The following commit has been merged into the x86/kaslr branch of tip: Commit-ID: f49236ae424d499d02ee3ce35fb9130ddf95b03f Gitweb: https://git.kernel.org/tip/f49236ae424d499d02ee3ce35fb9130ddf95b03f Author: Arvind Sankar <nivedita@xxxxxxxxxxxx> AuthorDate: Tue, 28 Jul 2020 18:57:22 -04:00 Committer: Ingo Molnar <mingo@xxxxxxxxxx> CommitterDate: Fri, 31 Jul 2020 11:08:17 +02:00 x86/kaslr: Add a check that the random address is in range Check in find_random_phys_addr() that the chosen address is inside the range that was required. Signed-off-by: Arvind Sankar <nivedita@xxxxxxxxxxxx> Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx> Link: https://lore.kernel.org/r/20200728225722.67457-22-nivedita@xxxxxxxxxxxx --- arch/x86/boot/compressed/kaslr.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 80cdd20..735fcb2 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -803,6 +803,8 @@ static void process_e820_entries(unsigned long minimum, static unsigned long find_random_phys_addr(unsigned long minimum, unsigned long image_size) { + u64 phys_addr; + /* Bail out early if it's impossible to succeed. */ if (minimum + image_size > mem_limit) return 0; @@ -816,7 +818,15 @@ static unsigned long find_random_phys_addr(unsigned long minimum, if (!process_efi_entries(minimum, image_size)) process_e820_entries(minimum, image_size); - return slots_fetch_random(); + phys_addr = slots_fetch_random(); + + /* Perform a final check to make sure the address is in range. */ + if (phys_addr < minimum || phys_addr + image_size > mem_limit) { + warn("Invalid physical address chosen!\n"); + return 0; + } + + return (unsigned long)phys_addr; } static unsigned long find_random_virt_addr(unsigned long minimum,