Re: [PATCH v2] x86/mm/KASLR: EFI region is mistakenly included into KASLR VA space for randomization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote:

> > Turning KASLR off actively degrades that randomization of the kernel virtual 
> > addresses.
> >
> > Am I missing anything?
> >
> 
> No, I think you are right. UEFI runtime services region are likely to consist of 
> R+W+X mappings for the foreseeable future on x86, and the more we tighten down 
> security in other places, the more appealing the UEFI regions become for 
> exploitation (even if they are only mapped while runtime services calls are in 
> progress).

Ok, so I'm fine with the current proposed patch as a temporary workaround, but 
only if we are going to get a real fix as well, ASAP.

Thanks,

	Ingo



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]