Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933262AbbGGU1o (ORCPT ); Tue, 7 Jul 2015 16:27:44 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:16623 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757992AbbGGUUz (ORCPT ); Tue, 7 Jul 2015 16:20:55 -0400 From: Yinghai Lu To: Kees Cook , "H. Peter Anvin" , Baoquan He Cc: linux-kernel@vger.kernel.org, Yinghai Lu Subject: [PATCH 19/42] x86, kaslr: Allow random address could be below loaded address Date: Tue, 7 Jul 2015 13:20:05 -0700 Message-Id: <1436300428-21163-20-git-send-email-yinghai@kernel.org> X-Mailer: git-send-email 1.8.4.5 In-Reply-To: <1436300428-21163-1-git-send-email-yinghai@kernel.org> References: <1436300428-21163-1-git-send-email-yinghai@kernel.org> X-Source-IP: aserv0021.oracle.com [141.146.126.233] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2490 Lines: 73 Now new output buffer is always after current one. With correct tracking in mem_avoid, we can buffer below that. That would make sure when bootloader like patched grub2 or kexec have put output rather near the end of ram, we still can get random base below output. Now just pick 512M as min_addr. with this patch, will get: early console in decompress_kernel decompress_kernel: input: [0x13e9ee3b4-0x13f36b9df], output: [0x13c000000-0x13f394fff], heap: [0x13f376ac0-0x13f37eabf] boot via startup_64 KASLR using RDTSC... KASLR using RDTSC... new output: [0x6f000000-0x72394fff] Decompressing Linux... xz... Parsing ELF... Performing relocations... done. Booting the kernel. [ 0.000000] bootconsole [uart0] enabled [ 0.000000] Kernel Layout: [ 0.000000] .text: [0x6f000000-0x70096a9c] [ 0.000000] .rodata: [0x70200000-0x70a4efff] [ 0.000000] .data: [0x70c00000-0x70e4e9bf] [ 0.000000] .init: [0x70e50000-0x7120bfff] [ 0.000000] .bss: [0x71219000-0x7234efff] [ 0.000000] .brk: [0x7234f000-0x72374fff] Signed-off-by: Yinghai Lu --- arch/x86/boot/compressed/aslr.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c index 7c0e1da..a1535c1 100644 --- a/arch/x86/boot/compressed/aslr.c +++ b/arch/x86/boot/compressed/aslr.c @@ -403,7 +403,8 @@ void choose_kernel_location(unsigned char *input, unsigned long output_run_size, unsigned char **virt_offset) { - unsigned long random; + unsigned long random, min_addr; + *virt_offset = (unsigned char *)LOAD_PHYSICAL_ADDR; #ifdef CONFIG_HIBERNATION @@ -424,8 +425,13 @@ void choose_kernel_location(unsigned char *input, mem_avoid_init((unsigned long)input, input_size, (unsigned long)*output); + /* start from 512M */ + min_addr = (unsigned long)*output; + if (min_addr > (512UL<<20)) + min_addr = 512UL<<20; + /* Walk e820 and find a random address. */ - random = find_random_phy_addr((unsigned long)*output, output_run_size); + random = find_random_phy_addr(min_addr, output_run_size); if (!random) debug_putstr("KASLR could not find suitable E820 region...\n"); else { -- 1.8.4.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/