Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp1936637rdb; Tue, 20 Feb 2024 11:22:17 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXZcls1+J/bCWKo/0ZE3OkM4kcoZdwJo7+xOLEdis32fzYoh4cuR/4+cOLMr+L69/CwV3BcV6EtTiK7/ulG5thWLHAbRP1s7ycnGpRsVQ== X-Google-Smtp-Source: AGHT+IGmdpOtWwNe5y1oDoeFcXyk6K8jUIwR0hdfR1PKkDBPWLRPrPW3o1jggbdZBEuJl9ms/Jdn X-Received: by 2002:a05:620a:135a:b0:785:d958:e7f5 with SMTP id c26-20020a05620a135a00b00785d958e7f5mr16452562qkl.52.1708456937461; Tue, 20 Feb 2024 11:22:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708456937; cv=pass; d=google.com; s=arc-20160816; b=NivWKIx7VhmXrjVZuqQte77Ea37okgf8lA37oJXEmhHLVV7Ta0Xid391QRrPQO58hw 1QS8xcu3wi7FPNPyVrhodEkh2o21oktFplxqcP8/vpYb0KtEVazdYtZ0J8tMPrGcRJ8d Hl2L1LZhKMZ/Vh4/rZZ5q7TSIjdctpdKWVluhQQ2/1zkBeXoeZdCmpCm0sp7a3zU1w/5 PEqOz8m4FFOofPdi6cbsU3QgHQtSRlCfc8Mt6337NgB/v6wravjgETjfVjcBTghUgtMc Mb5ZgT5OWO5w4du+AyWEWrGwy6QJlVgaskZncqUzxRLhL2fVRHP3gkUVrdducxLwcbrG oxww== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=cA2O3Llhx71J8bGYTlEPNCq93E6hVPmmgkxfFVoSWL8=; fh=Nq/nElPHZ530SN64UDyPlwN1O1UpctBMmMkrRqI4A/0=; b=D6PfGLzzzbGd9C2McQH9VFnlcohC/C23aozh/nF4/H66c/DUqk+6YpNSbRPUNESHpQ KyZkuLuWjrFSxmmZB8QGkk8OjFA5i9ATfAN/IkhpjGZxwWH0TsCtTUNuU+fVQJCrDq83 xEnM5ZjokOGvgs0WI8ncKl9svMczvw3IPvcPELjU+88MiW/f5nVwc6xkwdKzgrQJCTBl 9EbGUa07lM+XOrhml1c7pxOkmjnqxrZcrUSpyFerS8S2WDf1cOmxNgn2vgN07WEScDC/ NzTbVdPxxTaRl8bOimpT5sBK2M9xbDoz4TnIju54HnQWiPX6/Jg+C3xrKogZQOScjAab M7Kg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=tnZrOTMc; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-73587-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-73587-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id y2-20020ae9f402000000b007875617a7easi7683642qkl.438.2024.02.20.11.22.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 11:22:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-73587-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=tnZrOTMc; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-73587-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-73587-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 29E181C20F50 for ; Tue, 20 Feb 2024 19:22:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4EFC914A0B4; Tue, 20 Feb 2024 19:22:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="tnZrOTMc" Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3A301353EF for ; Tue, 20 Feb 2024 19:21:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708456921; cv=none; b=aczp8FsWVq6QSXWClH+nN4h2wzWmefs2J3R96+J9r80+bfmJ2cksKaWJXVhgktnwVRvMjuZ5bAd1HIegKhhSYaA4S0LqYqMagaYoj3Si3bAmK/xB2IvghicRgeOUSYFKD57FOH0MHfyGSflF6JIoPO7X7CCqynZOnpuCMEOlsGw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708456921; c=relaxed/simple; bh=O0CZLNJD1ve6sw6w5oRCfLQxN+HSkwW+t7kr5ppkfwg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ihFiaJmdrDYlf3IyOZypKr4wZ8H/x5paJ2jxYyb968wMf5RXJziQgRtZsWcZ1AUtJm+Ud9OLRbYdTXmGVQny453QqK8ixH+fS7G0Kgbk/fZPPpqYWESBEyRCN5nxtsdJzLXIrJXp4RKcfVFdxzAgzrJpEtcNT4uekE/xoyM+nXs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=tnZrOTMc; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4120933b710so13515e9.0 for ; Tue, 20 Feb 2024 11:21:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1708456918; x=1709061718; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cA2O3Llhx71J8bGYTlEPNCq93E6hVPmmgkxfFVoSWL8=; b=tnZrOTMcWD0ycnpdKVDgyG9dxlGI97Y7Q2sEQFGvm75XGZFTsp8Yaol/xwkuRcH56w