On Mon, Apr 15, 2013 at 2:25 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 04/15/2013 02:06 PM, Eric Northup wrote: >> On Sat, Apr 13, 2013 at 8:06 PM, H. Peter Anvin <h...@zytor.com> wrote: >>> On 04/13/2013 05:37 PM, Yinghai Lu wrote: >>>> >>>> so decompress code position is changed? >>>> >>>> You may push out bss and other data area of run-time kernel of limit >>>> that boot loader >>>> chose according to setup_header.init_size. >>>> aka that make those area overlap with ram hole or other area like >>>> boot command line or initrd.... >>>> >>> >>> Is there a strong reason to randomize the physical address on 64 bits >>> (and if so, shouldn't we do it right?) >> >> The reason to randomize the physical address is because of the kernel >> direct mapping range -- a predictable-to-attackers physical address >> implies a predictable-to-attackers virtual address. >> >> It had seemed to me like changing the virtual base of the direct >> mapping would be much more involved than physically relocating the >> kernel, but better suggestions would be most welcome :-) >> > > You seem to be missing something here... > > There are *two* mappings in 64-bit mode. Physically, if you're going to > randomize you might as well randomize over the entire range... except > not too far down (on either 32 or 64 bit mode)... in particular, you > don't want to drop below 16 MiB if you can avoid it. > > On 64 bits, there is no reason the virtual address has to be randomized > the same way.
Aren't we bound by the negative 2GB addressing due to -mcmodel=kernel? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
