Re: amd64: kernel aslr support

To: tech-kern%NetBSD.org@localhost
Subject: Re: amd64: kernel aslr support
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Wed, 15 Nov 2017 19:40:55 +0100

Le 14/11/2017 à 15:43, Maxime Villard a écrit :

The size and number of these blocks is controlled by the split-by-file
parameter in Makefile.amd64. Right now it is set to 2MB, which produces a
kernel with ~23 allocatable (ie useful at runtime) sections, which is a third
of the total number supported (BTSPACE_NSEGS = 64). I will probably reduce
this parameter a bit in the future, to 1.5MB, or even 1MB.


Actually I just did it. So now it's 1MB (better security), physically shifted
by the prekern (better entropy), and mapped with large pages (better
performance). And along the way it mostly mitigates TLB cache attacks.

This is still wip but feel free to test, as always,
Maxime

Follow-Ups:
- Re: amd64: kernel aslr support
  - From: Thomas Klausner

References:
- amd64: kernel aslr support
  - From: Maxime Villard
- Re: amd64: kernel aslr support
  - From: Maxime Villard

Prev by Date: Re: kaslr: better rng
Next by Date: increase softint_bytes
Previous by Thread: Re: amd64: kernel aslr support
Next by Thread: Re: amd64: kernel aslr support
Indexes:

Home | Main Index | Thread Index | Old Index