diff options
| author | Kees Cook <keescook@chromium.org> | 2013-12-10 15:27:45 -0500 |
|---|---|---|
| committer | H. Peter Anvin <hpa@linux.intel.com> | 2014-01-14 13:45:56 -0500 |
| commit | da2b6fb990cf782b18952f534ec7323453bc4fc9 (patch) | |
| tree | e62a0446bfdd523aad2ac64b60cd7b577a04b0f2 /arch/x86 | |
| parent | 19259943f0954dcd1817f94776376bf51c6a46d5 (diff) | |
x86, kaslr: Clarify RANDOMIZE_BASE_MAX_OFFSET
The help text for RANDOMIZE_BASE_MAX_OFFSET was confusing. This has been
clarified, and updated to be an export-only tunable.
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: http://lkml.kernel.org/r/20131210202745.GA2961@www.outflux.net
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat (limited to 'arch/x86')
| -rw-r--r-- | arch/x86/Kconfig | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 596cd9edeb9c..5c9e19dccf2f 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
| @@ -1747,26 +1747,33 @@ config RANDOMIZE_BASE | |||
| 1747 | possible. At best, due to page table layouts, 64-bit can use | 1747 | possible. At best, due to page table layouts, 64-bit can use |
| 1748 | 9 bits of entropy and 32-bit uses 8 bits. | 1748 | 9 bits of entropy and 32-bit uses 8 bits. |
| 1749 | 1749 | ||
| 1750 | If unsure, say N. | ||
| 1751 | |||
| 1750 | config RANDOMIZE_BASE_MAX_OFFSET | 1752 | config RANDOMIZE_BASE_MAX_OFFSET |
| 1751 | hex "Maximum ASLR offset allowed" | 1753 | hex "Maximum kASLR offset allowed" if EXPERT |
| 1752 | depends on RANDOMIZE_BASE | 1754 | depends on RANDOMIZE_BASE |
| 1753 | range 0x0 0x20000000 if X86_32 | 1755 | range 0x0 0x20000000 if X86_32 |
| 1754 | default "0x20000000" if X86_32 | 1756 | default "0x20000000" if X86_32 |
| 1755 | range 0x0 0x40000000 if X86_64 | 1757 | range 0x0 0x40000000 if X86_64 |
| 1756 | default "0x40000000" if X86_64 | 1758 | default "0x40000000" if X86_64 |
| 1757 | ---help--- | 1759 | ---help--- |
| 1758 | Determines the maximal offset in bytes that will be applied to the | 1760 | The lesser of RANDOMIZE_BASE_MAX_OFFSET and available physical |
| 1759 | kernel when Address Space Layout Randomization (ASLR) is active. | 1761 | memory is used to determine the maximal offset in bytes that will |
| 1760 | Must be less than or equal to the actual physical memory on the | 1762 | be applied to the kernel when kernel Address Space Layout |
| 1761 | system. This must be a multiple of CONFIG_PHYSICAL_ALIGN. | 1763 | Randomization (kASLR) is active. This must be a multiple of |
| 1764 | PHYSICAL_ALIGN. | ||
| 1765 | |||
| 1766 | On 32-bit this is limited to 512MiB by page table layouts. The | ||
| 1767 | default is 512MiB. | ||
| 1762 | 1768 | ||
| 1763 | On 32-bit this is limited to 512MiB. | 1769 | On 64-bit this is limited by how the kernel fixmap page table is |
| 1770 | positioned, so this cannot be larger than 1GiB currently. Without | ||
| 1771 | RANDOMIZE_BASE, there is a 512MiB to 1.5GiB split between kernel | ||
| 1772 | and modules. When RANDOMIZE_BASE_MAX_OFFSET is above 512MiB, the | ||
| 1773 | modules area will shrink to compensate, up to the current maximum | ||
| 1774 | 1GiB to 1GiB split. The default is 1GiB. | ||
| 1764 | 1775 | ||
| 1765 | On 64-bit this is limited by how the kernel fixmap page table is | 1776 | If unsure, leave at the default value. |
| 1766 | positioned, so this cannot be larger that 1GiB currently. Normally | ||
| 1767 | there is a 512MiB to 1.5GiB split between kernel and modules. When | ||
| 1768 | this is raised above the 512MiB default, the modules area will | ||
| 1769 | shrink to compensate, up to the current maximum 1GiB to 1GiB split. | ||
| 1770 | 1777 | ||
| 1771 | # Relocation on x86 needs some additional build support | 1778 | # Relocation on x86 needs some additional build support |
| 1772 | config X86_NEED_RELOCS | 1779 | config X86_NEED_RELOCS |