From: bhsharma@redhat.com (Bhupesh Sharma)
To: linux-arm-kernel@lists.infradead.org
Subject: [Query] ARM64 kaslr support - randomness, seeding and kdump
Date: Mon, 9 Apr 2018 09:31:34 +0530 [thread overview]
Message-ID: <CACi5LpPe_C0fLFzsAHPD54X=D+AsYjvSyZi0yt_6=wFrWmvetw@mail.gmail.com> (raw)
In-Reply-To: <20180406020948.GE19607@linaro.org>
Hi Akashi,
On Fri, Apr 6, 2018 at 7:39 AM, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
> Bhupesh,
>
> On Fri, Mar 16, 2018 at 03:05:10PM +0530, Bhupesh Sharma wrote:
>> On Wed, Mar 14, 2018 at 11:54 PM, Mark Rutland <mark.rutland@arm.com> wrote:
>> > On Wed, Mar 14, 2018 at 11:10:53AM +0900, AKASHI Takahiro wrote:
>> >> If kaslr-seed has a critical value in terms of security, is kexec-tools
>> >> a right place? It is exposed to user space albeit for a short time of period.
>> >
>> > The kernel zeroes the seed in the DT at boot time, so the current seed
>> > isn't visible to userspace.
>> >
>> > If kexec-tools generates a seed, and inserts it into the DTB that it
>> > loads, this is only visible to kexec tools or other applications which
>> > can inspect its memory, so I don't think this is much of a concern.
>> > Anything with such privilege can presumably kexec() to arbitrary code
>> > anyhow.
>> >
>> > The next kernel will then zero its seed in the DT at boot time, so
>> > similarly this won't be visible to userspace on the new kernel.
>> >
>> > FWIW, having kexec tools generate a seed for the kexec_load() case makes
>> > sense to me.
>>
>> Fair enough. I will try to take a stab at the same and come back with
>> my findings on this thread.
>
> How's your progress here?
I am almost done with the implementation.
Unfortunately I lost most of the last week trying to revive my arm64
board (which supports
EFI_RNG_PROTOCOL and hence can be used to test the kaslr-seed related
stuff), so I was not
able to test the implementation.
Now that the board is up, I think I can test and thrash out any
missing clogs in the approach.
> I've already added kaslr support (i.e. "virtual randomisation") to
> my kexec_file patch set.
> # just a few lines of code, though
Hmm, have you sent out a new version already (kexec_file_load), as the last
version in my inbox still mentions in the cover letter that we need a
EFI stub like approach
to really support CONFIG_RANDOMIZE_BASE. Or, am I missing something?
I would love to have a look at the patch and try it at my end, so
could you please share
a pointer to the same.
Regards,
Bhupesh
WARNING: multiple messages have this Message-ID (diff)
From: Bhupesh Sharma <bhsharma@redhat.com>
To: AKASHI Takahiro <takahiro.akashi@linaro.org>,
Bhupesh Sharma <bhsharma@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
kexec@lists.infradead.org,
Bhupesh SHARMA <bhupesh.linux@gmail.com>
Subject: Re: [Query] ARM64 kaslr support - randomness, seeding and kdump
Date: Mon, 9 Apr 2018 09:31:34 +0530 [thread overview]
Message-ID: <CACi5LpPe_C0fLFzsAHPD54X=D+AsYjvSyZi0yt_6=wFrWmvetw@mail.gmail.com> (raw)
In-Reply-To: <20180406020948.GE19607@linaro.org>
Hi Akashi,
On Fri, Apr 6, 2018 at 7:39 AM, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
> Bhupesh,
>
> On Fri, Mar 16, 2018 at 03:05:10PM +0530, Bhupesh Sharma wrote:
>> On Wed, Mar 14, 2018 at 11:54 PM, Mark Rutland <mark.rutland@arm.com> wrote:
>> > On Wed, Mar 14, 2018 at 11:10:53AM +0900, AKASHI Takahiro wrote:
>> >> If kaslr-seed has a critical value in terms of security, is kexec-tools
>> >> a right place? It is exposed to user space albeit for a short time of period.
>> >
>> > The kernel zeroes the seed in the DT at boot time, so the current seed
>> > isn't visible to userspace.
