• Jiri Kosina's avatar
    x86/mm/ASLR: Propagate base load address calculation · f47233c2
    Jiri Kosina authored
    Commit:
    
      e2b32e67 ("x86, kaslr: randomize module base load address")
    
    makes the base address for module to be unconditionally randomized in
    case when CONFIG_RANDOMIZE_BASE is defined and "nokaslr" option isn't
    present on the commandline.
    
    This is not consistent with how choose_kernel_location() decides whether
    it will randomize kernel load base.
    
    Namely, CONFIG_HIBERNATION disables kASLR (unless "kaslr" option is
    explicitly specified on kernel commandline), which makes the state space
    larger than what module loader is looking at. IOW CONFIG_HIBERNATION &&
    CONFIG_RANDOMIZE_BASE is a valid config option, kASLR wouldn't be applied
    by default in that case, but module loader is not aware of that.
    
    Instead of fixing the logic in module.c, this patch takes more generic
    aproach. It introduces a new bootparam setup data_type SETUP_KASLR and
    uses that to pass the information whether kaslr has been applied during
    kernel decompression, and sets a global 'kaslr_enabled' variable
    accordingly, so that any kernel code (module loading, livepatching, ...)
    can make decisions based on its value.
    
    x86 module loader is converted to make use of this flag.
    Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Cc: "H. Peter Anvin" <hpa@linux.intel.com>
    Link: https://lkml.kernel.org/r/alpine.LNX.2.00.1502101411280.10719@pobox.suse.cz
    [ Always dump correct kaslr status when panicking ]
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    f47233c2
misc.c 11.2 KB