From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3293C43613 for ; Thu, 20 Jun 2019 07:47:17 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 97BFB208CB for ; Thu, 20 Jun 2019 07:47:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ik4a7moG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 97BFB208CB Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=PexLAj5CG1YqQ/PWJBAVZ3WxJ62kQMUMe0lcDT9HKqE=; b=ik4a7moGR2+GPb 5lmpok6H5hzWsDC/SSaUrqzQMXDw/4IZwjuChyxSHmrHBPWqVtnM2iLVD6tQ+6ABxszU1K4rlpzd2 qvFqU+PsRtRtpRC4gblD1ua3NIFn4/FilJzo2PI3kIySwZ6QiQ5qNvWbPXMO1iuAJtDk2mu5pNfij 9hCqXxl8mRhSeJC8gaHegTO/p21mLdYjotXnnomki0c6Np/XSFoJwNSA0CAWwM4oVMnZmSXyjQof0 lLfvbzlG7GyTWuaZ5hEsUZEnUv1WmLfAExOSvFD4UwzBMmGIY1IO7jSAcZDaZe9w5tgs+qJhR1jHb hHelXTZXveocQ8aLw3Tg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hdrms-0005mF-Vn; Thu, 20 Jun 2019 07:47:15 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hdrmp-0005lP-FA for linux-arm-kernel@lists.infradead.org; Thu, 20 Jun 2019 07:47:12 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7F1BF344; Thu, 20 Jun 2019 00:47:08 -0700 (PDT) Received: from brain-police (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 191683F246; Thu, 20 Jun 2019 00:47:04 -0700 (PDT) Date: Thu, 20 Jun 2019 08:46:58 +0100 From: Will Deacon To: Nick Desaulniers Subject: Re: [PATCH] arm64: defconfig: update and enable CONFIG_RANDOMIZE_BASE Message-ID: <20190620074640.GA27228@brain-police> References: <20190620003244.261595-1-ndesaulniers@google.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190620003244.261595-1-ndesaulniers@google.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190620_004711_551747_65346ECF X-CRM114-Status: GOOD ( 13.78 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, Enric Balletbo i Serra , Arnd Bergmann , ard.biesheuvel@linaro.org, Maxime Ripard , catalin.marinas@arm.com, linux-kernel@vger.kernel.org, Bjorn Andersson , Dinh Nguyen , broonie@kernel.org, Jagan Teki , Olof Johansson , Shawn Guo , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Nick, On Wed, Jun 19, 2019 at 05:32:42PM -0700, Nick Desaulniers wrote: > Generated via: > $ ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make defconfig > $ ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make menuconfig > > $ ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make savedefconfig > $ mv defconfig arch/arm64/configs/defconfig Hmm, I'm in two minds about whether we want this on by default. On the plus side, it gets us extra testing coverage, although the /vast/ majority of firmware implementations I run into either don't pass a seed or don't provide a working EFI_RNG. Perhaps that's just a chicken-and-egg problem which can be solved if we shout loud enough when we fail to randomize; we'll also eventually be in a better position when CPUs start implementing the v8.5 RNG instructions (but don't hold your breath unless you have an unusually high lung capacity). On the flip side, I worry that it could make debugging more difficult, but I don't know whether that's a genuine concern or not. I'm assuming you've debugged your fair share of crashes from KASLR-enabled kernels; how bad is it? (I'm thinking of the case where somebody mails you part of a panic log and a .config). Irrespective of the above, I know Catalin was running into issues with his automated tests where the kernel would die silently during early boot with some seeds. That's a bit rubbish if it's still the case -- Catalin? Finally, I know that (K)ASLR can be a bit controversial amongst security folks, with some seeing it as purely a smoke-and-mirrors game with no tangible benefits other than making us feel better about ourselves. Is it still the case that it can be trivially bypassed, or do you see it actually preventing some attacks in production? Sorry for the barrage of questions, but I think enabling this one by default is quite a significant thing to do and probably deserves a bit of scrutiny beforehand. Cheers, Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel