• Vasily Gorbik's avatar
    s390/kaslr: correct and explain randomization base generation · 5c46f276
    Vasily Gorbik authored
    Currently there are several minor problems with randomization base
    generation code:
    
    1. It might misbehave in low memory conditions. In particular there
    might be enough space for the kernel on [0, block_sum] but after
    	if (base < safe_addr)
    		base = safe_addr;
    it might not be enough anymore.
    
    2. It does not correctly handle minimal address constraint. In condition
    	if (base < safe_addr)
    		base = safe_addr;
    a synthetic value is compared with an address. If we have a memory
    setup with memory holes due to offline memory regions, and safe_addr is
    close to the end of the first online memory block - we might position
    the kernel in invalid memory.
    
    3. block_sum calculation logic contains off-by-one error. Let's say we
    have a memory block in which the kernel fits perfectly
    (end - start == kernel_size). In this case:
    		if (end - start < kernel_size)
    			continue;
    		block_sum += end - start - kernel_size;
    block_sum is not increased, while it is a valid kernel position.
    
    So, address problems listed and explain algorithm used. Besides that
    restructuring the code makes it possible to extend kernel positioning
    algorithm further. Currently we pick position in between single
    [min, max] range (min = safe_addr, max = memory_limit). In future we
    can do that for multiple ranges as well (by calling
    count_valid_kernel_positions for each range).
    Reviewed-by: default avatarPhilipp Rudo <prudo@linux.ibm.com>
    Reviewed-by: default avatarAlexander Egorenkov <egorenar@linux.ibm.com>
    Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    5c46f276
kaslr.c 6.79 KB