diff options
author | Kees Cook <keescook@chromium.org> | 2014-06-13 13:30:36 -0700 |
---|---|---|
committer | Rafael J. Wysocki <rafael.j.wysocki@intel.com> | 2014-06-16 23:30:44 +0200 |
commit | 24f2e0273f80ec262a772059e140a0adef35296d (patch) | |
tree | abc4fadb0de6845ed9c4b88918f14b54e5d213c5 /arch | |
parent | a6e15a39048ec3229b9a53425f4384f55f6cc1b3 (diff) | |
download | op-kernel-dev-24f2e0273f80ec262a772059e140a0adef35296d.zip op-kernel-dev-24f2e0273f80ec262a772059e140a0adef35296d.tar.gz |
x86, kaslr: boot-time selectable with hibernation
Changes kASLR from being compile-time selectable (blocked by
CONFIG_HIBERNATION), to being boot-time selectable (with hibernation
available by default) via the "kaslr" kernel command line.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/x86/Kconfig | 1 | ||||
-rw-r--r-- | arch/x86/boot/compressed/aslr.c | 9 |
2 files changed, 8 insertions, 2 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index fcefdda..a8f749e 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1672,7 +1672,6 @@ config RELOCATABLE config RANDOMIZE_BASE bool "Randomize the address of the kernel image" depends on RELOCATABLE - depends on !HIBERNATION default n ---help--- Randomizes the physical and virtual address at which the diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c index 4dbf967..fc6091a 100644 --- a/arch/x86/boot/compressed/aslr.c +++ b/arch/x86/boot/compressed/aslr.c @@ -289,10 +289,17 @@ unsigned char *choose_kernel_location(unsigned char *input, unsigned long choice = (unsigned long)output; unsigned long random; +#ifdef CONFIG_HIBERNATION + if (!cmdline_find_option_bool("kaslr")) { + debug_putstr("KASLR disabled by default...\n"); + goto out; + } +#else if (cmdline_find_option_bool("nokaslr")) { - debug_putstr("KASLR disabled...\n"); + debug_putstr("KASLR disabled by cmdline...\n"); goto out; } +#endif /* Record the various known unsafe memory ranges. */ mem_avoid_init((unsigned long)input, input_size, |