Re: [tip:x86/boot] x86/KASLR: Consolidate mem_avoid[] entries

From: Borislav Petkov
Date: Fri May 06 2016 - 15:29:57 EST


On Fri, May 06, 2016 at 11:16:50AM -0700, Kees Cook wrote:
> I can expand them in the change logs, but it helps to keep reinforcing
> their names since all the variables are named using these.

Sure, in the comments in the code, but the commit messages should be more
dealing with the big picture and explaining to normal humans too :)

> This was an earlier attempt by Baoquan to fully explain the reasoning
> in this code since I couldn't understand it. He added the specific
> conditions, observations, and added the diagram. The goal is to prove
> that the changes to mem_avoid are safe since mistakes here lead to
> really hard to debug bugs.

So add that last sentence :)

> Well, no, these are ranges, so literally what it says.
> "output+init_size-ZO_INIT_SIZE" is the start of the compressed image
> (ZO). It's position is now found from the end of the buffer, which is
> output+init_size (VO's position plus VO's total run size) minus the
> total run size of ZO.

I meant the range is of ZO_INIT_SIZE size. But I like this here
explanation better, maybe add it...

> Heh. Yeah, and this is LESS confusing than when the ZO wasn't aligned
> to the end of the buffer. A whole other set of conditions vanish now.
> I will try to further explain these.

Thanks, the whole picture is certainly becoming clearer slowly, so keep
doin' whatcha doin'! :-)

> Ah! Yes, excellent. I'll actually use an enum so I can get
> MEM_AVOID_MAX automatically.

Yap.

Thanks.

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.