Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753310AbcDURos (ORCPT ); Thu, 21 Apr 2016 13:44:48 -0400 Received: from mx2.suse.de ([195.135.220.15]:37193 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751720AbcDURoq (ORCPT ); Thu, 21 Apr 2016 13:44:46 -0400 Date: Thu, 21 Apr 2016 19:44:23 +0200 From: Borislav Petkov To: Kees Cook Cc: Ingo Molnar , Baoquan He , Yinghai Lu , Ingo Molnar , x86@kernel.org, Andrew Morton , Andrey Ryabinin , Dmitry Vyukov , "H.J. Lu" , Josh Poimboeuf , Andy Lutomirski , linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/5] x86, KASLR: Drop CONFIG_RANDOMIZE_BASE_MAX_OFFSET Message-ID: <20160421174423.GD29616@pd.tnic> References: <1461185746-8017-1-git-send-email-keescook@chromium.org> <1461185746-8017-3-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1461185746-8017-3-git-send-email-keescook@chromium.org> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3301 Lines: 81 On Wed, Apr 20, 2016 at 01:55:43PM -0700, Kees Cook wrote: > From: Baoquan He > > Currently CONFIG_RANDOMIZE_BASE_MAX_OFFSET is used to limit the maximum > offset for kernel randomization. This limit doesn't need to be a CONFIG > since it is tied completely to KERNEL_IMAGE_SIZE, and will make no sense > once physical and virtual offsets are randomized separately. This patch > removes CONFIG_RANDOMIZE_BASE_MAX_OFFSET and consolidates the Kconfig > help text. > > Signed-off-by: Baoquan He > [kees: rewrote changelog, dropped KERNEL_IMAGE_SIZE_DEFAULT, rewrote help] > Signed-off-by: Kees Cook > --- > arch/x86/Kconfig | 72 ++++++++++++++---------------------- > arch/x86/boot/compressed/kaslr.c | 12 +++--- > arch/x86/include/asm/page_64_types.h | 8 ++-- > arch/x86/mm/init_32.c | 3 -- > 4 files changed, 36 insertions(+), 59 deletions(-) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 2dc18605831f..5892d549596d 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1932,54 +1932,38 @@ config RELOCATABLE > (CONFIG_PHYSICAL_START) is used as the minimum location. > > config RANDOMIZE_BASE > - bool "Randomize the address of the kernel image" > + bool "Randomize the address of the kernel image (KASLR)" > depends on RELOCATABLE > default n > ---help--- > - Randomizes the physical and virtual address at which the > - kernel image is decompressed, as a security feature that > - deters exploit attempts relying on knowledge of the location > - of kernel internals. > + In support of Kernel Address Space Layout Randomization (KASLR), > + this randomizes the physical address at which the kernel image > + is decompressed and the virtual address where the kernel Just say "loaded" here. > + image is mapped, as a security feature that deters exploit > + attempts relying on knowledge of the location of kernel > + code internals. > + > + The kernel physical and virtual address can be randomized > + from 16MB up to 1GB on 64-bit and 512MB on 32-bit. (Note that > + using RANDOMIZE_BASE reduces the memory space available to > + kernel modules from 1.5GB to 1GB.) > + > + Entropy is generated using the RDRAND instruction if it is > + supported. If RDTSC is supported, its value is mixed into > + the entropy pool as well. If neither RDRAND nor RDTSC are > + supported, then entropy is read from the i8254 timer. > + > + Since the kernel is built using 2GB addressing, Does that try to refer to the 1G kernel and 1G fixmap pagetable mappings? I.e., level2_kernel_pgt and level2_fixmap_pgt in arch/x86/kernel/head_64.S? > and > + PHYSICAL_ALIGN must be at a minimum of 2MB, only 10 bits of > + entropy is theoretically possible. Currently, with the > + default value for PHYSICAL_ALIGN and due to page table > + layouts, 64-bit uses 9 bits of entropy and 32-bit uses 8 bits. > + > + If CONFIG_HIBERNATE is also enabled, KASLR is disabled at boot > + time. To enable it, boot with "kaslr" on the kernel command > + line (which will also disable hibernation). ... -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --