Date: Fri, 05 Apr 2013 13:29:03 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Yinghai Lu <yinghai@...nel.org> CC: Kees Cook <keescook@...omium.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, kernel-hardening@...ts.openwall.com, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, the arch/x86 maintainers <x86@...nel.org>, Jarkko Sakkinen <jarkko.sakkinen@...el.com>, Matthew Garrett <mjg@...hat.com>, Matt Fleming <matt.fleming@...el.com>, Eric Northup <digitaleric@...gle.com>, Dan Rosenberg <drosenberg@...curity.com>, Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org> Subject: Re: [PATCH 3/3] x86: kernel base offset ASLR On 04/05/2013 01:19 PM, Yinghai Lu wrote: > On Fri, Apr 5, 2013 at 1:05 PM, H. Peter Anvin <hpa@...or.com> wrote: > >> That makes zero difference, since the issue at hand is the *virtual* >> addresses the kernel are running at. Currently, the 64-bit kernel >> always runs at 0xffffffff81000000 virtual. We can't run out of >> arbitrary bits of the 64-bit address space because of the memory model. > > Not sure if I understand this. > > when bzImage64 is loaded high, the kernel high address 0xffffffff81000000 > is pointed to phys address above 4G without problem. > That' s the problem. KASLR is about randomizing the *virtual* address space, not the *physical* address space. On 32 bits those are connected (which is a problem all on its own), on 64 bits not so much. >> >> Furthermore, dealing with the boot loaders means dealing with the boot >> loader maintainers, which can be insanely painful. Consider that Grub2, >> 10 years after this was implemented, still can't load more than one >> initramfs component. > > syslinux and pxelinux could do that? > Yes, they can.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.