Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp124951ima; Fri, 1 Feb 2019 00:22:42 -0800 (PST) X-Google-Smtp-Source: AHgI3Ia6WYmouhzXbdA2FvI7c7lQueaSMfjL9moGRMKdFz5yjKW5C+beG8Ze2sExp13OTfbZvct7 X-Received: by 2002:a63:cd4c:: with SMTP id a12mr1277469pgj.252.1549009362896; Fri, 01 Feb 2019 00:22:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549009362; cv=none; d=google.com; s=arc-20160816; b=qRV+PG18aU0H8KirN9ZPSzo8YqJ3xWzp11nyL/OL4Mrl80wBBEL00VqgkicSq5Qq4e ZGmQqudlCJs9IBsDZqQOjwZ9Ay1VG4KpTBv/2F/Q/IVBLq6swL0w/gwdTKpL0yghePGQ xRmgsM8uBbRDeLOQH/kmhRyqSWA/b0XIP4o+rZ/x8BLltnp5RwsnRvUweNRQjT0l+uN+ LjmhfNVrnnlXYB+JxBoLT3pLSOncjbxV6fy15iU5/l6V6n3zi2A04Bb7X+ZrUuA+FPLR P2HUgEO1Km4dqGNwZIbIAFJa3OQXDRZPW3nrSy3LOVFDvB4VSvjMmlfrcSPDfrgU+Yzn rUsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=mgB+ne7YaDqvuaI0shIQeHIQYQ8Rfap5CVwqUaZPmXI=; b=JGubos+wXVAZo5tlw0Jp9qaDjatF5KoW5xNvh5zZjCh4yiqWzSaYwSzb1oAFQNXgc3 v+PZv9QZJcIce16lQu3/hGn6z2pYpwZgpQk9DOohYpJHQ2oz6bor70ehEi0TIZyaV+bI TeIympYxt7XC9DmeS5cohsan1hAciZOKofjW3o5PHAA5BqkGtVHd8y7sObUVNrQ58NrW MTyKvsg4u+a1stbObW/uMYYFEr80IejEMZswxX27FNUCoQEN1lx3nBYS2G65XCFUmGwK gdg49oYdyojo3FHbYL56EEjUtZ0Jup4T6FR8VH0GqneqTgFRNDtUf3O3mV/YHWNpa1qq WBLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=j4cFZzHA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j3si6715733plk.199.2019.02.01.00.22.27; Fri, 01 Feb 2019 00:22:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=j4cFZzHA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728717AbfBAIUi (ORCPT + 99 others); Fri, 1 Feb 2019 03:20:38 -0500 Received: from mail-ua1-f68.google.com ([209.85.222.68]:36596 "EHLO mail-ua1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727356AbfBAIUi (ORCPT ); Fri, 1 Feb 2019 03:20:38 -0500 Received: by mail-ua1-f68.google.com with SMTP id j3so1957724uap.3 for ; Fri, 01 Feb 2019 00:20:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mgB+ne7YaDqvuaI0shIQeHIQYQ8Rfap5CVwqUaZPmXI=; b=j4cFZzHAhlDpDSdtZLIQ2K99O06woPbCnnwWy1iR+veXkNZSzOcNjpGM615b2kmqeq 9CZyRl+usxEXTWDe6voi3EDnqIwcW8EqPUE+Dcd1RPH1FiPjJ/9nH/z1OTG7WJKUvdmu 6Kye1f1KqzThiHASg7+zY2u7H1bRvcw6jJpV8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mgB+ne7YaDqvuaI0shIQeHIQYQ8Rfap5CVwqUaZPmXI=; b=C/Jg+/9MDmDyI3hWmtcQqs4cj5H9wmqM+m1iOGMkmOUr81Q3a5sutk5RnRb5XhFOR9 RpvNvG6Z5nh40Hpz2Yt+lz9ip6UmiHNV7aKXaJPts66J3/tvzu6tgR6R3zrZHFtG8Spo bFXwId18Fgsnfwkf72H1QQ46oPGwT2txThObkGQmXu4PBh2D4zIKqp09C3djNPPjeG1P GOBj0j2TWzJS++zL7YLg9SZVeooyuRnDBVKObovS562u2BGI4P//kAffAsvwtak2TOtd B+uU0UiPW03viGU2OsjGAn1+UBlvNm1lnpx/fO4MwvUMQwtNXlHfwIQEjTgK9JjoRxaw +Bkg== X-Gm-Message-State: AJcUukeojjoWqJJXxDYLpYEVnbpbKiely9BtzI6dUM07TC1A9wtXEWY0 LSu+J/hh3krB4qwNgpygn6f1/WHQxYI= X-Received: by 2002:ab0:1601:: with SMTP id k1mr15954096uae.74.1549009236292; Fri, 01 Feb 2019 00:20:36 -0800 (PST) Received: from mail-ua1-f52.google.com (mail-ua1-f52.google.com. [209.85.222.52]) by smtp.gmail.com with ESMTPSA id r130sm2619488vka.55.2019.02.01.00.20.