x86, kaslr: Return location from decompress_kernel

This allows decompress_kernel to return a new location for the kernel to
be relocated to. Additionally, enforces CONFIG_PHYSICAL_START as the
minimum relocation position when building with CONFIG_RELOCATABLE.

With CONFIG_RANDOMIZE_BASE set, the choose_kernel_location routine
will select a new location to decompress the kernel, though here it is
presently a no-op. The kernel command line option "nokaslr" is introduced
to bypass these routines.

Signed-off-by: Kees Cook <keescook@chromium.org>
Link: http://lkml.kernel.org/r/1381450698-28710-3-git-send-email-keescook@chromium.org
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>

7 files changed, 68 insertions, 20 deletions

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 3312f1be9fd9..ae8b5dbbd8c5 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -27,7 +27,7 @@ HOST_EXTRACFLAGS += -I$(srctree)/tools/include
 
 VMLINUX_OBJS = $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \
         $(obj)/string.o $(obj)/cmdline.o $(obj)/early_serial_console.o \
-        $(obj)/piggy.o $(obj)/cpuflags.o
+        $(obj)/piggy.o $(obj)/cpuflags.o $(obj)/aslr.o
 
 $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone
 
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
new file mode 100644
index 000000000000..b73cc66d201e
--- /dev/null
+++ b/arch/x86/boot/compressed/aslr.c
@@ -0,0 +1,23 @@
+#include "misc.h"
+
+#ifdef CONFIG_RANDOMIZE_BASE
+
+unsigned char *choose_kernel_location(unsigned char *input,
+                                      unsigned long input_size,
+                                      unsigned char *output,
+                                      unsigned long output_size)
+{
+        unsigned long choice = (unsigned long)output;
+
+        if (cmdline_find_option_bool("nokaslr")) {
+                debug_putstr("KASLR disabled...\n");
+                goto out;
+        }
+
+        /* XXX: choose random location. */
+
+out:
+        return (unsigned char *)choice;
+}
+
+#endif /* CONFIG_RANDOMIZE_BASE */
diff --git a/arch/x86/boot/compressed/cmdline.c b/arch/x86/boot/compressed/cmdline.c
index bffd73b45b1f..b68e3033e6b9 100644
--- a/arch/x86/boot/compressed/cmdline.c
+++ b/arch/x86/boot/compressed/cmdline.c
@@ -1,6 +1,6 @@
 #include "misc.h"
 
-#ifdef CONFIG_EARLY_PRINTK
+#if CONFIG_EARLY_PRINTK || CONFIG_RANDOMIZE_BASE
 
 static unsigned long fs;
 static inline void set_fs(unsigned long seg)
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 5d6f6891b188..9116aac232c7 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -117,9 +117,11 @@ preferred_addr:
         addl    %eax, %ebx
         notl    %eax
         andl    %eax, %ebx
-#else
-        movl    $LOAD_PHYSICAL_ADDR, %ebx
+        cmpl    $LOAD_PHYSICAL_ADDR, %ebx
+        jge     1f
 #endif
+        movl    $LOAD_PHYSICAL_ADDR, %ebx
+1:
 
         /* Target address to relocate to for decompression */
         addl    $z_extract_offset, %ebx
@@ -191,14 +193,14 @@ relocated:
         leal    boot_heap(%ebx), %eax
         pushl   %eax            /* heap area */
         pushl   %esi            /* real mode pointer */
-        call    decompress_kernel
+        call    decompress_kernel /* returns kernel location in %eax */
         addl    $24, %esp
 
 /*
  * Jump to the decompressed kernel.
  */
         xorl    %ebx, %ebx
-        jmp     *%ebp
+        jmp     *%eax
 
 /*
  * Stack and heap for uncompression
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index c337422b575d..c5c1ae0997e7 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -94,9 +94,11 @@ ENTRY(startup_32)
         addl    %eax, %ebx
         notl    %eax
         andl    %eax, %ebx
-#else
-        movl    $LOAD_PHYSICAL_ADDR, %ebx
+        cmpl    $LOAD_PHYSICAL_ADDR, %ebx
+        jge     1f
 #endif
+        movl    $LOAD_PHYSICAL_ADDR, %ebx
+1:
 
         /* Target address to relocate to for decompression */
         addl    $z_extract_offset, %ebx
@@ -269,9 +271,11 @@ preferred_addr:
         addq    %rax, %rbp
         notq    %rax
         andq    %rax, %rbp
-#else
-        movq    $LOAD_PHYSICAL_ADDR, %rbp
+        cmpq    $LOAD_PHYSICAL_ADDR, %rbp
+        jge     1f
 #endif
+        movq    $LOAD_PHYSICAL_ADDR, %rbp
+1:
 
         /* Target address to relocate to for decompression */
         leaq    z_extract_offset(%rbp), %rbx
@@ -339,13 +343,13 @@ relocated:
         movl    $z_input_len, %ecx      /* input_len */
         movq    %rbp, %r8               /* output target address */
         movq    $z_output_len, %r9      /* decompressed length */
-        call    decompress_kernel
+        call    decompress_kernel       /* returns kernel location in %rax */
         popq    %rsi
 
 /*
  * Jump to the decompressed kernel.
  */
-        jmp     *%rbp
+        jmp     *%rax
 
         .code32
 no_longmode:
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 434f077d2c4d..71387685dc16 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -395,7 +395,7 @@ static void parse_elf(void *output)
         free(phdrs);
 }
 
-asmlinkage void decompress_kernel(void *rmode, memptr heap,
+asmlinkage void *decompress_kernel(void *rmode, memptr heap,
                                   unsigned char *input_data,
                                   unsigned long input_len,
                                   unsigned char *output,
@@ -422,6 +422,10 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
         free_mem_ptr     = heap;        /* Heap */
         free_mem_end_ptr = heap + BOOT_HEAP_SIZE;
 
+        output = choose_kernel_location(input_data, input_len,
+                                        output, output_len);
+
+        /* Validate memory location choices. */
         if ((unsigned long)output & (MIN_KERNEL_ALIGN - 1))
                 error("Destination address inappropriately aligned");
 #ifdef CONFIG_X86_64
@@ -441,5 +445,5 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
         parse_elf(output);
         handle_relocations(output, output_len);
         debug_putstr("done.\nBooting the kernel.\n");
-        return;
+        return output;
 }
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index 674019d8e235..9077af7fd0b8 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -39,23 +39,38 @@ static inline void debug_putstr(const char *s)
 
 #endif
 
-#ifdef CONFIG_EARLY_PRINTK
-
+#if CONFIG_EARLY_PRINTK || CONFIG_RANDOMIZE_BASE
 /* cmdline.c */
 int cmdline_find_option(const char *option, char *buffer, int bufsize);
 int cmdline_find_option_bool(const char *option);
+#endif
 
-/* early_serial_console.c */
-extern int early_serial_base;
-void console_init(void);
 
+#if CONFIG_RANDOMIZE_BASE
+/* aslr.c */
+unsigned char *choose_kernel_location(unsigned char *input,
+                                      unsigned long input_size,
+                                      unsigned char *output,
+                                      unsigned long output_size);
 #else
+static inline
+unsigned char *choose_kernel_location(unsigned char *input,
+                                      unsigned long input_size,
+                                      unsigned char *output,
+                                      unsigned long output_size)
+{
+        return output;
+}
+#endif
 
+#ifdef CONFIG_EARLY_PRINTK
 /* early_serial_console.c */
+extern int early_serial_base;
+void console_init(void);
+#else
 static const int early_serial_base;
 static inline void console_init(void)
 { }
-
 #endif
 
 #endif