On Fri, Sep 25, 2020 at 08:33:59PM +0530, Pintu Agarwal wrote: > This is regarding the KASLR feature support on ARM for the kernel > version 4.9 and 4.14. > > Is KASLR supported on ARM-32 Linux 4.9 and above ? Sorry, this feature did not yet land in upstream: https://github.com/KSPP/linux/issues/3 Here was the earlier effort: https://lore.kernel.org/kernel-hardening/20170814125411.22604-1-ard.biesheuvel@xxxxxxxxxx/ > Is it dependent on CONFIG_RANDOMIZE_BASE or CONFIG_RANDOMIZE_BASE is what is used on other architectures to control the feature. > /proc/sys/kernel/randomize_va_space ? > Is there any relation between these two? No, the latter is about userspace addresses. > Is the changing kernel symbols (in every boot), only possible if KASLR > is enabled, or there is another way it can happen? I think you meant kernel symbol addresses (not the symbols themselves). But yes, I wouldn't expect the addresses to move if you didn't either rebuild the kernel or had something else moving the kernel at boot (i.e. the boot loader). > I have these queries because, > In one of the arm-32 devices with Kernel 4.14, I observed that > CONFIG_RANDOMIZE_BASE is not available. > But /proc/sys/kernel/randomize_va_space is set to 2. > However, I also observed that symbol addresses are changing in every boot. > > 1st boot cycle: > [root ~]# cat /proc/kallsyms | grep "sys_open" > a5b4de92 T sys_open > [root@sa515m ~]# > > 2nd boot cycle: > [root ~]# cat /proc/kallsyms | grep "sys_open" > f546ed66 T sys_open > > So, I am wondering how this is possible without KASLR > (CONFIG_RANDOMIZE_BASE) support in Kernel ? What device is this? Is it a stock kernel? > Similarly, with Kernel 4.9 and CONFIG_RANDOMIZE_BASE is not available > but /proc/sys/kernel/randomize_va_space is set to 2. > But here, the addresses are remaining same. > > 1st Run: > [root~]# cat /proc/kallsyms | grep "sys_open" > c01ed68c T sys_open > [root ~]# > > *** reboot *** > [root ~]# cat /proc/kallsyms | grep "sys_open" > c01ed68c T sys_open > > > Is there any other difference between these two kernel versions with > respect to changing symbol addresses ? Is the boot loader changing the base address? (What boot loader are you using?) -- Kees Cook _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
