)
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 4647e3f..3d3789e 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -2,6 +2,7 @@
#ifdef CONFIG_RANDOMIZE_BASE
#include <asm/msr.h>
+#include <asm/e820.h>
#include <asm/archrandom.h>
static inline int rdrand(unsigned long *v)
@@ -48,28 +49,62 @@ static unsigned long get_random_long(void)
return 0;
}
+int largest_ram_region(unsigned long *start, unsigned long *size)
+{
+ int i, rc = 0;
+
+ *size = 0;
+ for (i = 0; i < real_mode->e820_entries; i++) {
+ struct e820entry *entry = &real_mode->e820_map[i];
+
+ if (entry->type != E820_RAM)
+ continue;
+
+ /* XXX: Handle arbitrary physical location. */
+ if (entry->addr > UINT_MAX)
+ continue;
+
+ if (entry->size > *size) {
+ *size = entry->size;
+ *start = entry->addr;
+ rc = 1;
+ }
+ }
+ return rc;
+}
+
unsigned char *choose_kernel_location(unsigned char *hint, unsigned long size)
{
unsigned char *choice = hint;
unsigned long random, mask;
+ unsigned long addr, length;
if (cmdline_find_option_bool("noaslr")) {
debug_putstr("KASLR disabled...\n");
goto out;
}
+ /* Find an appropriate E820 entry. */
+ if (!largest_ram_region(&addr, &length)) {
+ debug_putstr("KASLR could not find suitable E820 region...\n");
+ goto out;
+ }
+
random = get_random_long();
- /* Clip off top of the range. */
+ /* XXX: Rework page tables to handle arbitrary physical location. */
mask = CONFIG_RANDOMIZE_BASE_MAX_OFFSET - 1;
random &= mask;
- /* XXX: Find an appropriate E820 hole, instead of adding hint. */
- random += (unsigned long)hint;
+ /* Clip to E820 entry size. */
+ while (random > length)
+ random >>= 1;
+
+ /* Offset the target. */
+ random += addr;
- /* XXX: Clip to E820 hole, instead of just using hint. */
- mask = (unsigned long)hint + CONFIG_RANDOMIZE_BASE_MAX_OFFSET;
- while (random + size > mask)
+ /* Clip end to E820 entry size. */
+ while (random + size > addr + length)
random >>= 1;
/* Clip off bottom of range (via alignment). */
--
1.7.9.5
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
