Re: amd64: kernel aslr support

[christos%astron.com@localhost (Christos Zoulas)]

In article <5cee5471-dc6f-db16-8914-75ad5ad15076%m00nbsd.net@localhost>,
Maxime Villard  <max%m00nbsd.net@localhost> wrote:
>Le 04/10/2017 à 21:00, Maxime Villard a écrit :
>> Here is a Kernel ASLR implementation for NetBSD-amd64.
>> [...]
>> Known issues:
>>  * Right now, the kernel segments are contiguous. Starting from this
>>    implementation, it wouldn't be really difficult to randomize the segments
>>    independently - adding gaps between them and changing their order too.
>>    Then, we could split the segments themselves in sub-blocks and intertwine
>>    them.
>> [...]
>
>So, I did it. Now the kernel sections are split in sub-blocks, and are all
>randomized independently. See my drawing [1].
>
>What it means in practice, is that Kernel ASLR is much more difficult to
>defeat: a cache attack will at most allow you to know that a given range is
>mapped as executable for example, but you don't know which sub-block of .text
>it is; a kernel pointer leak will at most allow you to reconstruct the layout
>of one sub-block, but you don't know the layout and address of the remaining
>blocks, and there can be many.
>
>The size and number of these blocks is controlled by the split-by-file
>parameter in Makefile.amd64. Right now it is set to 2MB, which produces a
>kernel with ~23 allocatable (ie useful at runtime) sections, which is a third
>of the total number supported (BTSPACE_NSEGS = 64). I will probably reduce
>this parameter a bit in the future, to 1.5MB, or even 1MB.
>
>All of that leaves us with about the most advanced KASLR implementation
>available out there. There are ways to improve it even more, but you'll have
>to wait a few weeks for that.
>
>If you want to try it out you need to make sure you have the latest versions
>of GENERIC_KASLR / prekern / bootloader. The instructions are still here [2],
>and haven't changed.

Very nicely done!

christos