From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ingo Molnar Subject: Re: [PATCH] Prefer kASLR over Hibernation Date: Wed, 6 Apr 2016 23:56:38 +0200 Message-ID: <20160406215638.GA25539@gmail.com> References: <20160406194404.GA11150@www.outflux.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from mail-wm0-f65.google.com ([74.125.82.65]:34896 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753363AbcDFV4n (ORCPT ); Wed, 6 Apr 2016 17:56:43 -0400 Content-Disposition: inline In-Reply-To: Sender: linux-pm-owner@vger.kernel.org List-Id: linux-pm@vger.kernel.org To: "Rafael J. Wysocki" Cc: Kees Cook , Linus Torvalds , Ard Biesheuvel , Matt Redfearn , Yves-Alexis Perez , Emrah Demir , Jonathan Corbet , x86@kernel.org, "Rafael J. Wysocki" , Len Brown , Pavel Machek , Borislav Petkov , Andy Lutomirski , "open list:DOCUMENTATION" , "linux-pm@vger.kernel.org" , Linux Kernel Mailing List , kernel-hardening@lists.openwall.com * Rafael J. Wysocki wrote: > On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: > > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > > one or the other must be chosen at boot-time. Until now, hibernation > > was selected when no choice was made on the command line. > > > > To make the security benefits of kASLR more widely available to end > > users (since the use of hibernation is becoming more rare and kASLR, > > already available on x86, will be available on arm64 and MIPS soon), > > this changes the default to preferring kASLR over hibernation. Users > > wanting hibernation can turn off kASLR by adding "nokaslr" to the kernel > > command line. > > > > Suggested-by: Linus Torvalds > > Signed-off-by: Kees Cook > > Acked-by: Rafael J. Wysocki > > Or do you want me to apply it? I don't think this is a good idea, as it turns off emergency hibernation of laptops - many desktop distros support it by default. Thanks, Ingo