Re: port-amd64/58366: KASLR broken

To: Taylor R Campbell <campbell%mumble.net@localhost>
Subject: Re: port-amd64/58366: KASLR broken
From: Harold Gutch <logix%foobar.franken.de@localhost>
Date: Mon, 1 Jul 2024 03:42:05 +0200

On Sun, Jun 30, 2024 at 02:35:34PM +0000, Taylor R Campbell wrote:
> But when the kernel is linked with `--split-by-file=0x100000', the
> combined .rodata section is split into multiple subsections sometimes
> on _non-aligned_ boundaries with _less_ alignment:

Changing this to --split-by-file=0x800000 seems to improve things,
with that I survived a couple of reboot loops without any issues.  But
I might have just gotten (un)lucky of course.  I don't know if values
that are not powers of two make sense here but 0x400000 is not enough,
with that I still see the panics.

> We can try removing `--split-by-file', but that will reduce the
> efficacy of KASLR as a security measure, since it will only be able to
> randomize .rodata (and .text and .data and ...) as a whole and not the
> separate parts of each section independently.

Yes, without --split-by-file I also don't see the panics anymore.

  Harold

References:
- Re: port-amd64/58366: KASLR broken
  - From: Harold Gutch
- Re: port-amd64/58366: KASLR broken
  - From: Taylor R Campbell

Prev by Date: Re: kern/58317: hang in vcache_vget()
Next by Date: Re: port-amd64/58366: KASLR broken
Previous by Thread: Re: port-amd64/58366: KASLR broken
Next by Thread: Re: port-amd64/58366: KASLR broken
Indexes:

Home | Main Index | Thread Index | Old Index