>> >
>> > If kexec-tools generates a seed, and inserts it into the DTB that it
>> > loads, this is only visible to kexec tools or other applications which
>> > can inspect its memory, so I don't think this is much of a concern.
>> > Anything with such privilege can presumably kexec() to arbitrary code
>> > anyhow.
>> >
>> > The next kernel will then zero its seed in the DT at boot time, so
>> > similarly this won't be visible to userspace on the new kernel.
>> >
>> > FWIW, having kexec tools generate a seed for the kexec_load() case makes
>> > sense to me.
>>
>> Fair enough. I will try to take a stab at the same and come back with
>> my findings on this thread.
>
> How's your progress here?
I am almost done with the implementation.
Unfortunately I lost most of the last week trying to revive my arm64
board (which supports
EFI_RNG_PROTOCOL and hence can be used to test the kaslr-seed related
stuff), so I was not
able to test the implementation.
Now that the board is up, I think I can test and thrash out any
missing clogs in the approach.
> I've already added kaslr support (i.e. "virtual randomisation") to
> my kexec_file patch set.
> # just a few lines of code, though
Hmm, have you sent out a new version already (kexec_file_load), as the last
version in my inbox still mentions in the cover letter that we need a
EFI stub like approach
to really support CONFIG_RANDOMIZE_BASE. Or, am I missing something?
I would love to have a look at the patch and try it at my end, so
could you please share
a pointer to the same.
Regards,
Bhupesh
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2018-04-09 4:01 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 20:14 [Query] ARM64 kaslr support - randomness, seeding and kdump Bhupesh Sharma
2018-03-12 20:14 ` Bhupesh Sharma
2018-03-12 20:58 ` Ard Biesheuvel
2018-03-12 20:58 ` Ard Biesheuvel
2018-03-13 1:54 ` Dave Young
2018-03-13 1:54 ` Dave Young
2018-03-13 10:22 ` AKASHI Takahiro
2018-03-13 10:22 ` AKASHI Takahiro
2018-03-13 10:47 ` Mark Rutland
2018-03-13 10:47 ` Mark Rutland
2018-03-13 11:07 ` AKASHI Takahiro
2018-03-13 11:07 ` AKASHI Takahiro
2018-03-13 11:20 ` Mark Rutland
2018-03-13 11:20 ` Mark Rutland
2018-03-13 19:48 ` Bhupesh Sharma
2018-03-13 19:48 ` Bhupesh Sharma
2018-03-14 2:10 ` AKASHI Takahiro
2018-03-14 2:10 ` AKASHI Takahiro
2018-03-14 5:03 ` Bhupesh Sharma
2018-03-14 5:03 ` Bhupesh Sharma
2018-03-14 6:40 ` AKASHI Takahiro
2018-03-14 6:40 ` AKASHI Takahiro
2018-03-14 18:24 ` Mark Rutland
2018-03-14 18:24 ` Mark Rutland
2018-03-16 9:35 ` Bhupesh Sharma
2018-03-16 9:35 ` Bhupesh Sharma
2018-04-06 2:09 ` AKASHI Takahiro
2018-04-06 2:09 ` AKASHI Takahiro
2018-04-09 4:01 ` Bhupesh Sharma [this message]
2018-04-09 4:01 ` Bhupesh Sharma
2018-04-09 4:31 ` AKASHI Takahiro
2018-04-09 4:31 ` AKASHI Takahiro
2018-04-09 9:28 ` Ard Biesheuvel
2018-04-09 9:28 ` Ard Biesheuvel
2018-04-09 9:39 ` Baoquan He
2018-04-09 9:39 ` Baoquan He
2018-04-09 18:28 ` Bhupesh Sharma
2018-04-09 18:28 ` Bhupesh Sharma
2018-04-10 0:47 ` AKASHI Takahiro
2018-04-10 0:47 ` AKASHI Takahiro
2018-04-14 20:14 ` Bhupesh Sharma
2018-04-14 20:14 ` Bhupesh Sharma
2018-04-18 11:52 ` Mark Rutland
2018-04-18 11:52 ` Mark Rutland
2018-04-23 20:34 ` Bhupesh Sharma
2018-04-23 20:34 ` Bhupesh Sharma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACi5LpPe_C0fLFzsAHPD54X=D+AsYjvSyZi0yt_6=wFrWmvetw@mail.gmail.com' \
--to=bhsharma@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.