Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935126Ab3DOVo4 (ORCPT ); Mon, 15 Apr 2013 17:44:56 -0400 Received: from mail-wi0-f181.google.com ([209.85.212.181]:54681 "EHLO mail-wi0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755898Ab3DOVoy (ORCPT ); Mon, 15 Apr 2013 17:44:54 -0400 MIME-Version: 1.0 In-Reply-To: References: <1365797627-20874-1-git-send-email-keescook@chromium.org> <1365797627-20874-7-git-send-email-keescook@chromium.org> <516A1D49.1050100@zytor.com> <516C702C.2030209@zytor.com> Date: Mon, 15 Apr 2013 14:44:53 -0700 Message-ID: Subject: Re: [PATCH 6/6] x86: kaslr: relocate base offset at boot From: Eric Northup To: Kees Cook Cc: "H. Peter Anvin" , Yinghai Lu , Linux Kernel Mailing List , "kernel-hardening@lists.openwall.com" , Thomas Gleixner , Ingo Molnar , "the arch/x86 maintainers" , Jarkko Sakkinen , Matthew Garrett , Matt Fleming , Dan Rosenberg , Julien Tinnes , Will Drewry Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2086 Lines: 52 W/the relocation information, we can pick the virtual address to load at independent from the physical load address. On Mon, Apr 15, 2013 at 2:41 PM, Kees Cook wrote: > On Mon, Apr 15, 2013 at 2:25 PM, H. Peter Anvin wrote: >> On 04/15/2013 02:06 PM, Eric Northup wrote: >>> On Sat, Apr 13, 2013 at 8:06 PM, H. Peter Anvin wrote: >>>> On 04/13/2013 05:37 PM, Yinghai Lu wrote: >>>>> >>>>> so decompress code position is changed? >>>>> >>>>> You may push out bss and other data area of run-time kernel of limit >>>>> that boot loader >>>>> chose according to setup_header.init_size. >>>>> aka that make those area overlap with ram hole or other area like >>>>> boot command line or initrd.... >>>>> >>>> >>>> Is there a strong reason to randomize the physical address on 64 bits >>>> (and if so, shouldn't we do it right?) >>> >>> The reason to randomize the physical address is because of the kernel >>> direct mapping range -- a predictable-to-attackers physical address >>> implies a predictable-to-attackers virtual address. >>> >>> It had seemed to me like changing the virtual base of the direct >>> mapping would be much more involved than physically relocating the >>> kernel, but better suggestions would be most welcome :-) >>> >> >> You seem to be missing something here... >> >> There are *two* mappings in 64-bit mode. Physically, if you're going to >> randomize you might as well randomize over the entire range... except >> not too far down (on either 32 or 64 bit mode)... in particular, you >> don't want to drop below 16 MiB if you can avoid it. >> >> On 64 bits, there is no reason the virtual address has to be randomized >> the same way. > > Aren't we bound by the negative 2GB addressing due to -mcmodel=kernel? > > -Kees > > -- > Kees Cook > Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/