Re: [RFC][PATCH] Randomize kernel base address on boot

From: Dan Rosenberg
Date: Fri May 27 2011 - 12:11:29 EST

Next message: Steven Whitehouse: "RE: Cleancache and shared filesystems"
Previous message: Rafael J. Wysocki: "Re: [RFC][PATCH] Randomize kernel base address on boot"
In reply to: Linus Torvalds: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Next in thread: Ingo Molnar: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2011-05-27 at 08:42 -0700, Linus Torvalds wrote:
> On Thu, May 26, 2011 at 3:18 PM, Rafael J. Wysocki <rjw@xxxxxxx> wrote:
> >
> > Well, as far as I can tell, this feature is going to break hibernation on
> > both x86_32 and x86_64 at the moment, unless you can guarantee that the
> > randomized kernel location will be the same for both the boot and the target
> > kernels.
>
> You know what? Maybe that guarantee is actually the *right* thing to do..
>
> In other words, maybe we really really shouldn't randomize the kernel
> load address at boot time at all.
>
> Instead, what would be much better, is if we just had some way to
> re-link distro kernels with some random text offset. Sure, the load
> address wouldn't be "random" in any local sense any more, but I think
> the real effort here was to avoid having the common distro kernels
> having known text addresses.
>
> If you compile your own kernel version, you're already home free, and
> load-time randomization is pointless.
>
> And load-time randomization has all these nasty problems with memory
> maps etc, because we obviously have to shift the whole kernel around
> by some fixed offset. But if there was some way to just re-link the
> distro kernel easily, then it could be done by the kernel install
> scripts, and it could potentially do more than just "shift up load
> address by some random number".
>
> Hmm?
>
> Linus

You know what...I'm surprised that I'm saying this, but given the number
of non-trivial challenges that still need to be solved in order to
implement load-time randomization, maybe this would be a better way
forward.

We'd still need to go through the same effort to hide information about
kernel text offsets, and we'd still need to do per-cpu IDTs, but neither
of those items are as challenging as some of the other problems.

I'm not ready to take load-time randomization off the table, but I'd
certainly like to hear more discussion on this. There are clearly
advantages to load-time randomization that this new option wouldn't
have, but the question is really "is what we gain worth the effort?".

Thanks,
Dan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Whitehouse: "RE: Cleancache and shared filesystems"
Previous message: Rafael J. Wysocki: "Re: [RFC][PATCH] Randomize kernel base address on boot"
In reply to: Linus Torvalds: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Next in thread: Ingo Molnar: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]