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Feb 2019 00:20:34 -0800 (PST) Received: by mail-ua1-f52.google.com with SMTP id t8so1967550uap.0 for ; Fri, 01 Feb 2019 00:20:34 -0800 (PST) X-Received: by 2002:ab0:740a:: with SMTP id r10mr14757503uap.14.1549009233563; Fri, 01 Feb 2019 00:20:33 -0800 (PST) MIME-Version: 1.0 References: <20190201054853.28541-1-caoj.fnst@cn.fujitsu.com> In-Reply-To: <20190201054853.28541-1-caoj.fnst@cn.fujitsu.com> From: Kees Cook Date: Fri, 1 Feb 2019 21:20:21 +1300 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] x86/boot: minor improvement in kaslr To: Cao jin Cc: LKML , X86 ML , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Baoquan He , Chao Fan Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 1, 2019 at 6:51 PM Cao jin wrote: > > comments fix: input_size is ZO image size which just don't count .bss > in, but has .text, .data, etc; > drop unecessary alignment: minimum is either 512M or output, both are > CONFIG_PHYSICAL_ALIGN aligned(output is aligned in head_32/64.S). But > mention it in earlier comments. > > Signed-off-by: Cao jin > --- > arch/x86/boot/compressed/kaslr.c | 9 +++------ > 1 file changed, 3 insertions(+), 6 deletions(-) > > diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c > index 9ed9709d9947..a947c5aba34e 100644 > --- a/arch/x86/boot/compressed/kaslr.c > +++ b/arch/x86/boot/compressed/kaslr.c > @@ -360,7 +360,7 @@ static void handle_mem_options(void) > * (i.e. it does not include its run size). This range must be avoided > * because it contains the data used for decompression. > * > - * [input+input_size, output+init_size) is [_text, _end) for ZO. This > + * [input+input_size, output+init_size) is [_bss, _end) for ZO. This This isn't right. The comment was correct before. See arch/x86/boot/compressed/vmlinux.lds.S for the layout of the ZO image: after the compressed image is _text, _rodata, _got, _data, _bss, _pgtable, and _end. "[_text, _end)" correctly identifies the span used. > * range includes ZO's heap and stack, and must be avoided since it > * performs the decompression. > * > @@ -763,9 +763,6 @@ static unsigned long find_random_phys_addr(unsigned long minimum, > return 0; > } > > - /* Make sure minimum is aligned. */ > - minimum = ALIGN(minimum, CONFIG_PHYSICAL_ALIGN); > - I would prefer to keep this runtime calculation since it enforces the requirement instead of making leaving it in a comment. When this goes wrong, you get an unbootable kernel, which is very frustrating to debug. > if (process_efi_entries(minimum, image_size)) > return slots_fetch_random(); > > @@ -831,8 +828,8 @@ void choose_random_location(unsigned long input, > > /* > * Low end of the randomization range should be the > - * smaller of 512M or the initial kernel image > - * location: > + * smaller of 512M or the initial kernel image location. > + * Should be aligned to CONFIG_PHYSICAL_ALIGN. This is fine to mention, sure. -Kees > */ > min_addr = min(*output, 512UL << 20); > > -- > 2.17.0 > > > -- Kees Cook