[PATCH] x86/KASLR: Fix boot crash caused by wrongly chosen kernel physical address
From: Baoquan He
Date: Fri Jul 01 2016 - 03:34:40 EST
System halted with the separate randomization code applied. With debug printing
we got the reason that the chosen kernel physical address randomly is overlapped
with input dada. So input data and its running space must be corrupted during
decompressing kernel, then boot crash happened.
The root cause is that in function mem_avoid_overlap() local variable 'earliest'
is not updated correctly. Function mem_avoid_overlap is used to find the overlap
region with the lowest address, and 'earliest' is used to track the lowest address.
Decompressing kernel could step into those regions which need be avoided if we
didn't handle these overlap region correctly. So fix the code bug now.
Signed-off-by: Baoquan He <bhe@xxxxxxxxxx>
---
arch/x86/boot/compressed/kaslr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 304c5c3..8e1fdf7 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -285,6 +285,7 @@ static bool mem_avoid_overlap(struct mem_vector *img,
if (mem_overlaps(img, &mem_avoid[i]) &&
mem_avoid[i].start < earliest) {
*overlap = mem_avoid[i];
+ earliest = overlap->start;
is_overlapping = true;
}
}
@@ -299,6 +300,7 @@ static bool mem_avoid_overlap(struct mem_vector *img,
if (mem_overlaps(img, &avoid) && (avoid.start < earliest)) {
*overlap = avoid;
+ earliest = overlap->start;
is_overlapping = true;
}
--
2.5.5