lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230724-sanded-dental-c9125c76ad74@wendy>
Date:   Mon, 24 Jul 2023 15:31:01 +0100
From:   Conor Dooley <conor.dooley@...rochip.com>
To:     Alexandre Ghiti <alexghiti@...osinc.com>
CC:     Paul Walmsley <paul.walmsley@...ive.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Albert Ou <aou@...s.berkeley.edu>,
        Ard Biesheuvel <ardb@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        <linux-riscv@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
        <linux-efi@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>
Subject: Re: [PATCH v6 0/5] riscv: Introduce KASLR

Hey Alex,

On Sat, Jul 22, 2023 at 02:38:45PM +0200, Alexandre Ghiti wrote:
> The following KASLR implementation allows to randomize the kernel mapping:
> 
> - virtually: we expect the bootloader to provide a seed in the device-tree
> - physically: only implemented in the EFI stub, it relies on the firmware to
>   provide a seed using EFI_RNG_PROTOCOL. arm64 has a similar implementation
>   hence the patch 3 factorizes KASLR related functions for riscv to take
>   advantage.
> 
> The new virtual kernel location is limited by the early page table that only
> has one PUD and with the PMD alignment constraint, the kernel can only take
> < 512 positions.

I gave this all a go today, it seems to do what it it says on the tin,
and crashing my kernel does dump out an offset etc.

Tested-by: Conor Dooley <conor.dooley@...rochip.com>

I'll hopefully get some time later in the week to go through the code.

Cheers,
Conor.


Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