Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/arch More ASLR: randomize the kernel main memory. VM_MIN...



details:   https://anonhg.NetBSD.org/src/rev/ed8317da82ed
branches:  trunk
changeset: 365313:ed8317da82ed
user:      maxv <maxv%NetBSD.org@localhost>
date:      Sun Aug 12 08:17:50 2018 +0000

description:
More ASLR: randomize the kernel main memory. VM_MIN_KERNEL_ADDRESS becomes
variable, and its location is chosen at boot time. There is room for
improvement, since for now we ask for an alignment of NBPD_L4.

This is enabled by default in GENERIC, but not in Xen. Tested extensively
on GENERIC and GENERIC_KASLR, XEN3_DOM0 still boots fine.

diffstat:

 sys/arch/amd64/amd64/machdep.c   |  23 +++++++++++++++++++-
 sys/arch/amd64/include/pmap.h    |   4 +-
 sys/arch/amd64/include/vmparam.h |  16 ++++++++++----
 sys/arch/x86/x86/pmap.c          |  44 ++++++++++++++++++++++++++++++----------
 4 files changed, 67 insertions(+), 20 deletions(-)

diffs (200 lines):

diff -r fcdbff29a25f -r ed8317da82ed sys/arch/amd64/amd64/machdep.c
--- a/sys/arch/amd64/amd64/machdep.c    Sun Aug 12 08:00:32 2018 +0000
+++ b/sys/arch/amd64/amd64/machdep.c    Sun Aug 12 08:17:50 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: machdep.c,v 1.309 2018/07/26 09:29:08 maxv Exp $       */
+/*     $NetBSD: machdep.c,v 1.310 2018/08/12 08:17:50 maxv Exp $       */
 
 /*
  * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -110,7 +110,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.309 2018/07/26 09:29:08 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.310 2018/08/12 08:17:50 maxv Exp $");
 
 #include "opt_modular.h"
 #include "opt_user_ldt.h"
@@ -264,6 +264,9 @@
 extern struct bootspace bootspace;
 extern struct slotspace slotspace;
 
+vaddr_t vm_min_kernel_address __read_mostly = VM_MIN_KERNEL_ADDRESS_DEFAULT;
+vaddr_t vm_max_kernel_address __read_mostly = VM_MAX_KERNEL_ADDRESS_DEFAULT;
+
 struct vm_map *phys_map = NULL;
 
 extern paddr_t lowmem_rsvd;
@@ -1605,12 +1608,14 @@
        slotspace.area[SLAREA_PTE].active = true;
        slotspace.area[SLAREA_PTE].dropmax = false;
 
+#ifdef XEN
        /* Main. */
        slotspace.area[SLAREA_MAIN].sslot = PDIR_SLOT_KERN;
        slotspace.area[SLAREA_MAIN].mslot = NKL4_MAX_ENTRIES;
        slotspace.area[SLAREA_MAIN].nslot = 0 /* variable */;
        slotspace.area[SLAREA_MAIN].active = true;
        slotspace.area[SLAREA_MAIN].dropmax = false;
+#endif
 
 #ifdef __HAVE_PCPU_AREA
        /* Per-CPU. */
@@ -1636,6 +1641,20 @@
        slotspace.area[SLAREA_KERN].nslot = 1;
        slotspace.area[SLAREA_KERN].active = true;
        slotspace.area[SLAREA_KERN].dropmax = false;
+
+#ifndef XEN
+       vaddr_t slotspace_rand(int, size_t, size_t);
+       vaddr_t va;
+
+       /* Main. */
+       slotspace.area[SLAREA_MAIN].mslot = NKL4_MAX_ENTRIES+1;
+       slotspace.area[SLAREA_MAIN].dropmax = false;
+       va = slotspace_rand(SLAREA_MAIN, NKL4_MAX_ENTRIES * NBPD_L4,
+           NBPD_L4);
+
+       vm_min_kernel_address = va;
+       vm_max_kernel_address = va + NKL4_MAX_ENTRIES * NBPD_L4;
+#endif
 }
 
 void
diff -r fcdbff29a25f -r ed8317da82ed sys/arch/amd64/include/pmap.h
--- a/sys/arch/amd64/include/pmap.h     Sun Aug 12 08:00:32 2018 +0000
+++ b/sys/arch/amd64/include/pmap.h     Sun Aug 12 08:17:50 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pmap.h,v 1.48 2018/07/27 07:35:09 maxv Exp $   */
+/*     $NetBSD: pmap.h,v 1.49 2018/08/12 08:17:50 maxv Exp $   */
 
