From: bhsharma@redhat.com (Bhupesh Sharma) To: linux-arm-kernel@lists.infradead.org Subject: [Query] ARM64 kaslr support - randomness, seeding and kdump Date: Mon, 9 Apr 2018 09:31:34 +0530 [thread overview] Message-ID: <CACi5LpPe_C0fLFzsAHPD54X=D+AsYjvSyZi0yt_6=wFrWmvetw@mail.gmail.com> (raw) In-Reply-To: <20180406020948.GE19607@linaro.org> Hi Akashi, On Fri, Apr 6, 2018 at 7:39 AM, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > Bhupesh, > > On Fri, Mar 16, 2018 at 03:05:10PM +0530, Bhupesh Sharma wrote: >> On Wed, Mar 14, 2018 at 11:54 PM, Mark Rutland <mark.rutland@arm.com> wrote: >> > On Wed, Mar 14, 2018 at 11:10:53AM +0900, AKASHI Takahiro wrote: >> >> If kaslr-seed has a critical value in terms of security, is kexec-tools >> >> a right place? It is exposed to user space albeit for a short time of period. >> > >> > The kernel zeroes the seed in the DT at boot time, so the current seed >> > isn't visible to userspace. >> > >> > If kexec-tools generates a seed, and inserts it into the DTB that it >> > loads, this is only visible to kexec tools or other applications which >> > can inspect its memory, so I don't think this is much of a concern. >> > Anything with such privilege can presumably kexec() to arbitrary code >> > anyhow. >> > >> > The next kernel will then zero its seed in the DT at boot time, so >> > similarly this won't be visible to userspace on the new kernel. >> > >> > FWIW, having kexec tools generate a seed for the kexec_load() case makes >> > sense to me. >> >> Fair enough. I will try to take a stab at the same and come back with >> my findings on this thread. > > How's your progress here? I am almost done with the implementation. Unfortunately I lost most of the last week trying to revive my arm64 board (which supports EFI_RNG_PROTOCOL and hence can be used to test the kaslr-seed related stuff), so I was not able to test the implementation. Now that the board is up, I think I can test and thrash out any missing clogs in the approach. > I've already added kaslr support (i.e. "virtual randomisation") to > my kexec_file patch set. > # just a few lines of code, though Hmm, have you sent out a new version already (kexec_file_load), as the last version in my inbox still mentions in the cover letter that we need a EFI stub like approach to really support CONFIG_RANDOMIZE_BASE. Or, am I missing something? I would love to have a look at the patch and try it at my end, so could you please share a pointer to the same. Regards, Bhupesh
WARNING: multiple messages have this Message-ID (diff)
From: Bhupesh Sharma <bhsharma@redhat.com> To: AKASHI Takahiro <takahiro.akashi@linaro.org>, Bhupesh Sharma <bhsharma@redhat.com>, Mark Rutland <mark.rutland@arm.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-arm-kernel <linux-arm-kernel@lists.infradead.org>, kexec@lists.infradead.org, Bhupesh SHARMA <bhupesh.linux@gmail.com> Subject: Re: [Query] ARM64 kaslr support - randomness, seeding and kdump Date: Mon, 9 Apr 2018 09:31:34 +0530 [thread overview] Message-ID: <CACi5LpPe_C0fLFzsAHPD54X=D+AsYjvSyZi0yt_6=wFrWmvetw@mail.gmail.com> (raw) In-Reply-To: <20180406020948.GE19607@linaro.org> Hi Akashi, On Fri, Apr 6, 2018 at 7:39 AM, AKASHI Takahiro <takahiro.akashi@linaro.org> wrote: > Bhupesh, > > On Fri, Mar 16, 2018 at 03:05:10PM +0530, Bhupesh Sharma wrote: >> On Wed, Mar 14, 2018 at 11:54 PM, Mark Rutland <mark.rutland@arm.com> wrote: >> > On Wed, Mar 14, 2018 at 11:10:53AM +0900, AKASHI Takahiro wrote: >> >> If kaslr-seed has a critical value in terms of security, is kexec-tools >> >> a right place? It is exposed to user space albeit for a short time of