Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3030404pxk; Mon, 28 Sep 2020 06:47:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2b2taXC2nxx+weycTQxphVQPy0y3Fbosx+/wnDRnn4NU3PpHX2kJvCgFRKVn/5Q9Cpgg6 X-Received: by 2002:a17:906:c411:: with SMTP id u17mr1666353ejz.319.1601300820439; Mon, 28 Sep 2020 06:47:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601300820; cv=none; d=google.com; s=arc-20160816; b=xKptw7KkYJVegAhTcuS03f4B50wqmvd2OqQBvtzoSkTbwvkKFDGle+YrV8XftDGkTp m/yq4m48ceflN/Ib35p+CdlOT7el+rGxLEPRRulgU3k8kXgL3WKqZ7CutkwZnk/LOSaQ V+8E+8hgYKKYj/VzIAP13LzMgw/flPMptE90OtFgExAQFzkgtH/GEIG2PnEvNykA/YKS i7miRZwVFv1i42MnEACOXqh+dbuEHXAiSy9BMjojhAxXtgEWu/con8MfS5yTS6rGmIpx IDnnkL0ihl2RQI184LcPUX/KJASqLhuP8hdFCVDB9gSM99j75nP2w6fLpRpTLZSxuISi CCcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=0oYLNU2owXItYr9P/AcypoLK4YHCnMHvEUEZ0T21Kmw=; b=xX34VhWXAi85myotbsU7BuY73tMkZ6QMXLJnwS6Zu5SKPfpnXWqnyyRFxopRdtIfrD gHjUYtisIBPZhoT8zWWKiOkgNAAED2JeoiLy7qH7xrE/r0PriBd2r4Vo2meoaHSZUWRf wONVyr9bJtcq/WWurP3TMAVPdsvF97PJWGqW6qNuwUARLhBTTu25z5PwXjkgWWiQ73OD nJgb3pzangSn96G9NWimme0pCxdG62skvGw6M/2e7Qb1qF6T/P5HiqCyG76ukO8cC405 UWaoPQr71B5o7KFeFSdXavlIEoGiLkMhpwxPC+COVZKoPb+P0QQ3AqejVK0tqY1hybVW 9LFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=BNVdcEwm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f16si595467ejw.579.2020.09.28.06.46.37; Mon, 28 Sep 2020 06:47:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=BNVdcEwm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726573AbgI1Npg (ORCPT + 99 others); Mon, 28 Sep 2020 09:45:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726409AbgI1Npg (ORCPT ); Mon, 28 Sep 2020 09:45:36 -0400 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD7D6C061755 for ; Mon, 28 Sep 2020 06:45:35 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id p15so8565073ejm.7 for ; Mon, 28 Sep 2020 06:45:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0oYLNU2owXItYr9P/AcypoLK4YHCnMHvEUEZ0T21Kmw=; b=BNVdcEwmKLu7UYdR5qEDszaHp8AwI5/LgsYb7Hsdtjf7D6i3k7AeC78Jo/GaShyX40 PQp0zwjoAscJL836jYurIzDYfagXQ9Q2Q3zMYgBzhS6uPDvLnRht11A1HYT5uLviDzlq zfTbKGWHeztMEoUQt0x6zGuswkmdnfDRKnVUODUGJoa42OebAGOLt9f1TRaOUqn3/pUo yo8QuGFykfpZdiU2PziKjCdLoAt4hVRr+wdmIGvw0LMT+UeyOML9+2iPZegCefE5jsGW 7G7kwdnV88wpbmLrdHWwxe1C9ck44FX6rUFcXAjWeiSbTW4wgKmSTA7vtbdaNvTamRCF uDhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0oYLNU2owXItYr9P/AcypoLK4YHCnMHvEUEZ0T21Kmw=; b=PZhbtZc8KdMY2k+Pzn9np7S4X6uJOXeMcjPczLq7ziirZmddgN4aP/ToQX9UC9QJOc uxd9GJF0kQePk+MyyKPpukzCFVo0O4x3cPp4vnMgTUYt/FWawrhv68JMOkYRwFPwgo3b SBsQUGi6975NbaTbvMwGKQEvWjfbyI8MP7UuyAmFVtEz64pXRgDVWXQB7gIV08DzeAaQ ny9LhlYd2qOxo1j7GBlePOBP1TN5WezOGUZNO8JoqM+q5CKVUysACdL4dTpZ6AigNIvF 9G2MF8elOfuLjg6pPRjmjia0HG+Ii0r13GW+D0hapXPyzLonUX9sdrXHEraHelaYNcjE WNtA== X-Gm-Message-State: AOAM531+jT50CM07QMV0OfEunjoz3+mdyYvtXA0JI4Wtz/sSihmX0kq1 nOomRldgsISfdRyTrnro+0GrY7E3XNl+I1hDKYc= X-Received: by 2002:a17:906:e24d:: with SMTP id gq13mr1671104ejb.152.1601300734379; Mon, 28 Sep 2020 06:45:34 -0700 (PDT) MIME-Version: 1.0 References: <202009251301.A1FD183582@keescook> <202009251338.D17FB071@keescook> <202009251647.FD8CECD4@keescook> <202009260933.C603CD8@keescook> In-Reply-To: <202009260933.C603CD8@keescook> From: Pintu Agarwal Date: Mon, 28 Sep 2020 19:15:23 +0530 Message-ID: Subject: Re: KASLR support on ARM with Kernel 4.9 and 4.14 To: Kees Cook Cc: Ard Biesheuvel , Mark Rutland , Arnd Bergmann , Ard Biesheuvel , Marc Zyngier , Dave Martin , Kernelnewbies , Russell King - ARM Linux , open list , Tony Lindgren , matt@codeblueprint.co.uk, nico@linaro.org, Thomas Garnier , "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 26 Sep 2020 at 22:10, Kees Cook wrote: > > >> I wonder if this is an Android Common kernel? > > It uses the below kernel for 4.14: > > https://gitlab.com/quicla/kernel/msm-4.14/-/tree/LE.UM.3.4.2.r1.5 (or > > similar branch). > > Okay, so yes. And this appears to have the hashing of %p backported. I > cannot, however, explain why it's showing hashed pointers instead of > just NULL, though. > > It might be related to these commits but they're not in that kernel: > 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers") > 7bd57fbc4a4d ("vsprintf: don't obfuscate NULL and error pointers") > > > ==> The case where symbol addresses are changing. > > > > kptr_restrict is set to 2 by default: > > / # cat /proc/sys/kernel/kptr_restrict > > 2 > > > > Basically, the goal is: > > * To understand how addresses are changing in 4.14 Kernel (without > > KASLR support)? > > * Is it possible to support the same in 4.9 Kernel ? > > Try setting kptr_restrict to 0 and see if the symbol addresses change? I > suspect Ard is correct: there's no KASLR here, just hashed pointers > behaving weird on an old non-stock kernel. :) > Okay. Thank you so much for your comments and suggestions. You mean to say, setting kptr_restrict to 0 may avoid changing symbol addresses in 4.14 ? And, sorry, I could not understand the thing about this "hashed pointers". How can I check this behavior in source code to understand better? Is it possible to give some reference ? I wanted to disable this hash pointer on 4.14 kernel and check the behavior. Also if possible, we would like to make this similar change on 4.9 kernel as well. Thanks, Pintu