Re: [PATCH 1/4] kaslr: check user's config too when handle relocations

[Baoquan He]

On 09/05/14 at 10:11am, Kees Cook wrote:
> I don't think this is correct. If you look at a02150610776 ("x86,
> relocs: Move ELF relocation handling to C"), we always did relocations
> on 32-bit when CONFIG_RELOCATABLE was set, so I think this will fail
> badly on 32-bit. 64-bit only needs relocation when
> CONFIG_RANDOMIZE_BASE is set, so this is probably what needs to be
> tested here instead. I think a better option would be, in
> decompress_kernel(), to compare output before and after
> choose_kernel_location(). If it's the same on 64-bit,
> handle_relocations() can be skipped. (Perhaps pass the before/after to
> handle_relocations() and it can perform the logic.)
> 
> -Kees

Hi Kees,

Checking handle_relocations() again, I just didn't notice it's mandatory
to do the relocations handling in i386. So in this function delta is
checked to see if it's a kaslr relocation handling. This might be a
little confusing. But I am fine with it.

Per your comment, you prefer to compare the output before and after
choose_kernel_location(). That's also good, Lu Yinghai posted a draft
patch in this way before, however the checking and the delta calculation
are not correct. I changed that and test all cases, it works well. So
do you like this it? If yes  I will repost it.