[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1504271335020.16113@pobox.suse.cz>
Date: Mon, 27 Apr 2015 16:28:58 +0200 (CEST)
From: Jiri Kosina <jkosina@...e.cz>
To: x86@...nel.org, Borislav Petkov <bp@...en8.de>,
Kees Cook <keescook@...omium.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Seth Jennings <sjenning@...hat.com>,
Vojtech Pavlik <vojtech@...e.cz>
cc: linux-kernel@...r.kernel.org, live-patching@...r.kernel.org
Subject: [PATCH 2/2] livepatch: x86: make kASLR logic more accurate
We give up old_addr hint from the coming patch module in cases when kernel
load base has been randomized (as in such case, the coming module has no
idea about the exact randomization offset).
We are currently too pessimistic, and give up immediately as soon as
CONFIG_RANDOMIZE_BASE is set; this doesn't however directly imply that the
load base has actually been randomized. There are config options that
disable kASLR (such as hibernation), user could have disabled kaslr on
kernel command-line, etc.
The loader propagates the information whether kernel has been randomized
through bootparams. This allows us to have the condition more accurate.
On top of that, it seems unnecessary to give up old_addr hints even if
randomization is active. The relocation offset can be computed using
kaslr_ofsset(), and therefore old_addr can be adjusted accordingly.
Signed-off-by: Jiri Kosina <jkosina@...e.cz>
---
arch/x86/include/asm/livepatch.h | 1 +
kernel/livepatch/core.c | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/livepatch.h b/arch/x86/include/asm/livepatch.h
index 2d29197..19c099a 100644
--- a/arch/x86/include/asm/livepatch.h
+++ b/arch/x86/include/asm/livepatch.h
@@ -21,6 +21,7 @@
#ifndef _ASM_X86_LIVEPATCH_H
#define _ASM_X86_LIVEPATCH_H
+#include <asm/setup.h>
#include <linux/module.h>
#include <linux/ftrace.h>
diff --git a/kernel/livepatch/core.c b/kernel/livepatch/core.c
index 284e269..0e7c23c 100644
--- a/kernel/livepatch/core.c
+++ b/kernel/livepatch/core.c
@@ -234,8 +234,9 @@ static int klp_find_verify_func_addr(struct klp_object *obj,
int ret;
#if defined(CONFIG_RANDOMIZE_BASE)
- /* KASLR is enabled, disregard old_addr from user */
- func->old_addr = 0;
+ /* If KASLR has been enabled, adjust old_addr accordingly */
+ if (kaslr_enabled() && func->old_addr)
+ func->old_addr += kaslr_offset();
#endif
if (!func->old_addr || klp_is_module(obj))
--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists