Re: [GIT PULL] x86/kaslr for v3.14
From: Kees Cook
Date: Tue Jan 21 2014 - 00:18:50 EST
On Mon, Jan 20, 2014 at 2:54 PM, Linus Torvalds
> So I pulled this, but one question:
> On Mon, Jan 20, 2014 at 8:47 AM, H. Peter Anvin <hpa@xxxxxxxxx> wrote:
>> +config RANDOMIZE_BASE
>> + bool "Randomize the address of the kernel image"
>> + depends on RELOCATABLE
>> + depends on !HIBERNATION
> How fundamental is that "!HIBERNATION" issue? Right now that
> anti-dependency on hibernation support will mean that no distro kernel
> will actually use the kernel address space randomization. Which
> long-term is a problem.
> I'm not sure HIBERNATION is really getting all that much use, but I
> suspect distros would still want to support it.
> Is it just a temporary "I wasn't able to make it work, need to get
> some PM people involved", or is it something really fundamental?
Right, this is a "need to get PM people involved" situation. When
kASLR was being designed, hibernation learning about the kernel base
looked like a separable problem, and given the very long list of
requirements for making it work at all, I carved this out as "future
As for perf, it's similar -- it's another entirely solvable problem,
but perf needs to be untaught some of its assumptions.
We've had a static kernel base forever, so I'm expecting some bumps in
the road here. I'm hopeful none of it will be too painful, though.
Chrome OS Security
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/