x86, kaslr: boot-time selectable with hibernation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Changes kASLR from being compile-time selectable (blocked by
CONFIG_HIBERNATION), to being boot-time selectable (with hibernation
available by default) via the "kaslr" kernel command line.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

authored by

Kees Cook and committed by

Rafael J. Wysocki 11 years ago 24f2e027 a6e15a39

+22 -7

4 changed files

expand all

Documentation

kernel-parameters.txt

arch

x86

Kconfig

boot

compressed

aslr.c

kernel

power

hibernate.c

+7 -4

Documentation/kernel-parameters.txt

··· 1474 1474 js= [HW,JOY] Analog joystick 1475 1475 See Documentation/input/joystick.txt. 1476 1476 1477 + kaslr/nokaslr [X86] 1478 + Enable/disable kernel and module base offset ASLR 1479 + (Address Space Layout Randomization) if built into 1480 + the kernel. When CONFIG_HIBERNATION is selected, 1481 + kASLR is disabled by default. When kASLR is enabled, 1482 + hibernation will be disabled. 1483 + 1477 1484 keepinitrd [HW,ARM] 1478 1485 1479 1486 kernelcore=nn[KMG] [KNL,X86,IA-64,PPC] This parameter ··· 2116 2109 2117 2110 noapic [SMP,APIC] Tells the kernel to not make use of any 2118 2111 IOAPICs that may be present in the system. 2119 - 2120 - nokaslr [X86] 2121 - Disable kernel and module base offset ASLR (Address 2122 - Space Layout Randomization) if built into the kernel. 2123 2112 2124 2113 noautogroup Disable scheduler automatic task group creation. 2125 2114

-1

arch/x86/Kconfig

··· 1672 1672 config RANDOMIZE_BASE 1673 1673 bool "Randomize the address of the kernel image" 1674 1674 depends on RELOCATABLE 1675 - depends on !HIBERNATION 1676 1675 default n 1677 1676 ---help--- 1678 1677 Randomizes the physical and virtual address at which the

+9 -2

arch/x86/boot/compressed/aslr.c

··· 289 289 unsigned long choice = (unsigned long)output; 290 290 unsigned long random; 291 291 292 - if (cmdline_find_option_bool("nokaslr")) { 293 - debug_putstr("KASLR disabled...\n"); 292 + #ifdef CONFIG_HIBERNATION 293 + if (!cmdline_find_option_bool("kaslr")) { 294 + debug_putstr("KASLR disabled by default...\n"); 294 295 goto out; 295 296 } 297 + #else 298 + if (cmdline_find_option_bool("nokaslr")) { 299 + debug_putstr("KASLR disabled by cmdline...\n"); 300 + goto out; 301 + } 302 + #endif 296 303 297 304 /* Record the various known unsafe memory ranges. */ 298 305 mem_avoid_init((unsigned long)input, input_size,

kernel/power/hibernate.c

··· 1153 1153 return 1; 1154 1154 } 1155 1155 1156 + static int __init kaslr_nohibernate_setup(char *str) 1157 + { 1158 + return nohibernate_setup(str); 1159 + } 1160 + 1156 1161 __setup("noresume", noresume_setup); 1157 1162 __setup("resume_offset=", resume_offset_setup); 1158 1163 __setup("resume=", resume_setup); ··· 1165 1160 __setup("resumewait", resumewait_setup); 1166 1161 __setup("resumedelay=", resumedelay_setup); 1167 1162 __setup("nohibernate", nohibernate_setup); 1163 + __setup("kaslr", kaslr_nohibernate_setup);