diff options
Diffstat (limited to 'arch/x86/Kconfig')
-rw-r--r-- | arch/x86/Kconfig | 59 |
1 files changed, 55 insertions, 4 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5216e283820d..cd18b8393400 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
@@ -1693,16 +1693,67 @@ config RELOCATABLE | |||
1693 | 1693 | ||
1694 | Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address | 1694 | Note: If CONFIG_RELOCATABLE=y, then the kernel runs from the address |
1695 | it has been loaded at and the compile time physical address | 1695 | it has been loaded at and the compile time physical address |
1696 | (CONFIG_PHYSICAL_START) is ignored. | 1696 | (CONFIG_PHYSICAL_START) is used as the minimum location. |
1697 | 1697 | ||
1698 | # Relocation on x86-32 needs some additional build support | 1698 | config RANDOMIZE_BASE |
1699 | bool "Randomize the address of the kernel image" | ||
1700 | depends on RELOCATABLE | ||
1701 | depends on !HIBERNATION | ||
1702 | default n | ||
1703 | ---help--- | ||
1704 | Randomizes the physical and virtual address at which the | ||
1705 | kernel image is decompressed, as a security feature that | ||
1706 | deters exploit attempts relying on knowledge of the location | ||
1707 | of kernel internals. | ||
1708 | |||
1709 | Entropy is generated using the RDRAND instruction if it is | ||
1710 | supported. If RDTSC is supported, it is used as well. If | ||
1711 | neither RDRAND nor RDTSC are supported, then randomness is | ||
1712 | read from the i8254 timer. | ||
1713 | |||
1714 | The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET, | ||
1715 | and aligned according to PHYSICAL_ALIGN. Since the kernel is | ||
1716 | built using 2GiB addressing, and PHYSICAL_ALGIN must be at a | ||
1717 | minimum of 2MiB, only 10 bits of entropy is theoretically | ||
1718 | possible. At best, due to page table layouts, 64-bit can use | ||
1719 | 9 bits of entropy and 32-bit uses 8 bits. | ||
1720 | |||
1721 | If unsure, say N. | ||
1722 | |||
1723 | config RANDOMIZE_BASE_MAX_OFFSET | ||
1724 | hex "Maximum kASLR offset allowed" if EXPERT | ||
1725 | depends on RANDOMIZE_BASE | ||
1726 | range 0x0 0x20000000 if X86_32 | ||
1727 | default "0x20000000" if X86_32 | ||
1728 | range 0x0 0x40000000 if X86_64 | ||
1729 | default "0x40000000" if X86_64 | ||
1730 | ---help--- | ||
1731 | The lesser of RANDOMIZE_BASE_MAX_OFFSET and available physical | ||
1732 | memory is used to determine the maximal offset in bytes that will | ||
1733 | be applied to the kernel when kernel Address Space Layout | ||
1734 | Randomization (kASLR) is active. This must be a multiple of | ||
1735 | PHYSICAL_ALIGN. | ||
1736 | |||
1737 | On 32-bit this is limited to 512MiB by page table layouts. The | ||
1738 | default is 512MiB. | ||
1739 | |||
1740 | On 64-bit this is limited by how the kernel fixmap page table is | ||
1741 | positioned, so this cannot be larger than 1GiB currently. Without | ||
1742 | RANDOMIZE_BASE, there is a 512MiB to 1.5GiB split between kernel | ||
1743 | and modules. When RANDOMIZE_BASE_MAX_OFFSET is above 512MiB, the | ||
1744 | modules area will shrink to compensate, up to the current maximum | ||
1745 | 1GiB to 1GiB split. The default is 1GiB. | ||
1746 | |||
1747 | If unsure, leave at the default value. | ||
1748 | |||
1749 | # Relocation on x86 needs some additional build support | ||
1699 | config X86_NEED_RELOCS | 1750 | config X86_NEED_RELOCS |
1700 | def_bool y | 1751 | def_bool y |
1701 | depends on X86_32 && RELOCATABLE | 1752 | depends on RANDOMIZE_BASE || (X86_32 && RELOCATABLE) |
1702 | 1753 | ||
1703 | config PHYSICAL_ALIGN | 1754 | config PHYSICAL_ALIGN |
1704 | hex "Alignment value to which kernel should be aligned" | 1755 | hex "Alignment value to which kernel should be aligned" |
1705 | default "0x1000000" | 1756 | default "0x200000" |
1706 | range 0x2000 0x1000000 if X86_32 | 1757 | range 0x2000 0x1000000 if X86_32 |
1707 | range 0x200000 0x1000000 if X86_64 | 1758 | range 0x200000 0x1000000 if X86_64 |
1708 | ---help--- | 1759 | ---help--- |