| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Apr 2015 09:25:15 +0800 From: Baoquan He <bhe@...hat.com> To: Yinghai Lu <yinghai@...nel.org> Cc: Matt Fleming <matt.fleming@...el.com>, "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>, Jiri Kosina <jkosina@...e.cz>, Kees Cook <keescook@...omium.org>, Borislav Petkov <bp@...e.de>, Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org Subject: Re: [PATCH v5 00/19] x86, boot: kaslr cleanup and 64bit kaslr support Hi Yinghai, Seems this patchset contains much content at one time so that it's not very convenient to understand and review. Could it be made by 2 or 3 steps? like Firstly post a patchset to handle kaslr putting kernel above 4G. This involves many lines of code change but its concept is simple. And code change can be understood and reviewed very easily. Secondly a patchset to clean up the VO/ZO/runsize issue. This involves less codes but very complicated and a good description is necessary. At last, based on the 2nd change handle the mem_avoid issue and furthur clean up issues, then based on them kaslr can random to below the loaded address. Otherwise this patchset got too much fix. Reviewers need spend much time to understand and review. And also not easy to explain each of them and connections between them. What do you think? Thanks Baoquan On 03/18/15 at 12:28am, Yinghai Lu wrote: > First make ZO (arch/x86/boot/compressed/vmlinux) data region is not > overwritten by VO (vmlinux) after decompress. So could pass data from ZO to VO. > > Second one is second try for kaslr_setup_data support. > > Patch 3-11, are kaslr clean up and enable ident mapping for He's patches. > kill run_size calculation shell scripts. > create new ident mapping for kasl 64bit, so we can cover > above 4G random kernel base, also don't need to track pagetable > for 64bit bootloader (patched grub2 or kexec). > that will make mem_avoid handling simple. > > Also put 7 patches from He that support random random, as I already used > his patches to test the ident mapping code, and could save some rebase > work for him. > > also at: > git://git.kernel.org/pub/scm/linux/kernel/git/yinghai/linux-yinghai.git for-x86-4.0-rc5-aslr > > Thanks > > Yinghai > > > Baoquan He (7): > x86, kaslr: Fix a bug that relocation can not be handled when kernel is loaded above 2G > x86, kaslr: Introduce struct slot_area to manage randomization slot info > x86, kaslr: Add two functions which will be used later > x86, kaslr: Introduce fetch_random_virt_offset to randomize the kernel text mapping address > x86, kaslr: Randomize physical and virtual address of kernel separately > x86, kaslr: Add support of kernel physical address randomization above 4G > x86, kaslr: Remove useless codes > > Jiri Kosina (1): > x86, kaslr: Propagate base load address calculation v2 > > Yinghai Lu (11): > x86, boot: Make data from decompress_kernel stage live longer > x86, boot: Simplify run_size calculation > x86, kaslr: Kill not used run_size related code. > x86, kaslr: Use output_run_size > x86, kaslr: Consolidate mem_avoid array filling > x86, boot: Move z_extract_offset calculation to header.S > x86, kaslr: Get correct max_addr for relocs pointer > x86, boot: Split kernel_ident_mapping_init to another file > x86, 64bit: Set ident_mapping for kaslr > x86, boot: Add checking for memcpy > x86, kaslr: Allow random address could be below loaded address > > arch/x86/boot/Makefile | 13 +- > arch/x86/boot/compressed/Makefile | 19 ++- > arch/x86/boot/compressed/aslr.c | 281 ++++++++++++++++++++++++--------- > arch/x86/boot/compressed/head_32.S | 14 +- > arch/x86/boot/compressed/head_64.S | 15 +- > arch/x86/boot/compressed/misc.c | 71 +++++---- > arch/x86/boot/compressed/misc.h | 32 ++-- > arch/x86/boot/compressed/misc_pgt.c | 91 +++++++++++ > arch/x86/boot/compressed/mkpiggy.c | 28 +--- > arch/x86/boot/compressed/string.c | 28 +++- > arch/x86/boot/compressed/vmlinux.lds.S | 2 + > arch/x86/boot/header.S | 43 ++++- > arch/x86/include/asm/aslr.h | 10 ++ > arch/x86/include/asm/boot.h | 19 +++ > arch/x86/include/asm/page.h | 5 + > arch/x86/include/asm/page_types.h | 2 + > arch/x86/include/uapi/asm/bootparam.h | 1 + > arch/x86/kernel/asm-offsets.c | 1 + > arch/x86/kernel/module.c | 10 +- > arch/x86/kernel/setup.c | 27 +++- > arch/x86/kernel/vmlinux.lds.S | 1 + > arch/x86/mm/ident_map.c | 74 +++++++++ > arch/x86/mm/init_64.c | 74 +-------- > arch/x86/tools/calc_run_size.sh | 42 ----- > 24 files changed, 610 insertions(+), 293 deletions(-) > create mode 100644 arch/x86/boot/compressed/misc_pgt.c > create mode 100644 arch/x86/include/asm/aslr.h > create mode 100644 arch/x86/mm/ident_map.c > delete mode 100644 arch/x86/tools/calc_run_size.sh > > -- > 1.8.4.5 > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists