On Tue, Mar 07, 2017 at 07:16:56AM -0500, Tom Rini wrote:
On Tue, Mar 07, 2017 at 11:43:52AM +0000, Mark Rutland wrote:
On Tue, Feb 28, 2017 at 12:15:09PM -0500, Tom Rini wrote:
On Wed, Mar 01, 2017 at 02:03:58AM +0900, Masahiro Yamada wrote:
2017-02-27 7:41 GMT+09:00 Tom Rini trini@konsulko.com: If we put the image at 2MiB aligned base, the relocation would always happen.
Correct. But I honestly don't know if non-randomized text offset is the common case people will optimize for or randomized for added security will be the more common case.
FWIW, the randomized text_offset is a bootloader debugging/testing feature, and there's no security aspect to it.
It was added [1] as an additional to hint to bootloader authors that they must respect the text_offset field.
Right, and we do this today. But since this doubles as a kind of cheap KASLR I would also expect to see it used, even if not intended, in this way.
I can certainly imagine people loading the kernel at a random physical base address (i.e. a random 2M base + text_offset), and doing that's perfectly fine for kernels happy to be loaded at arbitrary bases. That may help to frustrate some DMA attacks.
I take it that's what you meant?
Given text_offset itself is fixed at compile time, randomizing it provides absolutely no security benefit, and we should be careful not to give the impression that it does.
Thanks, Mark.