diff options
| author | Youling Tang <tangyouling@loongson.cn> | 2023-02-25 15:52:56 +0800 |
|---|---|---|
| committer | Huacai Chen <chenhuacai@loongson.cn> | 2023-02-25 22:12:17 +0800 |
| commit | e5f02b51fa0cb785e352e77271a65e96051b789b (patch) | |
| tree | 843d66d45eec2f69de38952774c747ed29adf065 /arch/loongarch/Kconfig | |
| parent | d8da19fbdedd5852592fbba18a7348e3f09500e6 (diff) | |
LoongArch: Add support for kernel address space layout randomization (KASLR)
This patch adds support for relocating the kernel to a random address.
Entropy is derived from the banner, which will change every build and
random_get_entropy() which should provide additional runtime entropy.
The kernel is relocated by up to RANDOMIZE_BASE_MAX_OFFSET bytes from
its link address. Because relocation happens so early during the kernel
booting, the amount of physical memory has not yet been determined. This
means the only way to limit relocation within the available memory is
via Kconfig. So we limit the maximum value of RANDOMIZE_BASE_MAX_OFFSET
to 256M (0x10000000) because our memory layout has many holes.
Signed-off-by: Youling Tang <tangyouling@loongson.cn>
Signed-off-by: Xi Ruoyao <xry111@xry111.site> # Fix compiler warnings
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Diffstat (limited to 'arch/loongarch/Kconfig')
| -rw-r--r-- | arch/loongarch/Kconfig | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig index 32ab90dd76e5..2fc18a3c565e 100644 --- a/arch/loongarch/Kconfig +++ b/arch/loongarch/Kconfig @@ -501,6 +501,31 @@ config RELOCATABLE the kernel binary at runtime to a different virtual address from its link address. +config RANDOMIZE_BASE + bool "Randomize the address of the kernel (KASLR)" + depends on RELOCATABLE + help + Randomizes the physical and virtual address at which the + kernel image is loaded, as a security feature that + deters exploit attempts relying on knowledge of the location + of kernel internals. + + The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET. + + If unsure, say N. + +config RANDOMIZE_BASE_MAX_OFFSET + hex "Maximum KASLR offset" if EXPERT + depends on RANDOMIZE_BASE + range 0x0 0x10000000 + default "0x01000000" + help + When KASLR is active, this provides the maximum offset that will + be applied to the kernel image. It should be set according to the + amount of physical RAM available in the target system. + + This is limited by the size of the lower address memory, 256MB. + config SECCOMP bool "Enable seccomp to safely compute untrusted bytecode" depends on PROC_FS |