On 04/26/17 at 12:12pm, Kees Cook wrote: > On Wed, Apr 26, 2017 at 3:39 AM, Baoquan He <b...@redhat.com> wrote: > > Dave found when kdump kernel will reset to bios immediately if kaslr > > is enabled and physical randomization failed to faind a new position > > for kernel. But nokaslr works in this case. > > > > The reason is kaslr will install a new page table for ident mapping, > > while it missed to consider building ident mapping for original area > > of kernel if kaslr failed on physical randomization. > > > > In fact bootloaders including kexec/kdump have built ident mapping > > for original place of kernel. We can only install new ident mapping > > page table when physical kaslr succeeds. Otherwise we just keep the > > old page table unchanged just like nokaslr does. > > > > Signed-off-by: Baoquan He <b...@redhat.com> > > Signed-off-by: Dave Young <dyo...@redhat.com> > > Cc: "H. Peter Anvin" <h...@zytor.com> > > Cc: Thomas Gleixner <t...@linutronix.de> > > Cc: Ingo Molnar <mi...@redhat.com> > > Cc: x...@kernel.org > > Cc: Kees Cook <keesc...@chromium.org> > > Cc: Yinghai Lu <ying...@kernel.org> > > Cc: Borislav Petkov <b...@suse.de> > > Cc: Dave Jiang <dave.ji...@intel.com> > > Cc: Thomas Garnier <thgar...@google.com> > > Nice catch! > > Acked-by: Kees Cook <keesc...@chromium.org>
Thanks, Kees. Seems I forget telling this only happens in kexec/kdump kernel. Since the ident mapping has been built for kexec/kdump in 1st kernel for the whole memory by calling init_pgtable(). Here if physical randomizaiton failed, it won't build ident mapping for the original area of kernel but change to new page table '_pgtable'. Then kernel will reset to bios immediately caused by no ident mapping. While normal kernel won't be impacted because it comes here via startup_32() and cr3 will be _pgtable already. In startup_32() ident mapping is built for 0~4G area. In kaslr We just append to the existing area instead of entirely overwriting it for on-demand ident mapping building. So ident mapping for the original area of kernel is still there. I will post v2 with a improved patch log, and with your Acked-by. > > -Kees > > > --- > > arch/x86/boot/compressed/kaslr.c | 10 ++++++++-- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/arch/x86/boot/compressed/kaslr.c > > b/arch/x86/boot/compressed/kaslr.c > > index e5eb0c3..7a8b443 100644 > > --- a/arch/x86/boot/compressed/kaslr.c > > +++ b/arch/x86/boot/compressed/kaslr.c > > @@ -650,10 +650,16 @@ void choose_random_location(unsigned long input, > > add_identity_map(random_addr, output_size); > > *output = random_addr; > > } > > + > > + /* > > + * This actually loads the identity pagetable on x86_64. > > + * And this should only be done only if a new position > > + * is found. Otherwise we should keep the old page table > > + * to make it be like nokaslr case. > > + */ > > + finalize_identity_maps(); > > } > > > > - /* This actually loads the identity pagetable on x86_64. */ > > - finalize_identity_maps(); > > > > /* Pick random virtual address starting from LOAD_PHYSICAL_ADDR. */ > > if (IS_ENABLED(CONFIG_X86_64)) > > -- > > 2.5.5 > > > > > > -- > Kees Cook > Pixel Security
