From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Aci7=DC=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,
	SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6E4D3C4727F
	for <linux-arm-kernel@archiver.kernel.org>; Fri, 25 Sep 2020 20:38:52 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 0F3DB207C4
	for <linux-arm-kernel@archiver.kernel.org>; Fri, 25 Sep 2020 20:38:51 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HvYfkJDf";
	dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="qNb+YYrX"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0F3DB207C4
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:In-Reply-To:
	References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=FIBKUZwaZz1Ki4A4+SEFCN+HEERsilReizNdsWEPXas=; b=HvYfkJDfpkMius8jFZc06eVy5
	Kq5jmOftNY9wopgjoZuWpT1/02bv+J6CEEhp8arbuWlL0PQP3th5O/yF6ybjgwlTwozItUOIIjrvm
	Vr3OsIQFX7Hijh4njddrya+81mT1Yt37XybC81WGrd6HOQ4vsPgAT7GgS0B0vSjx080PVBTmFMC5W
	kJbkaIwjE5FCpqzuq+HZ1qCIDVCtW2ZU0tQdihzu441r7qZVzUSzhB4d8OHiYLSEYKSLvOiLwj6C7
	rx4bpDd5PIBUVM6a5IAMgYkeD3JZVouQrleEAnUYlaFk2T2+mJdDF4jznXqGYmeY+DdkMKN5/0znc
	WheXzTO/Q==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1kLuSz-0006fb-BR; Fri, 25 Sep 2020 20:37:17 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1kLuSw-0006es-Pl
 for linux-arm-kernel@lists.infradead.org; Fri, 25 Sep 2020 20:37:15 +0000
Received: from mail-oo1-f46.google.com (mail-oo1-f46.google.com
 [209.85.161.46])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.kernel.org (Postfix) with ESMTPSA id BE9AD2389E
 for <linux-arm-kernel@lists.infradead.org>;
 Fri, 25 Sep 2020 20:37:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1601066232;
 bh=WZbwT2IHsLPVib9LWqjiQ9VL5NAX2HL7HRcoYiVNWkw=;
 h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
 b=qNb+YYrX1jzXjp9FjsAl2BzlcqEssgXd1+vfLdR4Xy44/ZcEKjpTebtcmPhIR1H14
 qDu+TTbe/P+cWMxj4asNU+S7SegNTtpQqbd6Hlro7NTGLUHUaDM1UjbykZJgEMz5f3
 AEWddnez0BlRcuPJXCE4x3QDSn8sKiuW2OWoAzXo=
Received: by mail-oo1-f46.google.com with SMTP id t3so1064834ook.8
 for <linux-arm-kernel@lists.infradead.org>;
 Fri, 25 Sep 2020 13:37:12 -0700 (PDT)
X-Gm-Message-State: AOAM532yJQ9eyLqfIg/4tqHUXMot1b/lLw/NnySreM4zyJBdRaiSGVzH
 CLKxlKCikemk1Sb5fX7aKQhuwVoDm2vMCKNqg+I=
X-Google-Smtp-Source: ABdhPJy5yn+k2qTffdPEkwz81q4jfUywaUdKX4eyqIezGZqX1pvY0kQk58CIUkInD4MoUX3cSwW3s41Wr8o4wcTAQO8=
X-Received: by 2002:a4a:4910:: with SMTP id z16mr2063269ooa.41.1601066231895; 
 Fri, 25 Sep 2020 13:37:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAOuPNLjtG_VHL1M8-=pKNNRmWQg_8oC0YG7C8H3gQcbJ+0B3=A@mail.gmail.com>
 <202009251301.A1FD183582@keescook>
In-Reply-To: <202009251301.A1FD183582@keescook>
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 25 Sep 2020 22:37:01 +0200
X-Gmail-Original-Message-ID: <CAMj1kXGtv84JHQfKoqOYyq=3m2w0Yuj_n4_Teo83zvdZ9kpZhw@mail.gmail.com>
Message-ID: <CAMj1kXGtv84JHQfKoqOYyq=3m2w0Yuj_n4_Teo83zvdZ9kpZhw@mail.gmail.com>
Subject: Re: KASLR support on ARM with Kernel 4.9 and 4.14
To: Kees Cook <keescook@chromium.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200925_163714_980579_5AC69F17 
X-CRM114-Status: GOOD (  29.79  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Mark Rutland <mark.rutland@arm.com>, Thomas Garnier <thgarnie@google.com>,
 Pintu Agarwal <pintu.ping@gmail.com>, Arnd Bergmann <arnd@arndb.de>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Marc Zyngier <marc.zyngier@arm.com>,
 Kernelnewbies <kernelnewbies@kernelnewbies.org>,
 Russell King - ARM Linux <linux@armlinux.org.uk>,
 open list <linux-kernel@vger.kernel.org>, Tony Lindgren <tony@atomide.com>,
 nico@linaro.org, Dave Martin <dave.martin@arm.com>, matt@codeblueprint.co.uk,
 "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE"
 <linux-arm-kernel@lists.infradead.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Fri, 25 Sep 2020 at 22:28, Kees Cook <keescook@chromium.org> wrote:
>
> On Fri, Sep 25, 2020 at 08:33:59PM +0530, Pintu Agarwal wrote:
> > This is regarding the KASLR feature support on ARM for the kernel
> > version 4.9 and 4.14.
> >
> > Is KASLR supported on ARM-32 Linux 4.9 and above ?
>
> Sorry, this feature did not yet land in upstream:
> https://github.com/KSPP/linux/issues/3
>
> Here was the earlier effort:
> https://lore.kernel.org/kernel-hardening/20170814125411.22604-1-ard.biesheuvel@linaro.org/
>
> > Is it dependent on CONFIG_RANDOMIZE_BASE or
>
> CONFIG_RANDOMIZE_BASE is what is used on other architectures to control
> the feature.
>
> > /proc/sys/kernel/randomize_va_space ?
> > Is there any relation between these two?
>
> No, the latter is about userspace addresses.
>
> > Is the changing kernel symbols (in every boot), only possible if KASLR
> > is enabled, or there is another way it can happen?
>
> I think you meant kernel symbol addresses (not the symbols themselves).
> But yes, I wouldn't expect the addresses to move if you didn't either
> rebuild the kernel or had something else moving the kernel at boot (i.e.
> the boot loader).
>
> > I have these queries because,
> > In one of the arm-32 devices with Kernel 4.14, I observed that
> > CONFIG_RANDOMIZE_BASE is not available.
> > But /proc/sys/kernel/randomize_va_space is set to 2.
> > However, I also observed that symbol addresses are changing in every boot.
> >
> > 1st boot cycle:
> > [root ~]# cat /proc/kallsyms | grep "sys_open"
> > a5b4de92 T sys_open
> > [root@sa515m ~]#
> >
> > 2nd boot cycle:
> > [root ~]# cat /proc/kallsyms | grep "sys_open"
> > f546ed66 T sys_open
> >
> > So, I am wondering how this is possible without KASLR
> > (CONFIG_RANDOMIZE_BASE) support in Kernel ?
>

Those addresses were obfuscated by kptr_restrict

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel