On Fri, Nov 20, 2020 at 10:38:21AM +0200, Topi Miettinen wrote: > On 20.11.2020 0.20, Cristiano Giuffrida wrote: > > Indeed it's nontrivial to get similar randomization guarantees for the > > kernel. I mentioned TagBleed because similar combined AnC + TLB > > attacks should also be possible in the browser. We just happened to > > focus on the kernel with TagBleed. > > Perhaps kernel objects could be also compiled as relocatable shared objects, > like shared libraries for user applications, so that a they could be > relocated independently away from the base address of main kernel. Also > compiling the kernel with -mcmodel=large could allow various segments (code, > rodata, data) to be located more freely. These would make the attacker to do > more probing. Again, pointers between the objects may make these less > useful. They are relocatable shared objects. They're loaded into the vmalloc area on some architectures but x86 has a special MODULES_VADDR region. Maybe just jumbling them into the general vmalloc address range would be beneficial from a security point of view? I suspect it's not all that useful because most modules are loaded early on. We seem to have randomness mixed into the vmalloc allocations with DEBUG_AUGMENT_LOWEST_MATCH_CHECK, but there doesn't seem to be an ASLR option to vmalloc ... Uladzislau?
