Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Apr 2013 13:29:03 -0700
From: "H. Peter Anvin" <>
To: Yinghai Lu <>
CC: Kees Cook <>,
        Linux Kernel Mailing List <>,,
        Thomas Gleixner <>, Ingo Molnar <>,
        the arch/x86 maintainers <>,
        Jarkko Sakkinen <>,
        Matthew Garrett <>,
        Matt Fleming <>,
        Eric Northup <>,
        Dan Rosenberg <>,
        Julien Tinnes <>, Will Drewry <>
Subject: Re: [PATCH 3/3] x86: kernel base offset ASLR

On 04/05/2013 01:19 PM, Yinghai Lu wrote:
> On Fri, Apr 5, 2013 at 1:05 PM, H. Peter Anvin <> wrote:
>> That makes zero difference, since the issue at hand is the *virtual*
>> addresses the kernel are running at.  Currently, the 64-bit kernel
>> always runs at 0xffffffff81000000 virtual.  We can't run out of
>> arbitrary bits of the 64-bit address space because of the memory model.
> Not sure if I understand this.
> when bzImage64 is loaded high,  the kernel high address 0xffffffff81000000
> is pointed to phys address above 4G without problem.

That' s the problem.

KASLR is about randomizing the *virtual* address space, not the
*physical* address space.  On 32 bits those are connected (which is a
problem all on its own), on 64 bits not so much.

>> Furthermore, dealing with the boot loaders means dealing with the boot
>> loader maintainers, which can be insanely painful.  Consider that Grub2,
>> 10 years after this was implemented, still can't load more than one
>> initramfs component.
> syslinux and pxelinux could do that?

Yes, they can.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.