kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

x86/KASLR: Parse all 'memmap=' boot option entries

Browse source 
In commit:

  f28442497b ("x86/boot: Fix KASLR and memmap= collision")

... the memmap= option is parsed so that KASLR can avoid those reserved
regions. It uses cmdline_find_option() to get the value if memmap=
is specified, however the problem is that cmdline_find_option() can only
find the last entry if multiple memmap entries are provided. This
is not correct.

Address this by checking each command line token for a "memmap=" match
and parse each instance instead of using cmdline_find_option().

Signed-off-by: Baoquan He <bhe@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dan.j.williams@intel.com
Cc: douly.fnst@cn.fujitsu.com
Cc: dyoung@redhat.com
Cc: m.mizuma@jp.fujitsu.com
Link: http://lkml.kernel.org/r/1494654390-23861-2-git-send-email-bhe@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
Baoquan He 2017-05-13 13:46:28 +08:00 committed by Ingo Molnar
parent 56fff1bb0f
commit d52e7d5a95
3 changed files with 91 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
arch/x86/boot/compressed/cmdline.c
View file

@ -13,7 +13,7 @@ static inline char rdfs8(addr_t addr)
return *((char *)(fs + addr)); return *((char *)(fs + addr));
} }
#include "../cmdline.c" #include "../cmdline.c"
static unsigned long get_cmd_line_ptr(void) unsigned long get_cmd_line_ptr(void)
{ {
unsigned long cmd_line_ptr = boot_params->hdr.cmd_line_ptr; unsigned long cmd_line_ptr = boot_params->hdr.cmd_line_ptr;

136
arch/x86/boot/compressed/kaslr.c
View file

@ -9,16 +9,41 @@
* contain the entire properly aligned running kernel image. * contain the entire properly aligned running kernel image.
* *
*/ */
/*
* isspace() in linux/ctype.h is expected by next_args() to filter
* out "space/lf/tab". While boot/ctype.h conflicts with linux/ctype.h,
* since isdigit() is implemented in both of them. Hence disable it
* here.
*/
#define BOOT_CTYPE_H
/*
* _ctype[] in lib/ctype.c is needed by isspace() of linux/ctype.h.
* While both lib/ctype.c and lib/cmdline.c will bring EXPORT_SYMBOL
* which is meaningless and will cause compiling error in some cases.
* So do not include linux/export.h and define EXPORT_SYMBOL(sym)
* as empty.
*/
#define _LINUX_EXPORT_H
#define EXPORT_SYMBOL(sym)
#include "misc.h" #include "misc.h"
#include "error.h" #include "error.h"
#include "../boot.h"
#include <generated/compile.h> #include <generated/compile.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/uts.h> #include <linux/uts.h>
#include <linux/utsname.h> #include <linux/utsname.h>
#include <linux/ctype.h>
#include <generated/utsrelease.h> #include <generated/utsrelease.h>
/* Macros used by the included decompressor code below. */
#define STATIC
#include <linux/decompress/mm.h>
extern unsigned long get_cmd_line_ptr(void);
/* Simplified build-specific string for starting entropy. */ /* Simplified build-specific string for starting entropy. */
static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@" static const char build_str[] = UTS_RELEASE " (" LINUX_COMPILE_BY "@"
LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION; LINUX_COMPILE_HOST ") (" LINUX_COMPILER ") " UTS_VERSION;
@ -62,6 +87,7 @@ struct mem_vector {
static bool memmap_too_large; static bool memmap_too_large;
enum mem_avoid_index { enum mem_avoid_index {
MEM_AVOID_ZO_RANGE = 0, MEM_AVOID_ZO_RANGE = 0,
MEM_AVOID_INITRD, MEM_AVOID_INITRD,
@ -85,49 +111,14 @@ static bool mem_overlaps(struct mem_vector *one, struct mem_vector *two)
return true; return true;
} }
/** char *skip_spaces(const char *str)
* _memparse - Parse a string with mem suffixes into a number
* @ptr: Where parse begins
* @retptr: (output) Optional pointer to next char after parse completes
*
* Parses a string into a number. The number stored at @ptr is
* potentially suffixed with K, M, G, T, P, E.
*/
static unsigned long long _memparse(const char *ptr, char **retptr)
{ {
char *endptr; /* Local pointer to end of parsed string */ while (isspace(*str))
++str;
unsigned long long ret = simple_strtoull(ptr, &endptr, 0); return (char *)str;
switch (*endptr) {
case 'E':
case 'e':
ret <<= 10;
case 'P':
case 'p':
ret <<= 10;
case 'T':
case 't':
ret <<= 10;
case 'G':
case 'g':
ret <<= 10;
case 'M':
case 'm':
ret <<= 10;
case 'K':
case 'k':
ret <<= 10;
endptr++;
default:
break;
}
if (retptr)
*retptr = endptr;
return ret;
} }
#include "../../../../lib/ctype.c"
#include "../../../../lib/cmdline.c"
static int static int
parse_memmap(char *p, unsigned long long *start, unsigned long long *size) parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
@ -142,7 +133,7 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
return -EINVAL; return -EINVAL;
oldp = p; oldp = p;
*size = _memparse(p, &p); *size = memparse(p, &p);
if (p == oldp) if (p == oldp)
return -EINVAL; return -EINVAL;
@ -155,27 +146,21 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
case '#': case '#':
case '$': case '$':
case '!': case '!':
*start = _memparse(p + 1, &p); *start = memparse(p + 1, &p);
return 0; return 0;
} }
return -EINVAL; return -EINVAL;
} }
static void mem_avoid_memmap(void) static void mem_avoid_memmap(char *str)
{ {
char arg[128]; static int i;
int rc; int rc;
int i;
char *str;
/* See if we have any memmap areas */ if (i >= MAX_MEMMAP_REGIONS)
rc = cmdline_find_option("memmap", arg, sizeof(arg));
if (rc <= 0)
return; return;
i = 0;
str = arg;
while (str && (i < MAX_MEMMAP_REGIONS)) { while (str && (i < MAX_MEMMAP_REGIONS)) {
int rc; int rc;
unsigned long long start, size; unsigned long long start, size;
@ -202,6 +187,49 @@ static void mem_avoid_memmap(void)
memmap_too_large = true; memmap_too_large = true;
} }
/*
* handle_mem_memmap will also cover 'mem=' issue in next patch. Will remove
* this note later.
*/
static int handle_mem_memmap(void)
{
char *args = (char *)get_cmd_line_ptr();
size_t len = strlen((char *)args);
char *tmp_cmdline;
char *param, *val;
if (!strstr(args, "memmap="))
return 0;
tmp_cmdline = malloc(len + 1);
if (!tmp_cmdline )
error("Failed to allocate space for tmp_cmdline");
memcpy(tmp_cmdline, args, len);
tmp_cmdline[len] = 0;
args = tmp_cmdline;
/* Chew leading spaces */
args = skip_spaces(args);
while (*args) {
args = next_arg(args, &param, &val);
/* Stop at -- */
if (!val && strcmp(param, "--") == 0) {
warn("Only '--' specified in cmdline");
free(tmp_cmdline);
return -1;
}
if (!strcmp(param, "memmap"))
mem_avoid_memmap(val);
}
free(tmp_cmdline);
return 0;
}
/* /*
* In theory, KASLR can put the kernel anywhere in the range of [16M, 64T). * In theory, KASLR can put the kernel anywhere in the range of [16M, 64T).
* The mem_avoid array is used to store the ranges that need to be avoided * The mem_avoid array is used to store the ranges that need to be avoided
@ -323,7 +351,7 @@ static void mem_avoid_init(unsigned long input, unsigned long input_size,
/* We don't need to set a mapping for setup_data. */ /* We don't need to set a mapping for setup_data. */
/* Mark the memmap regions we need to avoid */ /* Mark the memmap regions we need to avoid */
mem_avoid_memmap(); handle_mem_memmap();
#ifdef CONFIG_X86_VERBOSE_BOOTUP #ifdef CONFIG_X86_VERBOSE_BOOTUP
/* Make sure video RAM can be used. */ /* Make sure video RAM can be used. */

8
arch/x86/boot/string.c
View file

@ -122,6 +122,14 @@ unsigned long long simple_strtoull(const char *cp, char **endp, unsigned int bas
return result; return result;
} }
long simple_strtol(const char *cp, char **endp, unsigned int base)
{
if (*cp == '-')
return -simple_strtoull(cp + 1, endp, base);
return simple_strtoull(cp, endp, base);
}
/** /**
* strlen - Find the length of a string * strlen - Find the length of a string
* @s: The string to be sized * @s: The string to be sized