From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com Message-ID: <524DEE6B.2060105@zytor.com> Date: Thu, 03 Oct 2013 15:23:39 -0700 From: "H. Peter Anvin" MIME-Version: 1.0 References: <1380833605-26313-1-git-send-email-keescook@chromium.org> <1380833605-26313-4-git-send-email-keescook@chromium.org> In-Reply-To: <1380833605-26313-4-git-send-email-keescook@chromium.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [kernel-hardening] Re: [PATCH 3/7] x86, kaslr: find minimum safe relocation position To: Kees Cook Cc: linux-kernel@vger.kernel.org, x86@kernel.org, kernel-hardening@lists.openwall.com, adurbin@google.com, Eric Northup , jln@google.com, wad@google.com, Mathias Krause , Zhang Yanfei List-ID: On 10/03/2013 01:53 PM, Kees Cook wrote: > Examine all the known unsafe areas and avoid them by just raising the > minimum relocation position to be past them. > > Signed-off-by: Kees Cook > + /* Minimum location must be above all these regions: */ This is highly problematic. The standard protocol is to hoist the initramfs as high as possible in memory, so this may really unacceptably restrict the available range. It would be better to treat these the same as reserved regions in the e820 map as far as the address space picking algorithm is concerned. -hpa From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755879Ab3JCWYP (ORCPT ); Thu, 3 Oct 2013 18:24:15 -0400 Received: from terminus.zytor.com ([198.137.202.10]:50803 "EHLO mail.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755652Ab3JCWYN (ORCPT ); Thu, 3 Oct 2013 18:24:13 -0400 Message-ID: <524DEE6B.2060105@zytor.com> Date: Thu, 03 Oct 2013 15:23:39 -0700 From: "H. Peter Anvin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7 MIME-Version: 1.0 To: Kees Cook CC: linux-kernel@vger.kernel.org, x86@kernel.org, kernel-hardening@lists.openwall.com, adurbin@google.com, Eric Northup , jln@google.com, wad@google.com, Mathias Krause , Zhang Yanfei Subject: Re: [PATCH 3/7] x86, kaslr: find minimum safe relocation position References: <1380833605-26313-1-git-send-email-keescook@chromium.org> <1380833605-26313-4-git-send-email-keescook@chromium.org> In-Reply-To: <1380833605-26313-4-git-send-email-keescook@chromium.org> X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/03/2013 01:53 PM, Kees Cook wrote: > Examine all the known unsafe areas and avoid them by just raising the > minimum relocation position to be past them. > > Signed-off-by: Kees Cook > + /* Minimum location must be above all these regions: */ This is highly problematic. The standard protocol is to hoist the initramfs as high as possible in memory, so this may really unacceptably restrict the available range. It would be better to treat these the same as reserved regions in the e820 map as far as the address space picking algorithm is concerned. -hpa