L9MEFB69D33psdUp++bkmwrUWSl6pCCDEYvTeA5XuXGL3BbnGQKt2xizotVnSrdfro+h +B8hHBfhWWyHDShdlfXSdJ2LImi89tIZ30RHFNNdqS/2Ofc6nU5Fa1gd+7+sX0dHQpQF scff3/tuv8SkN9i/sb+6lTD652c31aK+5NQtm5i9V+RLNIGMI/oXadgk8aGlizk8lU0F kVQt2tM/c1FcS7JXYc9mz1DA7yHjOdEmTcLSjMc7DMN+DKA9MRym7J+RuKx13f5WzWZm 1NdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708456918; x=1709061718; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cA2O3Llhx71J8bGYTlEPNCq93E6hVPmmgkxfFVoSWL8=; b=pAoq3/t8+1VpiJ0FlLo3fxx7atWaTdUDLBNcoyXL/OLCUiPM7kVkKEwXH6PSbjy5GE jTeFv/okrEFwEzAsa6BpPpexfvWEIaefrcg17xaocFl0PPVC31FldZv3fLyjNJkpcJl5 EJbJIslUnd31gw2mseO0wgbKey9UgP/+t1rhNa9VF9XGxAF51PvZLEMYFEGnVw0ySmdM P94wOTzhMLKTFYBar2bdMY44IzvQMgVel/nQ1u2hoiQNHlusckklmnf2iU3N/OYRU4d4 m5XCFhpNiL5i265WPphs6uMLIPYTXGltNOJuEE6Z4QrURtx4w0KwJxQVAQ+ZiHiO0Lo/ pzsA== X-Forwarded-Encrypted: i=1; AJvYcCVPqSx1n4vHqtAd2YyEqVOfsUZWO2qvivaKZBj6eYs0uwz434fJW+kIwGwGshSzdThY0Xo5cLIrMo6OXJY3lmYuTELiQ0ErELQmSxGW X-Gm-Message-State: AOJu0Yybk8ZXeSL8U4JRElwr1HxFlqNZsBQWH0/NGET6cbxK/VoiRiRZ HB/wW/Lnq8ChC8q3F8WcAsG4+342ClZ19EH3Kl0rJSO3QfTlgyYhosWwbDaCMg== X-Received: by 2002:a05:600c:5187:b0:412:730d:ab69 with SMTP id fa7-20020a05600c518700b00412730dab69mr13734wmb.4.1708456918160; Tue, 20 Feb 2024 11:21:58 -0800 (PST) Received: from localhost ([2a02:168:96c5:1:cba0:1b55:6833:859e]) by smtp.gmail.com with ESMTPSA id u22-20020a05600c211600b00412706c3ddasm1723wml.18.2024.02.20.11.21.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Feb 2024 11:21:57 -0800 (PST) From: Jann Horn To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, Kees Cook , Jann Horn Subject: [PATCH 1/3] x86/boot: fix KASLR hashing to use full input Date: Tue, 20 Feb 2024 20:21:42 +0100 Message-ID: <20240220192144.2050167-2-jannh@google.com> X-Mailer: git-send-email 2.44.0.rc0.258.g7320e95886-goog In-Reply-To: <20240220192144.2050167-1-jannh@google.com> References: <20240220192144.2050167-1-jannh@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit rotate_xor() currently ignores up to 7 bytes of input. That likely doesn't really matter but it's still kinda wrong, so fix it. Signed-off-by: Jann Horn --- arch/x86/boot/compressed/kaslr.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index dec961c6d16a..3ede59ad67eb 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -42,17 +42,30 @@ extern unsigned long get_cmd_line_ptr(void); static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@" LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION; +static unsigned long rotate_xor_one(unsigned long hash, unsigned long val) +{ + /* Rotate by odd number of bits and XOR. */ + hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7); + hash ^= val; + return hash; +} + static unsigned long rotate_xor(unsigned long hash, const void *area, size_t size) { size_t i; unsigned long *ptr = (unsigned long *)area; + unsigned long rest = 0; + + for (i = 0; i < size / sizeof(hash); i++) + hash = rotate_xor_one(hash, ptr[i]); - for (i = 0; i < size / sizeof(hash); i++) { - /* Rotate by odd number of bits and XOR. */ - hash = (hash << ((sizeof(hash) * 8) - 7)) | (hash >> 7); - hash ^= ptr[i]; + i = i * sizeof(hash); + for (; i < size; i++) { + rest <<= 8; + rest |= ((unsigned char *)area)[i]; } + hash = rotate_xor_one(hash, rest); return hash; } -- 2.44.0.rc0.258.g7320e95886-goog