Re: [PATCH v3 1/7] kexec_file: allow to place kexec_buf randomly

From: Baoquan He
Date: Mon May 20 2024 - 02:17:05 EST


On 04/25/24 at 06:04pm, Coiby Xu wrote:
> Currently, kexec_buf is placed in order which means for the same
> machine, the info in the kexec_buf is always located at the same
> position each time the machine is booted. This may cause a risk for
> sensitive information like LUKS volume key. Now struct kexec_buf has a
> new field random which indicates it's supposed to be placed in a random
> position.

Do you want to randomize the key's position for both kdump and kexec
rebooting? Assume you only want to do that for kdump. If so, we may need
to make that more specific in code.

>
> Suggested-by: Jan Pazdziora <jpazdziora@xxxxxxxxxx>
> Signed-off-by: Coiby Xu <coxu@xxxxxxxxxx>
> ---
> include/linux/kexec.h | 2 ++
> kernel/kexec_file.c | 15 +++++++++++++++
> 2 files changed, 17 insertions(+)
>
> diff --git a/include/linux/kexec.h b/include/linux/kexec.h
> index 060835bb82d5..fc1e20d565d5 100644
> --- a/include/linux/kexec.h
> +++ b/include/linux/kexec.h
> @@ -171,6 +171,7 @@ int kexec_image_post_load_cleanup_default(struct kimage *image);
> * @buf_min: The buffer can't be placed below this address.
> * @buf_max: The buffer can't be placed above this address.
> * @top_down: Allocate from top of memory.
> + * @random: Place the buffer at a random position.
> */
> struct kexec_buf {
> struct kimage *image;
> @@ -182,6 +183,7 @@ struct kexec_buf {
> unsigned long buf_min;
> unsigned long buf_max;
> bool top_down;
> + bool random;
> };
>
> int kexec_load_purgatory(struct kimage *image, struct kexec_buf *kbuf);
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 2d1db05fbf04..e0630fe30d43 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -25,6 +25,7 @@
> #include <linux/elfcore.h>
> #include <linux/kernel.h>
> #include <linux/kernel_read_file.h>
> +#include <linux/prandom.h>
> #include <linux/syscalls.h>
> #include <linux/vmalloc.h>
> #include "kexec_internal.h"
> @@ -432,6 +433,16 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
> return ret;
> }
>
> +static unsigned long kexec_random_start(unsigned long start, unsigned long end)
> +{
> + unsigned long temp_start;
> + unsigned short i;
> +
> + get_random_bytes(&i, sizeof(unsigned short));
> + temp_start = start + (end - start) / USHRT_MAX * i;
> + return temp_start;
> +}
> +
> static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
> struct kexec_buf *kbuf)
> {
> @@ -440,6 +451,8 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
>
> temp_end = min(end, kbuf->buf_max);
> temp_start = temp_end - kbuf->memsz + 1;
> + if (kbuf->random)
> + temp_start = kexec_random_start(temp_start, temp_end);
>
> do {
> /* align down start */
> @@ -477,6 +490,8 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end,
> unsigned long temp_start, temp_end;
>
> temp_start = max(start, kbuf->buf_min);
> + if (kbuf->random)
> + temp_start = kexec_random_start(temp_start, end);
>
> do {
> temp_start = ALIGN(temp_start, kbuf->buf_align);
> --
> 2.44.0
>