Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1628099ybi; Thu, 20 Jun 2019 00:47:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqy+ZwTLhoMR3BmBH4hZNYk8A0ndJytF0xeN11GvzcRPfNL27IlY5XjaWjGuYfbKSxBut2PH X-Received: by 2002:a62:2643:: with SMTP id m64mr125586724pfm.46.1561016877699; Thu, 20 Jun 2019 00:47:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561016877; cv=none; d=google.com; s=arc-20160816; b=kbpctPP6y5pJhha8xQbIMXKf/CkAWFIh0815UZ6E6rJWaEGtNRg0L5DqAqtYx/vsb7 MPFMlOu1RAo4E6umXs5W4sg4l57djKMuuYCEjANkKimTRz1Z15K1fdZIFLIhZhhrxctx uCXqSibMBjCHqczfDTbBlFpdA4TXrm/yxb3CBX1EvTqyDeo+3OZxkaXl2YZOm/TL+SE4 9faEvII0GozAM0PcaqZo1NWBWkrBdsXeY7Us+xC9Utv/NyUp8fgQeDitB3WPA1/CMCmv +O47Z7pM4K9KL6rUjCTjxprggQaskNHQKgTaSEglebZjKLpWZyYrnSa6aHJw0WhpfZrp KVRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=NmLWhKVDKaSVwFH+n4u724TS9Za0Os3Y8HWVvaOLgZc=; b=Kre40iArEq0XuFfjKXa2twGpMaWlbpvoreicVv8W5X6yRVXKdkgYL5alTzL2md7K9U 6QMBD1nQMzSlQNIViZdPjaF4xBJ3g5VQDddd7BLtmS5yPy251A6g207DQQThBhlPVacc 40TuDDu6CedpQ/fnadJBGwbg4s/dX8WLrsyK8Fz68zJ9+BByy/+8vueIgSA6sF/2DOwZ QPfggGLP9yb2BwDwAL9oqanoxwF41w8h8As9xXk/ldp5UUaMzvmq8FSMdk5xbnPiTdwZ G5/hhYbmF3/x5igkaA990pL1K2vNCcVOezuu4UyiQ8BCzUcHzQM5S/Wm+r8VBlotIlh2 J7OQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w16si14577010plp.329.2019.06.20.00.47.42; Thu, 20 Jun 2019 00:47:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730669AbfFTHrJ (ORCPT + 99 others); Thu, 20 Jun 2019 03:47:09 -0400 Received: from foss.arm.com ([217.140.110.172]:51788 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726381AbfFTHrJ (ORCPT ); Thu, 20 Jun 2019 03:47:09 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7F1BF344; Thu, 20 Jun 2019 00:47:08 -0700 (PDT) Received: from brain-police (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 191683F246; Thu, 20 Jun 2019 00:47:04 -0700 (PDT) Date: Thu, 20 Jun 2019 08:46:58 +0100 From: Will Deacon To: Nick Desaulniers Cc: catalin.marinas@arm.com, ard.biesheuvel@linaro.org, broonie@kernel.org, mark.rutland@arm.com, Olof Johansson , Maxime Ripard , Jagan Teki , Arnd Bergmann , Shawn Guo , Bjorn Andersson , Dinh Nguyen , Enric Balletbo i Serra , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] arm64: defconfig: update and enable CONFIG_RANDOMIZE_BASE Message-ID: <20190620074640.GA27228@brain-police> References: <20190620003244.261595-1-ndesaulniers@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190620003244.261595-1-ndesaulniers@google.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Nick, On Wed, Jun 19, 2019 at 05:32:42PM -0700, Nick Desaulniers wrote: > Generated via: > $ ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make defconfig > $ ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make menuconfig > > $ ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make savedefconfig > $ mv defconfig arch/arm64/configs/defconfig Hmm, I'm in two minds about whether we want this on by default. On the plus side, it gets us extra testing coverage, although the /vast/ majority of firmware implementations I run into either don't pass a seed or don't provide a working EFI_RNG. Perhaps that's just a chicken-and-egg problem which can be solved if we shout loud enough when we fail to randomize; we'll also eventually be in a better position when CPUs start implementing the v8.5 RNG instructions (but don't hold your breath unless you have an unusually high lung capacity). On the flip side, I worry that it could make debugging more difficult, but I don't know whether that's a genuine concern or not. I'm assuming you've debugged your fair share of crashes from KASLR-enabled kernels; how bad is it? (I'm thinking of the case where somebody mails you part of a panic log and a .config). Irrespective of the above, I know Catalin was running into issues with his automated tests where the kernel would die silently during early boot with some seeds. That's a bit rubbish if it's still the case -- Catalin? Finally, I know that (K)ASLR can be a bit controversial amongst security folks, with some seeing it as purely a smoke-and-mirrors game with no tangible benefits other than making us feel better about ourselves. Is it still the case that it can be trivially bypassed, or do you see it actually preventing some attacks in production? Sorry for the barrage of questions, but I think enabling this one by default is quite a significant thing to do and probably deserves a bit of scrutiny beforehand. Cheers, Will