Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Sep 2017 20:10:00 +0100
From: Ard Biesheuvel <ard.biesheuvel@...aro.org>
To: Nicolas Pitre <nicolas.pitre@...aro.org>
Cc: "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>, Arnd Bergmann <arnd@...db.de>, 
	Russell King <linux@...linux.org.uk>, Kees Cook <keescook@...omium.org>, 
	Thomas Garnier <thgarnie@...gle.com>, Marc Zyngier <marc.zyngier@....com>, 
	Mark Rutland <mark.rutland@....com>, Tony Lindgren <tony@...mide.com>, 
	Matt Fleming <matt@...eblueprint.co.uk>, Dave Martin <dave.martin@....com>
Subject: Re: [PATCH v2 19/29] ARM: kernel: make vmlinux buildable as a PIE executable

On 4 September 2017 at 19:11, Nicolas Pitre <nicolas.pitre@...aro.org> wrote:
> On Sun, 3 Sep 2017, Ard Biesheuvel wrote:
>
>> Update the build flags and linker script to allow vmlinux to be built
>> as a PIE  binary, which retains relocation information about absolute
>> symbol references so that they can be fixed up at runtime. This will
>> be used for implementing KASLR,
>>
>> Cc: Russell King <linux@...linux.org.uk>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>
>> ---
>>  arch/arm/Kconfig                 |  4 ++++
>>  arch/arm/Makefile                |  5 +++++
>>  arch/arm/include/asm/assembler.h |  2 +-
>>  arch/arm/kernel/vmlinux.lds.S    |  9 +++++++++
>>  include/linux/hidden.h           | 20 ++++++++++++++++++++
>>  scripts/module-common.lds        |  1 +
>>  6 files changed, 40 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
>> index 61a0cb15067e..300add3b8023 100644
>> --- a/arch/arm/Kconfig
>> +++ b/arch/arm/Kconfig
>> @@ -2085,6 +2085,10 @@ config DMI
>>         firmware need to be enabled. This would require the DMI subsystem
>>         to be enabled much earlier than we do on ARM, which is non-trivial.
>>
>> +config RELOCATABLE
>> +     bool
>> +     select HAVE_ARCH_PREL32_RELOCATIONS
>> +
>
> You should probably make it depend on !XIP_KERNEL.
>

Indeed.

> Other than that
>
> Acked-by: Nicolas Pitre <nico@...aro.org>
>

Thanks.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.