 /*
  * Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -139,7 +139,7 @@
 
 #define L4_SLOT_PTE            255
 #ifndef XEN
-#define L4_SLOT_KERN           256 /* pl4_i(VM_MIN_KERNEL_ADDRESS) */
+#define L4_SLOT_KERN           slotspace.area[SLAREA_MAIN].sslot
 #else
 /* Xen use slots 256-272, let's move farther */
 #define L4_SLOT_KERN           320 /* pl4_i(VM_MIN_KERNEL_ADDRESS) */
diff -r fcdbff29a25f -r ed8317da82ed sys/arch/amd64/include/vmparam.h
--- a/sys/arch/amd64/include/vmparam.h  Sun Aug 12 08:00:32 2018 +0000
+++ b/sys/arch/amd64/include/vmparam.h  Sun Aug 12 08:17:50 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vmparam.h,v 1.45 2017/11/13 07:06:49 wiz Exp $ */
+/*     $NetBSD: vmparam.h,v 1.46 2018/08/12 08:17:50 maxv Exp $        */
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -126,11 +126,17 @@
  * MAX = MIN + NKL4_MAX_ENTRIES * NBPD_L4
  */
 #ifndef XEN
-#define VM_MIN_KERNEL_ADDRESS  0xffff800000000000
-#define VM_MAX_KERNEL_ADDRESS  0xffffa00000000000
+#define VM_MIN_KERNEL_ADDRESS_DEFAULT  0xffff800000000000
+#define VM_MAX_KERNEL_ADDRESS_DEFAULT  0xffffa00000000000
+extern vaddr_t vm_min_kernel_address;
+extern vaddr_t vm_max_kernel_address;
+#define VM_MIN_KERNEL_ADDRESS  vm_min_kernel_address
+#define VM_MAX_KERNEL_ADDRESS  vm_max_kernel_address
 #else
-#define VM_MIN_KERNEL_ADDRESS  0xffffa00000000000
-#define VM_MAX_KERNEL_ADDRESS  0xffffc00000000000
+#define VM_MIN_KERNEL_ADDRESS_DEFAULT  0xffffa00000000000
+#define VM_MAX_KERNEL_ADDRESS_DEFAULT  0xffffc00000000000
+#define VM_MIN_KERNEL_ADDRESS  VM_MIN_KERNEL_ADDRESS_DEFAULT
+#define VM_MAX_KERNEL_ADDRESS  VM_MAX_KERNEL_ADDRESS_DEFAULT
 #endif
 
 /*
diff -r fcdbff29a25f -r ed8317da82ed sys/arch/x86/x86/pmap.c
--- a/sys/arch/x86/x86/pmap.c   Sun Aug 12 08:00:32 2018 +0000
+++ b/sys/arch/x86/x86/pmap.c   Sun Aug 12 08:17:50 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pmap.c,v 1.295 2018/07/26 17:20:08 maxv Exp $  */
+/*     $NetBSD: pmap.c,v 1.296 2018/08/12 08:17:50 maxv Exp $  */
 
 /*
  * Copyright (c) 2008, 2010, 2016, 2017 The NetBSD Foundation, Inc.
@@ -157,7 +157,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.295 2018/07/26 17:20:08 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pmap.c,v 1.296 2018/08/12 08:17:50 maxv Exp $");
 
 #include "opt_user_ldt.h"
 #include "opt_lockdebug.h"
@@ -1394,12 +1394,14 @@
 #endif
 
 #if defined(__HAVE_DIRECT_MAP)
+vaddr_t slotspace_rand(int, size_t, size_t);
+
 /*
  * Randomize the location of an area. We count the holes in the VM space. We
  * randomly select one hole, and then randomly select an area within that hole.
  * Finally we update the associated entry in the slotspace structure.
  */
-static vaddr_t
+vaddr_t
 slotspace_rand(int type, size_t sz, size_t align)
 {
        struct {
@@ -1415,17 +1417,36 @@
 
        /* Get the holes. */
        nholes = 0;
-       for (i = 0; i < SLSPACE_NAREAS-1; i++) {
-               startsl = slotspace.area[i].sslot;
-               if (slotspace.area[i].active)
-                       startsl += slotspace.area[i].mslot;
-               endsl = slotspace.area[i+1].sslot;
-               if (endsl - startsl >= nslots) {
-                       holes[nholes].start = startsl;
-                       holes[nholes].end = endsl;
+       size_t curslot = 0 + 255; /* end of SLAREA_USER */
+       while (1) {
+               /*
+                * Find the first occupied slot after the current one.
+                * The area between the two is a hole.
+                */
+               size_t minsslot = 512;
+               size_t minnslot = 0;
+               for (i = 0; i < SLSPACE_NAREAS-1; i++) {
+                       if (!slotspace.area[i].active)
+                               continue;
+                       if (slotspace.area[i].sslot >= curslot &&
+                           slotspace.area[i].sslot < minsslot) {
+                               minsslot = slotspace.area[i].sslot;
+                               minnslot = slotspace.area[i].nslot;
+                       }
+               }
+               if (minsslot == 512) {
+                       break;
+               }
+
+               if (minsslot - curslot >= nslots) {
+                       holes[nholes].start = curslot;
+                       holes[nholes].end = minsslot;
                        nholes++;
                }
+
+               curslot = minsslot + minnslot;
        }
+
        if (nholes == 0) {
                panic("%s: impossible", __func__);
        }
@@ -1451,6 +1472,7 @@
        if (slotspace.area[type].dropmax) {
                slotspace.area[type].mslot = slotspace.area[type].nslot;
        }
+       slotspace.area[type].active = true;
 
        return va;
 }



Home | Main Index | Thread Index | Old Index