Re: port-amd64/58366: KASLR broken

To: port-amd64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,logix%foobar.franken.de@localhost
Subject: Re: port-amd64/58366: KASLR broken
From: Harold Gutch <logix%foobar.franken.de@localhost>
Date: Mon, 1 Jul 2024 01:45:02 +0000 (UTC)

The following reply was made to PR port-amd64/58366; it has been noted by GNATS.

From: Harold Gutch <logix%foobar.franken.de@localhost>
To: Taylor R Campbell <campbell%mumble.net@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, port-amd64-maintainer%NetBSD.org@localhost,
        gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: port-amd64/58366: KASLR broken
Date: Mon, 1 Jul 2024 03:42:05 +0200

 On Sun, Jun 30, 2024 at 02:35:34PM +0000, Taylor R Campbell wrote:
 > But when the kernel is linked with `--split-by-file=0x100000', the
 > combined .rodata section is split into multiple subsections sometimes
 > on _non-aligned_ boundaries with _less_ alignment:

 Changing this to --split-by-file=0x800000 seems to improve things,
 with that I survived a couple of reboot loops without any issues.  But
 I might have just gotten (un)lucky of course.  I don't know if values
 that are not powers of two make sense here but 0x400000 is not enough,
 with that I still see the panics.

 > We can try removing `--split-by-file', but that will reduce the
 > efficacy of KASLR as a security measure, since it will only be able to
 > randomize .rodata (and .text and .data and ...) as a whole and not the
 > separate parts of each section independently.

 Yes, without --split-by-file I also don't see the panics anymore.

   Harold

Prev by Date: Re: port-amd64/58366: KASLR broken
Next by Date: Re: kern/57325 (Crash on boot w/ amdgpu driver on Lenovo ThinkCentre M75n)
Previous by Thread: Re: port-amd64/58366: KASLR broken
Next by Thread: port-amd64/58367: prekern does not honor console device
Indexes:

Home | Main Index | Thread Index | Old Index