lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170721103347.ticzuwed3ljys6kf@gmail.com>
Date:   Fri, 21 Jul 2017 12:33:47 +0200
From:   Ingo Molnar <mingo@...nel.org>
To:     Baoquan He <bhe@...hat.com>
Cc:     linux-kernel@...r.kernel.org, x86@...nel.org,
        keescook@...omium.org, matt@...eblueprint.co.uk,
        tglx@...utronix.de, hpa@...or.com, izumi.taku@...fujitsu.com,
        fanc.fnst@...fujitsu.com, thgarnie@...gle.com,
        n-horiguchi@...jp.nec.com
Subject: Re: [PATCH v6 RESEND] x86/boot/KASLR: Restrict kernel to be
 randomized in mirror regions


* Baoquan He <bhe@...hat.com> wrote:

> Kernel text may be located in non-mirror regions (movable zone) when both
> address range mirroring feature and KASLR are enabled.
> 
> The address range mirroring feature arranges such mirror region into
> normal zone and other region into movable zone in order to locate
> kernel code and data in mirror region. The physical memory region
> whose descriptors in EFI memory map has EFI_MEMORY_MORE_RELIABLE
> attribute (bit: 16) are mirrored.
> 
> If efi is detected, iterate efi memory map and pick the mirror region to
> process for adding candidate of randomization slot. If efi is disabled
> or no mirror region found, still process e820 memory map.

Please read your own changelogs and capitalize 'EFI' consistently!

Also, what is unclear to me after reading this changelog, what does this patch 
actually achieve, relative to existing behavior?

It would be helpful if it was structured like this:

    Previous behavior was that the kernel would ...

    This patch changes the old behavior so that the kernel now ...

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