| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Dec 2020 12:05:10 +0800
From: Jiaxun Yang <jiaxun.yang@...goat.com>
To: Jinyang He <hejinyang@...ngson.cn>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Huacai Chen <chenhc@...ote.com>
Cc: linux-mips@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] MIPS: Loongson64: Add KASLR support
在 2020/11/25 下午6:07, Jinyang He 写道:
> Provide a weak plat_get_fdt() in relocate.c in case some platform enable
> USE_OF while plat_get_fdt() is useless.
>
> 1MB RELOCATION_TABLE_SIZE is small for Loongson64 because too many
> instructions should be relocated. 2MB is enough in present.
>
> Add KASLR support for Loongson64.
>
> KASLR(kernel address space layout randomization)
>
> To enable KASLR on Loongson64:
> First, make loongson3_defconfig.
> Then, enable CONFIG_RELOCATABLE and CONFIG_RANDOMIZE_BASE.
> Finally, compile the kernel.
>
> To test KASLR on Loongson64:
> Start machine with KASLR kernel.
>
> The first time:
> # cat /proc/iomem
> 00200000-0effffff : System RAM
> 02f30000-03895e9f : Kernel code
> 03895ea0-03bc7fff : Kernel data
> 03e30000-04f43f7f : Kernel bss
>
> The second time:
> # cat /proc/iomem
> 00200000-0effffff : System RAM
> 022f0000-02c55e9f : Kernel code
> 02c55ea0-02f87fff : Kernel data
> 031f0000-04303f7f : Kernel bss
>
> We see that code, data and bss sections become randomize.
>
> Signed-off-by: Jinyang He <hejinyang@...ngson.cn>
> ---
>
> v2:
> - Define weak plat_get_fdt() in relocate.c
> - Add default RELOCATION_TABLE_SIZE for Loongson64
>
> arch/mips/Kconfig | 5 ++++-
> arch/mips/kernel/relocate.c | 7 +++++++
> 2 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
> index 0f638bf..44a47ad 100644
> --- a/arch/mips/Kconfig
> +++ b/arch/mips/Kconfig
> @@ -488,6 +488,7 @@ config MACH_LOONGSON64
> select SYS_SUPPORTS_HIGHMEM
> select SYS_SUPPORTS_LITTLE_ENDIAN
> select SYS_SUPPORTS_ZBOOT
> + select SYS_SUPPORTS_RELOCATABLE
> select ZONE_DMA32
> select NUMA
> select SMP
> @@ -2778,7 +2779,8 @@ config RELOCATABLE
> depends on CPU_MIPS32_R2 || CPU_MIPS64_R2 || \
> CPU_MIPS32_R5 || CPU_MIPS64_R5 || \
> CPU_MIPS32_R6 || CPU_MIPS64_R6 || \
> - CPU_P5600 || CAVIUM_OCTEON_SOC
> + CPU_P5600 || CAVIUM_OCTEON_SOC || \
> + CPU_LOONGSON64
> help
> This builds a kernel image that retains relocation information
> so it can be loaded someplace besides the default 1MB.
> @@ -2789,6 +2791,7 @@ config RELOCATION_TABLE_SIZE
> hex "Relocation table size"
> depends on RELOCATABLE
> range 0x0 0x01000000
> + default "0x00200000" if CPU_LOONGSON64
> default "0x00100000"
Not relevant to the patch but how would we now if the reloc table is to
small?
Is it possible to have a kind of checking script?
Thanks.
- Jiaxun
> help
> A table of relocation data will be appended to the kernel binary
> diff --git a/arch/mips/kernel/relocate.c b/arch/mips/kernel/relocate.c
> index 8561c7a..57bdd276 100644
> --- a/arch/mips/kernel/relocate.c
> +++ b/arch/mips/kernel/relocate.c
> @@ -294,6 +294,13 @@ static inline int __init relocation_addr_valid(void *loc_new)
> return 1;
> }
>
> +#if defined(CONFIG_USE_OF)
> +void __weak *plat_get_fdt(void)
> +{
> + return NULL;
> +}
> +#endif
> +
> void *__init relocate_kernel(void)
> {
> void *loc_new;
Powered by blists - more mailing lists