| Message ID | 0e6a4c9c7655d3f42f624e1174b223fec5b2b087.1668958803.git.baskov@ispras.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2139475wrr;
Tue, 22 Nov 2022 03:19:32 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf5Amm0xAPlE8ify9nwDyX1+4mc5DsMiR8FYMYiQw/AEG2x2hM5pHej3eSFZ6MgqMRms7mqi
X-Received: by 2002:a17:907:76f0:b0:7ae:72ae:1f85 with SMTP id
kg16-20020a17090776f000b007ae72ae1f85mr18622576ejc.133.1669115972424;
Tue, 22 Nov 2022 03:19:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669115972; cv=none;
d=google.com; s=arc-20160816;
b=zEvyqCIdELikqJ2XJSD6hFqFWbZ2MMDTnkoWEyqfKOsJbl0KeJAVjDPDOzCvKMztPX
BEb20YA/QlobK3CaVH6LktP8Lc3XX7f1ACyoC+/mtIrhq4diP5W6k7QyuomSLtbEeXGw
UUvnr241lxw+BG+JF0EpDuNBuiOu/sE2yUg2h6QtsjFii/mdX6566wUK9PMe8AZNgxYB
FYIP5aDPYdE0JBUMj+2JsSgQUHSIJzdEC1TntgcPsLk88MVPiTqFQkiQNyRX9alI7Pbk
bfyB7XLniM9fcZxMjPRKlX2fvyLfxPhD4o7XWcxoAvWrUwyqgkmJlxUzI7mZvbBwE/AV
cqeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-filter;
bh=hDUzGiUVmLaacOXu/z6JftlYgMxorcNB1P4zYdNcUVA=;
b=u6X9/WdTwhzOLf/fFUGdKupFPH7AffZOaNbwjZ5ocWcci9i9E6aI4lvhelTWS2wICa
DdU23AYjSSXKXl2yh3FIfqgPXLBhR1wFhi6CeMFRG0T8p3hG0ssNVX5ffQWyT/ThkoPs
vJKqzwHtJkBigjUoIFgjZhGEE+i6uaMcn3NznKlOFrNDC5LeXCgv6lR8uWqZw1LPab0C
u2WxdQz7gpO4Oz0yvcPvi+6CqjlDG9G2mmU947FIaLVga9nUfIVKpJaujzEK8SJ7y0KO
uyYgTK02blYWP3hvfd5PfiH81YeH6N9Y8xqT1SmCG/kyguKB1tpwqglcPy2ETCBKgGEk
wAhA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=fGp+oA9i;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
sd9-20020a1709076e0900b007826e727aeasi13145749ejc.44.2022.11.22.03.19.08;
Tue, 22 Nov 2022 03:19:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ispras.ru header.s=default header.b=fGp+oA9i;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233035AbiKVLSj (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others);
Tue, 22 Nov 2022 06:18:39 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33600 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232682AbiKVLRc (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 22 Nov 2022 06:17:32 -0500
Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A488DEE9;
Tue, 22 Nov 2022 03:14:46 -0800 (PST)
Received: from localhost.localdomain (unknown [83.149.199.65])
by mail.ispras.ru (Postfix) with ESMTPSA id 91753419E9FE;
Tue, 22 Nov 2022 11:14:44 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru 91753419E9FE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru;
s=default; t=1669115684;
bh=hDUzGiUVmLaacOXu/z6JftlYgMxorcNB1P4zYdNcUVA=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=fGp+oA9iDBAPhlVYXBcZfYbMN02qaqGsTRz7H2BSjs+/7jTtObG+4M1M1MvcrYwyS
rYutse9d68YK6zjZDvAzrCSHnlnmMKYENCBqkOjK7G3Nonpj+4/J67ocO4x5QqnaD1
9pQax7kYHukdsFvsRvMvpiQU/uMqsb/hTPSoqBjk=
From: Evgeniy Baskov <baskov@ispras.ru>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Evgeniy Baskov <baskov@ispras.ru>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Alexey Khoroshilov <khoroshilov@ispras.ru>,
Peter Jones <pjones@redhat.com>,
"Limonciello, Mario" <mario.limonciello@amd.com>,
joeyli <jlee@suse.com>, lvc-project@linuxtesting.org,
x86@kernel.org, linux-efi@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v3 16/24] x86/boot: Reduce lower limit of physical KASLR
Date: Tue, 22 Nov 2022 14:12:25 +0300
Message-Id:
<0e6a4c9c7655d3f42f624e1174b223fec5b2b087.1668958803.git.baskov@ispras.ru>
X-Mailer: git-send-email 2.37.4
In-Reply-To: <cover.1668958803.git.baskov@ispras.ru>
References: <cover.1668958803.git.baskov@ispras.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750194949603589305?=
X-GMAIL-MSGID: =?utf-8?q?1750194949603589305?=
|
| Series |
x86_64: Improvements at compressed kernel stage
|
|
Commit Message
Evgeniy Baskov
Nov. 22, 2022, 11:12 a.m. UTC
Set lower limit of physical KASLR to 64M. Previously is was set to 512M when kernel is loaded higher than that. That prevented physical KASLR from being performed on x86_32, where upper limit is also set to 512M. The limit is pretty arbitrary, and the most important is to set it above the ISA hole, i.e. higher than 16M. It was not that important before, but now kernel is not getting relocated to the lower address when booting via EFI, exposing the KASLR failures. Tested-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Evgeniy Baskov <baskov@ispras.ru> --- arch/x86/boot/compressed/kaslr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 7e09d65f7b57..672550686f62 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -852,10 +852,10 @@ void choose_random_location(unsigned long input, /* * Low end of the randomization range should be the - * smaller of 512M or the initial kernel image + * smaller of 64M or the initial kernel image * location: */ - min_addr = min(*output, 512UL << 20); + min_addr = min(*output, 64UL << 20); /* Make sure minimum is aligned. */ min_addr = ALIGN(min_addr, CONFIG_PHYSICAL_ALIGN);