lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1606298866-7086-1-git-send-email-hejinyang@loongson.cn>
Date:   Wed, 25 Nov 2020 18:07:46 +0800
From:   Jinyang He <hejinyang@...ngson.cn>
To:     Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        Huacai Chen <chenhc@...ote.com>,
        Jiaxun Yang <jiaxun.yang@...goat.com>
Cc:     linux-mips@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH v2 2/2] MIPS: Loongson64: Add KASLR support

Provide a weak plat_get_fdt() in relocate.c in case some platform enable
USE_OF while plat_get_fdt() is useless.

1MB RELOCATION_TABLE_SIZE is small for Loongson64 because too many
instructions should be relocated. 2MB is enough in present.

Add KASLR support for Loongson64.

KASLR(kernel address space layout randomization)

To enable KASLR on Loongson64:
First, make loongson3_defconfig.
Then, enable CONFIG_RELOCATABLE and CONFIG_RANDOMIZE_BASE.
Finally, compile the kernel.

To test KASLR on Loongson64:
Start machine with KASLR kernel.

The first time:
# cat /proc/iomem
00200000-0effffff : System RAM
  02f30000-03895e9f : Kernel code
  03895ea0-03bc7fff : Kernel data
  03e30000-04f43f7f : Kernel bss

The second time:
# cat /proc/iomem
00200000-0effffff : System RAM
  022f0000-02c55e9f : Kernel code
  02c55ea0-02f87fff : Kernel data
  031f0000-04303f7f : Kernel bss

We see that code, data and bss sections become randomize.

Signed-off-by: Jinyang He <hejinyang@...ngson.cn>
---

v2:
- Define weak plat_get_fdt() in relocate.c
- Add default RELOCATION_TABLE_SIZE for Loongson64

 arch/mips/Kconfig           | 5 ++++-
 arch/mips/kernel/relocate.c | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 0f638bf..44a47ad 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -488,6 +488,7 @@ config MACH_LOONGSON64
 	select SYS_SUPPORTS_HIGHMEM
 	select SYS_SUPPORTS_LITTLE_ENDIAN
 	select SYS_SUPPORTS_ZBOOT
+	select SYS_SUPPORTS_RELOCATABLE
 	select ZONE_DMA32
 	select NUMA
 	select SMP
@@ -2778,7 +2779,8 @@ config RELOCATABLE
 	depends on CPU_MIPS32_R2 || CPU_MIPS64_R2 || \
 		   CPU_MIPS32_R5 || CPU_MIPS64_R5 || \
 		   CPU_MIPS32_R6 || CPU_MIPS64_R6 || \
-		   CPU_P5600 || CAVIUM_OCTEON_SOC
+		   CPU_P5600 || CAVIUM_OCTEON_SOC || \
+		   CPU_LOONGSON64
 	help
 	  This builds a kernel image that retains relocation information
 	  so it can be loaded someplace besides the default 1MB.
@@ -2789,6 +2791,7 @@ config RELOCATION_TABLE_SIZE
 	hex "Relocation table size"
 	depends on RELOCATABLE
 	range 0x0 0x01000000
+	default "0x00200000" if CPU_LOONGSON64
 	default "0x00100000"
 	help
 	  A table of relocation data will be appended to the kernel binary
diff --git a/arch/mips/kernel/relocate.c b/arch/mips/kernel/relocate.c
index 8561c7a..57bdd276 100644
--- a/arch/mips/kernel/relocate.c
+++ b/arch/mips/kernel/relocate.c
@@ -294,6 +294,13 @@ static inline int __init relocation_addr_valid(void *loc_new)
 	return 1;
 }
 
+#if defined(CONFIG_USE_OF)
+void __weak *plat_get_fdt(void)
+{
+	return NULL;
+}
+#endif
+
 void *__init relocate_kernel(void)
 {
 	void *loc_new;
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