Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 21 Apr 2016 13:18:48 -0700
From: Thomas Garnier <thgarnie@...gle.com>
To: "H. Peter Anvin" <hpa@...or.com>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...e.de>, Andy Lutomirski <luto@...nel.org>, 
	Dmitry Vyukov <dvyukov@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, 
	Dan Williams <dan.j.williams@...el.com>, Kees Cook <keescook@...omium.org>, 
	Stephen Smalley <sds@...ho.nsa.gov>, Seth Jennings <sjennings@...iantweb.net>, 
	Kefeng Wang <wangkefeng.wang@...wei.com>, Jonathan Corbet <corbet@....net>, 
	Matt Fleming <matt@...eblueprint.co.uk>, Toshi Kani <toshi.kani@....com>, 
	Alexander Kuleshov <kuleshovmail@...il.com>, Alexander Popov <alpopov@...ecurity.com>, 
	Joerg Roedel <jroedel@...e.de>, Dave Young <dyoung@...hat.com>, Baoquan He <bhe@...hat.com>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, Mark Salter <msalter@...hat.com>, x86@...nel.org, 
	LKML <linux-kernel@...r.kernel.org>, linux-doc@...r.kernel.org, 
	Greg Thelen <gthelen@...gle.com>, kernel-hardening@...ts.openwall.com
Subject: Re: [RFC v1 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64)

Make sense, thanks for the details.

On Thu, Apr 21, 2016 at 1:15 PM, H. Peter Anvin <hpa@...or.com> wrote:
> On April 21, 2016 8:52:01 AM PDT, Thomas Garnier <thgarnie@...gle.com> wrote:
>>On Thu, Apr 21, 2016 at 8:46 AM, H. Peter Anvin <hpa@...or.com> wrote:
>>> On April 21, 2016 6:30:24 AM PDT, Boris Ostrovsky
>><boris.ostrovsky@...cle.com> wrote:
>>>>
>>>>
>>>>On 04/15/2016 06:03 PM, Thomas Garnier wrote:
>>>>> +void __init kernel_randomize_memory(void)
>>>>> +{
>>>>> +    size_t i;
>>>>> +    unsigned long addr = memory_rand_start;
>>>>> +    unsigned long padding, rand, mem_tb;
>>>>> +    struct rnd_state rnd_st;
>>>>> +    unsigned long remain_padding = memory_rand_end -
>>memory_rand_start;
>>>>> +
>>>>> +    if (!kaslr_enabled())
>>>>> +            return;
>>>>> +
>>>>> +    /* Take the additional space when Xen is not active. */
>>>>> +    if (!xen_domain())
>>>>> +            page_offset_base -= __XEN_SPACE;
>>>>
>>>>This should be !xen_pv_domain(). Xen HVM guests are no different from
>>>>bare metal as far as address ranges are concerned. (Technically it's
>>>>probably !xen_pv_domain() && !xen_pvh_domain() but we can ignore PVH
>>>>for
>>>>now since it is being replaced by an HVM-type guest)
>>>>
>>>>Having said that, I am not sure I understand why page_offset_base is
>>>>shifted. I thought 0xffff800000000000 - 0xffff87ffffffffff is not
>>>>supposed to be used by anyone, whether we are running under a
>>>>hypervisor
>>>>or not.
>>>>
>>>>-boris
>>>
>>> That range is reserved for the hypervisor use.
>>
>>I know, I thought I could use it if no hypervisor was used but might
>>introduce problems in the future so I will remove it for the next
>>iteration.
>>
>>> --
>>> Sent from my Android device with K-9 Mail. Please excuse brevity and
>>formatting.
>
> At least in theory the hypervisor can use it even though no PV architecture is advertised to the kernel.  One kind of would hope none would.
>
> I think this range is also used by the kernel pointer checking thing, as it *has* to live right next to the canonical boundary.
> --
> Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.