Re: 32-bit x86 system reboots automatically on resume from hibernate (ASLR issue?)
From: Rafael J. Wysocki
Date: Wed Mar 22 2017 - 18:35:40 EST
On Wednesday, March 22, 2017 11:58:55 AM Kees Cook wrote:
> On Wed, Mar 22, 2017 at 5:50 AM, Evgenii Shatokhin
> <eugene.shatokhin@xxxxxxxxx> wrote:
> > On 21.03.2017 23:40, Kees Cook wrote:
> >>
> >> On Tue, Mar 21, 2017 at 6:54 AM, Evgenii Shatokhin
> >> <eugene.shatokhin@xxxxxxxxx> wrote:
> >>>
> >>> Hi,
> >>>
> >>> One of my x86 machines with a 32-bit Linux system (ROSA Linux in this
> >>> case)
> >>> automatically reboots when it tries to resume from hibernate. This
> >>> happens
> >>> shortly after "Image loading progress 100%" message is shown on the
> >>> screen.
> >>>
> >>> No traces of the error are in the system log after reboot though.
> >>>
> >>> The problem is present at least in the mainline kernels 4.8 - 4.10. With
> >>> earlier versions (I tried 4.4, 4.5, etc.), the system resumes OK.
> >>>
> >>> The bisection pointed to the following commit as the first "bad" one:
> >>>
> >>> commit 65fe935dd2387a4faf15314c73f5e6d31ef0217e
> >>> Author: Kees Cook <keescook@xxxxxxxxxxxx>
> >>> Date: Mon Jun 13 15:10:02 2016 -0700
> >>>
> >>> x86/KASLR, x86/power: Remove x86 hibernation restrictions
> >>
> >>
> >> Hrm, perhaps the 32-bit hibernation code still isn't KASLR-safe. If
> >> you boot with nokaslr on the kernel command line, does the problem go
> >> away?
> >
> >
> > Yes. The problem does not show up when I boot the system with 'nokaslr'.
>
> Okay, it looks like we need to either partially revert that commit
> (i.e. make the by-default-prefer-hibernation logic only happen on
> 32-bit x86), swap the logic (i.e. by-default-prefer-KASLR on 32-bit),
> or make KASLR be blocked by hibernation in Kconfig (as it was a long
> time ago).
>
> Rafael, do you have a preference here?
I'd say let's make KASLR and hibernation mutually exclusive on 32-bit and
it really doesn't matter to me which one is preferred as long as it is clear
that one will be disabled by the other (each way).
And I don't see why 64-bit would need to be affected by this at all, frankly.
I still have a patch from Pavel to improve things in 32-bit hibernation land,
but it still requires some time and effort and I don't see volunteers for
that work.
Thanks,
Rafael