On 04.10.2017 21:00, Maxime Villard wrote: > Here is a Kernel ASLR implementation for NetBSD-amd64. It is light, > functional, > user-friendly, and does not break any feature of the system. > Instructions on > how to install and use it can be found here [1]. I'm looking forward to see it aboard in mainline. I'm also asking why it needs a separate prekern, and not being integrated in the kernel? How much is it MI-friendly? This is an enterprise standard feature today. I noted that Fuchsia developers enabled kaslr even before finishing their scheduler. In terms of kasan (and certainly ktsan) + kaslr coexistence, we need to reserve a shadow buffer that is 1/8 of the allocated kernel memory. So something like 1/7 of potential memory that is contiguous should be untouched to make kasan easier.
Attachment:
signature.asc
Description: OpenPGP digital signature