period. >> > >> > The kernel zeroes the seed in the DT at boot time, so the current seed >> > isn't visible to userspace. >> > >> > If kexec-tools generates a seed, and inserts it into the DTB that it >> > loads, this is only visible to kexec tools or other applications which >> > can inspect its memory, so I don't think this is much of a concern. >> > Anything with such privilege can presumably kexec() to arbitrary code >> > anyhow. >> > >> > The next kernel will then zero its seed in the DT at boot time, so >> > similarly this won't be visible to userspace on the new kernel. >> > >> > FWIW, having kexec tools generate a seed for the kexec_load() case makes >> > sense to me. >> >> Fair enough. I will try to take a stab at the same and come back with >> my findings on this thread. > > How's your progress here? I am almost done with the implementation. Unfortunately I lost most of the last week trying to revive my arm64 board (which supports EFI_RNG_PROTOCOL and hence can be used to test the kaslr-seed related stuff), so I was not able to test the implementation. Now that the board is up, I think I can test and thrash out any missing clogs in the approach. > I've already added kaslr support (i.e. "virtual randomisation") to > my kexec_file patch set. > # just a few lines of code, though Hmm, have you sent out a new version already (kexec_file_load), as the last version in my inbox still mentions in the cover letter that we need a EFI stub like approach to really support CONFIG_RANDOMIZE_BASE. Or, am I missing something? I would love to have a look at the patch and try it at my end, so could you please share a pointer to the same. Regards, Bhupesh _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2018-04-09 4:01 UTC|newest] Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-03-12 20:14 [Query] ARM64 kaslr support - randomness, seeding and kdump Bhupesh Sharma 2018-03-12 20:14 ` Bhupesh Sharma 2018-03-12 20:58 ` Ard Biesheuvel 2018-03-12 20:58 ` Ard Biesheuvel 2018-03-13 1:54 ` Dave Young 2018-03-13 1:54 ` Dave Young 2018-03-13 10:22 ` AKASHI Takahiro 2018-03-13 10:22 ` AKASHI Takahiro 2018-03-13 10:47 ` Mark Rutland 2018-03-13 10:47 ` Mark Rutland 2018-03-13 11:07 ` AKASHI Takahiro 2018-03-13 11:07 ` AKASHI Takahiro 2018-03-13 11:20 ` Mark Rutland 2018-03-13 11:20 ` Mark Rutland 2018-03-13 19:48 ` Bhupesh Sharma 2018-03-13 19:48 ` Bhupesh Sharma 2018-03-14 2:10 ` AKASHI Takahiro 2018-03-14 2:10 ` AKASHI Takahiro 2018-03-14 5:03 ` Bhupesh Sharma 2018-03-14 5:03 ` Bhupesh Sharma 2018-03-14 6:40 ` AKASHI Takahiro 2018-03-14 6:40 ` AKASHI Takahiro 2018-03-14 18:24 ` Mark Rutland 2018-03-14 18:24 ` Mark Rutland 2018-03-16 9:35 ` Bhupesh Sharma 2018-03-16 9:35 ` Bhupesh Sharma 2018-04-06 2:09 ` AKASHI Takahiro 2018-04-06 2:09 ` AKASHI Takahiro 2018-04-09 4:01 ` Bhupesh Sharma [this message] 2018-04-09 4:01 ` Bhupesh Sharma 2018-04-09 4:31 ` AKASHI Takahiro 2018-04-09 4:31 ` AKASHI Takahiro 2018-04-09 9:28 ` Ard Biesheuvel 2018-04-09 9:28 ` Ard Biesheuvel 2018-04-09 9:39 ` Baoquan He 2018-04-09 9:39 ` Baoquan He 2018-04-09 18:28 ` Bhupesh Sharma 2018-04-09 18:28 ` Bhupesh Sharma 2018-04-10 0:47 ` AKASHI Takahiro 2018-04-10 0:47 ` AKASHI Takahiro 2018-04-14 20:14 ` Bhupesh Sharma 2018-04-14 20:14 ` Bhupesh Sharma 2018-04-18 11:52 ` Mark Rutland 2018-04-18 11:52 ` Mark Rutland 2018-04-23 20:34 ` Bhupesh Sharma 2018-04-23 20:34 ` Bhupesh Sharma
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CACi5LpPe_C0fLFzsAHPD54X=D+AsYjvSyZi0yt_6=wFrWmvetw@mail.gmail.com' \ --to=bhsharma@redhat.com \ --cc=linux-arm-kernel@lists.infradead.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.