CVS commit: src/sys/arch/amd64/stand/prekern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/arch/amd64/stand/prekern
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Sun, 29 Oct 2017 11:28:30 +0000

Module Name:    src
Committed By:   maxv
Date:           Sun Oct 29 11:28:30 UTC 2017

Modified Files:
        src/sys/arch/amd64/stand/prekern: elf.c locore.S mm.c prekern.c
            prekern.h

Log Message:
Randomize the kernel segments independently. That is to say, put text,
rodata and data at different addresses (and in a random order).

To achieve that, the mapping order in the prekern is changed. Until now,
we were creating the kernel map the following way:
        -> choose a random VA
        -> map [kernpa_start; kernpa_end[ at this VA
        -> parse the ELF structures from there
        -> determine where exactly the kernel segments are located
        -> relocate etc
Now, we are doing:
        -> create a read-only view of [kernpa_start; kernpa_end[
        -> from this view, compute the size of the "head" region
        -> choose a random VA in the HEAD window, and map the head there
        -> for each region in (text, rodata, data, boot)
                -> compute the size of the region from the RO view
                -> choose a random VA in the KASLR window
                -> map the region there
        -> relocate etc

Each time we map a region, we initialize its bootspace fields right away.

The "head" region must be put before the other regions in memory, because
the kernel uses (headva + sh_offset) to get the addresses of the symbols,
and the offset is unsigned.

Given that the head does not have an mcmodel constraint, its location is
randomized in a window located below the KASLR window.

The rest of the regions being in the same window, we need to detect
collisions.

Note that the module map is embedded in the "boot" region, and that
therefore its location is randomized too.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/sys/arch/amd64/stand/prekern/elf.c
cvs rdiff -u -r1.2 -r1.3 src/sys/arch/amd64/stand/prekern/locore.S \
    src/sys/arch/amd64/stand/prekern/prekern.c \
    src/sys/arch/amd64/stand/prekern/prekern.h
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/amd64/stand/prekern/mm.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/arch/amd64/amd64
Next by Date: CVS commit: src/sys/arch/amd64/stand/prekern
Previous by Thread: CVS commit: src/sys/arch/amd64/amd64
Next by Thread: CVS commit: src/sys/arch/amd64/stand/prekern
Indexes:

Home | Main Index | Thread Index | Old Index