[PATCH v4 2/3] KASLR: Handle memory limit specified by memmap and mem option
From: Baoquan He
Date: Tue May 09 2017 - 01:58:17 EST
Option mem= will limit the max address a system can use and any memory
region above the limit will be removed.
Furthermore, memmap=nn[KMG] which has no offset specified has the same
behaviour as mem=.
KASLR needs to consider this when choosing the random position for
decompressing the kernel.
This patch implements that.
Signed-off-by: Baoquan He <bhe@xxxxxxxxxx>
---
arch/x86/boot/compressed/kaslr.c | 69 +++++++++++++++++++++++++++++-----------
1 file changed, 51 insertions(+), 18 deletions(-)
diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 106e13b..0637e85 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -88,6 +88,10 @@ struct mem_vector {
static bool memmap_too_large;
+/* Store memory limit specified by "mem=nn[KMG]" or "memmap=nn[KMG]" */
+unsigned long long mem_limit = ULLONG_MAX;
+
+
enum mem_avoid_index {
MEM_AVOID_ZO_RANGE = 0,
MEM_AVOID_INITRD,
@@ -138,16 +142,24 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size)
return -EINVAL;
switch (*p) {
- case '@':
- /* Skip this region, usable */
- *start = 0;
- *size = 0;
- return 0;
case '#':
case '$':
case '!':
*start = memparse(p + 1, &p);
return 0;
+ case '@': /* Fall through: */
+ /*
+ * memmap=nn@ss specifies usable region, should be skipped
+ */
+ *size = 0;
+ default:
+ /*
+ * If w/o offset, only size specified, memmap=nn[KMG] has the
+ * same behaviour as mem=nn[KMG]. It limits the max address
+ * system can use. Region above the limit should be avoided.
+ */
+ *start = 0;
+ return 0;
}
return -EINVAL;
@@ -173,9 +185,14 @@ static void mem_avoid_memmap(char *str)
if (rc < 0)
break;
str = k;
- /* A usable region that should not be skipped */
- if (size == 0)
+
+ if (start == 0) {
+ /* Store the specified memory limit if size > 0 */
+ if (size > 0)
+ mem_limit = size;
+
continue;
+ }
mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].start = start;
mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size;
@@ -187,19 +204,15 @@ static void mem_avoid_memmap(char *str)
memmap_too_large = true;
}
-
-/*
- * handle_mem_memmap will also cover 'mem=' issue in next patch. Will remove
- * this note later.
- */
static int handle_mem_memmap(void)
{
char *args = (char *)get_cmd_line_ptr();
size_t len = strlen((char *)args);
char *tmp_cmdline;
char *param, *val;
+ u64 mem_size;
- if (!strstr(args, "memmap="))
+ if (!strstr(args, "memmap=") && !strstr(args, "mem="))
return 0;
tmp_cmdline = malloc(len + 1);
@@ -222,8 +235,20 @@ static int handle_mem_memmap(void)
return -1;
}
- if (!strcmp(param, "memmap"))
+ if (!strcmp(param, "memmap")) {
mem_avoid_memmap(val);
+ } else if (!strcmp(param, "mem")) {
+ char *p = val;
+
+ if (!strcmp(p, "nopentium"))
+ continue;
+ mem_size = memparse(p, &p);
+ if (mem_size == 0) {
+ free(tmp_cmdline);
+ return -EINVAL;
+ }
+ mem_limit = mem_size;
+ }
}
free(tmp_cmdline);
@@ -460,7 +485,8 @@ static void process_e820_entry(struct boot_e820_entry *entry,
{
struct mem_vector region, overlap;
struct slot_area slot_area;
- unsigned long start_orig;
+ unsigned long start_orig, end;
+ struct boot_e820_entry cur_entry;
/* Skip non-RAM entries. */
if (entry->type != E820_TYPE_RAM)
@@ -474,8 +500,15 @@ static void process_e820_entry(struct boot_e820_entry *entry,
if (entry->addr + entry->size < minimum)
return;
- region.start = entry->addr;
- region.size = entry->size;
+ /* Ignore entries above memory limit */
+ end = min(entry->size + entry->addr, mem_limit);
+ if (entry->addr >= end)
+ return;
+ cur_entry.addr = entry->addr;
+ cur_entry.size = end - entry->addr;
+
+ region.start = cur_entry.addr;
+ region.size = cur_entry.size;
/* Give up if slot area array is full. */
while (slot_area_index < MAX_SLOT_AREA) {
@@ -489,7 +522,7 @@ static void process_e820_entry(struct boot_e820_entry *entry,
region.start = ALIGN(region.start, CONFIG_PHYSICAL_ALIGN);
/* Did we raise the address above this e820 region? */
- if (region.start > entry->addr + entry->size)
+ if (region.start > cur_entry.addr + cur_entry.size)
return;
/* Reduce size by any delta from the original address. */
--
2.5.5