Re: [PATCH 00/42] x86: updated patches for kaslr and setup_data etc for v4.3
From: Kees Cook
Date: Tue Feb 16 2016 - 18:50:46 EST
On Sun, Feb 14, 2016 at 11:29 PM, Baoquan He <bhe@xxxxxxxxxx> wrote:
> On 02/08/16 at 08:31pm, Kees Cook wrote:
>> On Sat, Feb 6, 2016 at 3:50 AM, Baoquan He <bhe@xxxxxxxxxx> wrote:
>> > Hi,
>> >
>> > Recently people using big box servers are also very interested in kaslr and want
>> > to have it to enhance security. So allowing kaslr be able to randomize above 4G
>> > makes much sense for different kinds of system. I would like to repost patches
>> > realted to kaslr in this patchset, and leave the rest to Yinghai. Or I can try
>> > to understand and adjust the rest with yh and reviewers' help, then post. But
>> > firstly I will focus on kaslr and try to make it merge into Linus's tree.
>> >
>> > Since this patchset includes too many issues and people usually like reviewing
>> > post which takes care of one main issue in one thread, I will start from below
>> > thread. It mainly includes kaslr above 4G support and bug fixes and several clean
>> > up patch.
>> >
>> > x86, boot: kaslr cleanup and 64bit kaslr support
>> > https://lwn.net/Articles/637115/
>> >
>> > The following patch lists is taken from yh's cover letter of above patch thread.
>> >
>> > **************************
>> > My plan is split them into
>> > 1) kaslr above 4G support
>> > x86, boot: Split kernel_ident_mapping_init to another file
>> > x86, 64bit: Set ident_mapping for kaslr
>> > x86, boot: Add checking for memcpy
>> > x86, boot: Move z_extract_offset calculation to header.S
>> > x86, boot: Simplify run_size calculation
>> > x86, kaslr: Kill not used run_size related code.
>> > x86, kaslr: Use output_run_size
>> > x86, kaslr: Fix a bug that relocation can not be handled when kernel is loaded above 2G
>> > x86, kaslr: Introduce struct slot_area to manage randomization slot info
>> > x86, kaslr: Add two functions which will be used later
>> > x86, kaslr: Introduce fetch_random_virt_offset to randomize the kernel text mapping address
>> > x86, kaslr: Randomize physical and virtual address of kernel separately
>> > x86, kaslr: Add support of kernel physical address randomization above 4G
>> > x86, kaslr: Remove useless codes
>> > 2) allow kaslr to choose slots below loaded address
>> > x86, kaslr: Consolidate mem_avoid array filling
>> > x86, kaslr: Allow random address could be below loaded address
>> > 3) Make data from decompress_kernel stage live longer (bug fix)
>> > x86, boot: Make data from decompress_kernel stage live longer
>> > 4) Get correct max_addr for relocs pointer (improvement)
>> > x86, kaslr: Get correct max_addr for relocs pointer
>> >
>> > The 2) could be added into 1) post. I take it out because the mem_avoid issue is very
>> > complicated, can be discussed in a separate thread. And 1) post only focus the kaslr
>> > above 4G support.
>> >
>> > That's all I plan to do. Suggestion or comments are welcome.
>>
>> That sounds great, thanks! Please check the rest of the thread where I
>> asked a number of questions that remain unanswered. If we can get some
>> clarification on those points, I think it would help move this along
>> more quickly.
>
> Hi Kees,
>
> Thanks for your suggestion. I am trying to understand all patches and
> make some adjustment, meanwhile adjust patch log with my understanding.
> And your questions help me understand it deeper. I will post after
> updating. Hope you, Yinghai and other experts can help review and give
> precious comments and suggestions.
Sounds great! I look forward to them. :)
-Kees
--
Kees Cook
Chrome OS & Brillo Security