Re: [PATCH v2] x86/mm/KASLR: EFI region is mistakenly included into KASLR VA space for randomization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Dave Young <dyoung@xxxxxxxxxx> wrote:

> > > So I applied this kexec fix and extended the changelog to clearly show why 
> > > this fix matters in practice.
> > 
> > I thought it only impacts kexec, but Dave thought it will impact 1st kenrel 
> > either.
> 
> Yes, I think no need to mention kexec, it is a general issue.
> 
> First, the space is reserved for EFI, so kernel should not use it for kaslr. 

It's the kernel's EFI code, and we map whatever address we want (and then pass 
that to the EFI runtime), so wether it's randomized or not is the Linux kernel's 
policy decision...

So that's my question: can these memory regions include security sensitive data, 
and if yes, how can we best randomize it while kexec and other kernel and EFI 
features still work?

Preserving virtual addresses for kexec is a red herring: the randomized offset 
could be passed to the kexec-ed kernel just fine.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux