linux

mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 08:43:31 +00:00

History

Kees Cook e2b32e6785 x86, kaslr: randomize module base load address Randomize the load address of modules in the kernel to make kASLR effective for modules. Modules can only be loaded within a particular range of virtual address space. This patch adds 10 bits of entropy to the load address by adding 1-1024 * PAGE_SIZE to the beginning range where modules are loaded. The single base offset was chosen because randomizing each module load ends up wasting/fragmenting memory too much. Prior approaches to minimizing fragmentation while doing randomization tend to result in worse entropy than just doing a single base address offset. Example kASLR boot without this change, with a single module loaded: ---[ Modules ]--- 0xffffffffc0000000-0xffffffffc0001000 4K ro GLB x pte 0xffffffffc0001000-0xffffffffc0002000 4K ro GLB NX pte 0xffffffffc0002000-0xffffffffc0004000 8K RW GLB NX pte 0xffffffffc0004000-0xffffffffc0200000 2032K pte 0xffffffffc0200000-0xffffffffff000000 1006M pmd ---[ End Modules ]--- Example kASLR boot after this change, same module loaded: ---[ Modules ]--- 0xffffffffc0000000-0xffffffffc0200000 2M pmd 0xffffffffc0200000-0xffffffffc03bf000 1788K pte 0xffffffffc03bf000-0xffffffffc03c0000 4K ro GLB x pte 0xffffffffc03c0000-0xffffffffc03c1000 4K ro GLB NX pte 0xffffffffc03c1000-0xffffffffc03c3000 8K RW GLB NX pte 0xffffffffc03c3000-0xffffffffc0400000 244K pte 0xffffffffc0400000-0xffffffffff000000 1004M pmd ---[ End Modules ]--- Signed-off-by: Andy Honig <ahonig@google.com> Link: http://lkml.kernel.org/r/20140226005916.GA27083@www.outflux.net Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>		2014-02-25 17:07:26 -08:00
..
alpha	alpha: fix broken network checksum	2014-01-31 09:21:55 -08:00
arc	Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild	2014-01-30 16:58:05 -08:00
arm	ARM: SoC fixes for 3.14-rc	2014-02-23 17:38:04 -08:00
arm64	A small error handling problem and a compile breakage for ARM64.	2014-02-14 11:10:49 -08:00
avr32	avr32: add generic vga.h to Kbuild	2014-02-17 11:24:48 +01:00
blackfin	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2014-01-31 09:31:14 -08:00
c6x
cris	CRIS correction for 3.14	2014-01-28 09:01:14 -08:00
frv	Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild	2014-01-30 16:58:05 -08:00
hexagon
ia64	[IA64] Wire up new sched_setattr and sched_getattr syscalls	2014-01-28 09:52:53 -08:00
m32r
m68k	Merge branch 'for-3.14/core' of git://git.kernel.dk/linux-block	2014-01-30 11:19:05 -08:00
metag
microblaze	microblaze: Fix a typo when disabling stack protection	2014-02-10 07:44:11 +01:00
mips	MIPS: fpu.h: Fix build when CONFIG_BUG is not set	2014-02-06 13:42:43 +01:00
mn10300	Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild	2014-01-30 16:58:05 -08:00
openrisc	OpenRISC updates for 3.14	2014-01-30 17:08:41 -08:00
parisc	execve: use 'struct filename *' for executable name passing	2014-02-05 12:54:53 -08:00
powerpc	powerpc/eeh: Disable EEH on reboot	2014-02-17 11:19:39 +11:00
s390	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux	2014-02-11 12:23:50 -08:00
score	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2014-01-31 09:31:14 -08:00
sh
sparc	sparc32: make copy_to/from_user_page() usable from modular code	2014-02-19 19:49:48 -05:00
tile	tile: remove compat_sys_lookup_dcookie declaration to fix compile error	2014-02-01 10:55:15 -08:00
um
unicore32
x86	x86, kaslr: randomize module base load address	2014-02-25 17:07:26 -08:00
xtensa	Merge branch 'for-3.14/core' of git://git.kernel.dk/linux-block	2014-01-30 11:19:05 -08:00
.gitignore
Kconfig