• Junjie Mao's avatar
    x86, kaslr: Prevent .bss from overlaping initrd · e6023367
    Junjie Mao authored
    When choosing a random address, the current implementation does not take into
    account the reversed space for .bss and .brk sections. Thus the relocated kernel
    may overlap other components in memory. Here is an example of the overlap from a
    x86_64 kernel in qemu (the ranges of physical addresses are presented):
    
     Physical Address
    
        0x0fe00000                  --+--------------------+  <-- randomized base
                                   /  |  relocated kernel  |
                       vmlinux.bin    | (from vmlinux.bin) |
        0x1336d000    (an ELF file)   +--------------------+--
                                   \  |                    |  \
        0x1376d870                  --+--------------------+   |
                                      |    relocs table    |   |
        0x13c1c2a8                    +--------------------+   .bss and .brk
                                      |                    |   |
        0x13ce6000                    +--------------------+   |
                                      |                    |  /
        0x13f77000                    |       initrd       |--
                                      |                    |
        0x13fef374                    +--------------------+
    
    The initrd image will then be overwritten by the memset during early
    initialization:
    
    [    1.655204] Unpacking initramfs...
    [    1.662831] Initramfs unpacking failed: junk in compressed archive
    
    This patch prevents the above situation by requiring a larger space when looking
    for a random kernel base, so that existing logic can effectively avoids the
    overlap.
    
    [kees: switched to perl to avoid hex translation pain in mawk vs gawk]
    [kees: calculated overlap without relocs table]
    
    Fixes: 82fa9637 ("x86, kaslr: Select random position from e820 maps")
    Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
    Signed-off-by: default avatarJunjie Mao <eternal.n08@gmail.com>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: Josh Triplett <josh@joshtriplett.org>
    Cc: Matt Fleming <matt.fleming@intel.com>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Vivek Goyal <vgoyal@redhat.com>
    Cc: Andi Kleen <ak@linux.intel.com>
    Cc: stable@vger.kernel.org
    Link: http://lkml.kernel.org/r/1414762838-13067-1-git-send-email-eternal.n08@gmail.comSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    e6023367
mkpiggy.c 2.83 KB