From: Ingo Molnar <mingo@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Yves-Alexis Perez <corsac@debian.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Kees Cook <keescook@chromium.org>, Emrah Demir <ed@abdsec.com>,
Dan Rosenberg <dan.j.rosenberg@gmail.com>,
Dave Jones <davej@redhat.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Pavel Machek <pavel@denx.de>
Subject: Re: [kernel-hardening] Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file
Date: Wed, 6 Apr 2016 22:49:55 +0200 [thread overview]
Message-ID: <20160406204955.GA23336@gmail.com> (raw)
In-Reply-To: <CA+55aFxM2gWkV26ppU5hLh=s541Qx5yecbRySxDGKa1VP7NG=g@mail.gmail.com>
* Linus Torvalds <torvalds@linux-foundation.org> wrote:
> So yeah, maybe swap partitions are still more common than I thought. And I
> didn't even consider the possibility that people would hibernate a desktop like
> you do.
Also many distros will hibernate automatically on critically low battery (when
suspend won't save the system).
It would be much better to fix the kASLR/hibernation incompatibility ...
Just a random guess: much of the hibernation incompatibility comes from the fact
that on hibernation bootups the kASLR seed changes, which breaks hibernated kernel
addresses, right?
That should be easy to fix: if we added a kaslr_seed=xyz boot option, and added
that parmeter automatically (without showing it in /proc/cmdline ;-) on
hibernation bootups, we could solve much of the incompatibility, right?
This means that the first 'cold' bootup would set the kASLR seed - and subsequent
hibernated bootups would inherit it. That should be perfectly OK as long as we
don't expose the seed somewhere.
We could also write the kASLR seed to the hibernation image, but I don't think we
have the value available early enough - a boot option is better.
Thanks,
Ingo
next prev parent reply other threads:[~2016-04-06 21:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 13:03 [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file Emrah Demir
2016-04-06 15:20 ` Linus Torvalds
2016-04-06 17:54 ` Linus Torvalds
2016-04-06 18:05 ` ed
2016-04-06 18:21 ` Kees Cook
2016-04-06 18:31 ` Linus Torvalds
2016-04-06 18:37 ` Kees Cook
2016-04-06 18:43 ` Linus Torvalds
2016-04-06 18:53 ` [kernel-hardening] " Yves-Alexis Perez
2016-04-06 19:02 ` Linus Torvalds
2016-04-06 19:11 ` Yves-Alexis Perez
2016-04-06 19:19 ` Borislav Petkov
2016-04-06 20:49 ` Ingo Molnar [this message]
2016-04-06 19:23 ` Bjørn Mork
2016-04-06 18:52 ` Christian Kujau
2016-04-06 18:53 ` Kees Cook
2016-04-06 21:19 ` Linus Torvalds
2016-04-06 21:27 ` Kees Cook
2016-04-06 21:32 ` Linus Torvalds
2016-04-14 4:27 ` Kees Cook
2016-04-14 7:39 ` Emrah Demir
2016-04-06 18:03 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160406204955.GA23336@gmail.com \
--to=mingo@kernel.org \
--cc=corsac@debian.org \
--cc=dan.j.rosenberg@gmail.com \
--cc=davej@redhat.com \
--cc=ed@abdsec.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@denx.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox