From patchwork Wed Apr 6 19:44:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 8765131 Return-Path: X-Original-To: patchwork-linux-pm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 291E39F372 for ; Wed, 6 Apr 2016 19:44:41 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2D5B3201ED for ; Wed, 6 Apr 2016 19:44:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2B13A201CD for ; Wed, 6 Apr 2016 19:44:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752906AbcDFToK (ORCPT ); Wed, 6 Apr 2016 15:44:10 -0400 Received: from mail-pa0-f47.google.com ([209.85.220.47]:35296 "EHLO mail-pa0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752627AbcDFToJ (ORCPT ); Wed, 6 Apr 2016 15:44:09 -0400 Received: by mail-pa0-f47.google.com with SMTP id td3so39070963pab.2 for ; Wed, 06 Apr 2016 12:44:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=r4hE5snbF8JaVqD7NIMr+n099eEygFjsVBHBPR6IA2I=; b=A4+aqnr6dmvITWLn+W+bLOwTJ534wkVXARLM2oM5yiDUtFS2fMVB9mzUe1j3DY/3gC Hf+brXBoUKMkdCJSVAdEEeCp2Ax0WYak/SWvTxfSC4RnoNaw4YAeekiCSAlFo4XXvUqh fyHETfi5WmKjkwE0bDbgt+4o+Td0SPK6OPHvY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=r4hE5snbF8JaVqD7NIMr+n099eEygFjsVBHBPR6IA2I=; b=GdZMfnTpsMQmttQXFWz3+1PBLJMJtISUIzb1FyunPgxR8ft2PvAY8kR5UnOPvhggbJ IH+7E2E6yZMZQ3Ab/Yi5dFCbMIvWqzny03kKYF96BGJPP1IvBH9SGmJR46mFlUd3Fvu4 a2hzwDJgNWCbb+3TSYgF8Ukb5uQVJYHNruZ8yHEnNwVScw3hHlkfuGurzY/1uLXI5KiO AhA0YKld1eseXLNG38kMT3Gnszspm5NuPaX6hBJd9DVe6wn8Lv4sOx7B8aPGvjDHMGqU RTuyfcp4Fhim797vuSPZzS8rn/8wNYc2MJvpV8tq7LR5yYN1jElSrj4sBW97ivDQ/Obx VGCw== X-Gm-Message-State: AD7BkJJ6+YZWFOuMeF35r/9MBxHfjl9yQuzqHCVjfbd7ZjWEidyLuUPbiVDxfarTMqsBVA== X-Received: by 10.66.102.37 with SMTP id fl5mr73693178pab.32.1459971847653; Wed, 06 Apr 2016 12:44:07 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id fw9sm6795218pac.21.2016.04.06.12.44.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Apr 2016 12:44:06 -0700 (PDT) Date: Wed, 6 Apr 2016 12:44:04 -0700 From: Kees Cook To: Linus Torvalds Cc: Ard Biesheuvel , Matt Redfearn , Yves-Alexis Perez , Emrah Demir , Jonathan Corbet , x86@kernel.org, "Rafael J. Wysocki" , Len Brown , Pavel Machek , Borislav Petkov , Andy Lutomirski , linux-doc@vger.kernel.org, linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH] Prefer kASLR over Hibernation Message-ID: <20160406194404.GA11150@www.outflux.net> MIME-Version: 1.0 Content-Disposition: inline Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, one or the other must be chosen at boot-time. Until now, hibernation was selected when no choice was made on the command line. To make the security benefits of kASLR more widely available to end users (since the use of hibernation is becoming more rare and kASLR, already available on x86, will be available on arm64 and MIPS soon), this changes the default to preferring kASLR over hibernation. Users wanting hibernation can turn off kASLR by adding "nokaslr" to the kernel command line. Suggested-by: Linus Torvalds Signed-off-by: Kees Cook Acked-by: Rafael J. Wysocki --- Documentation/kernel-parameters.txt | 7 +++++-- arch/x86/boot/compressed/aslr.c | 7 ------- kernel/power/hibernate.c | 13 +++++++++++++ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index ecc74fa4bfde..71393ec89295 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -1774,8 +1774,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Enable/disable kernel and module base offset ASLR (Address Space Layout Randomization) if built into the kernel. When CONFIG_HIBERNATION is selected, - kASLR is disabled by default. When kASLR is enabled, - hibernation will be disabled. + kASLR must be disabled for hibernation to be + available. keepinitrd [HW,ARM] @@ -3513,6 +3513,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. (e.g. USB and MMC devices). hibernate= [HIBERNATION] + When CONFIG_RANDOMIZE_BASE is defined, hibernation + is disabled by default. Hibernation can be enabled + by passing "nokaslr" on the kernel command line. noresume Don't check if there's a hibernation image present during boot. nocompress Don't compress/decompress hibernation images. diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c index 6a9b96b4624d..81e2835c0dfb 100644 --- a/arch/x86/boot/compressed/aslr.c +++ b/arch/x86/boot/compressed/aslr.c @@ -304,17 +304,10 @@ unsigned char *choose_kernel_location(struct boot_params *boot_params, unsigned long choice = (unsigned long)output; unsigned long random; -#ifdef CONFIG_HIBERNATION - if (!cmdline_find_option_bool("kaslr")) { - debug_putstr("KASLR disabled by default...\n"); - goto out; - } -#else if (cmdline_find_option_bool("nokaslr")) { debug_putstr("KASLR disabled by cmdline...\n"); goto out; } -#endif boot_params->hdr.loadflags |= KASLR_FLAG; diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index fca9254280ee..be5041354b1e 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -35,8 +35,13 @@ static int nocompress; +#ifdef CONFIG_RANDOMIZE_BASE +static int noresume = 1; +static int nohibernate = 1; +#else static int noresume; static int nohibernate; +#endif static int resume_wait; static unsigned int resume_delay; static char resume_file[256] = CONFIG_PM_STD_PARTITION; @@ -1159,6 +1164,13 @@ static int __init kaslr_nohibernate_setup(char *str) return nohibernate_setup(str); } +static int __init nokaslr_hibernate_setup(char *str) +{ + noresume = 0; + nohibernate = 0; + return 1; +} + static int __init page_poison_nohibernate_setup(char *str) { #ifdef CONFIG_PAGE_POISONING_ZERO @@ -1183,4 +1195,5 @@ __setup("resumewait", resumewait_setup); __setup("resumedelay=", resumedelay_setup); __setup("nohibernate", nohibernate_setup); __setup("kaslr", kaslr_nohibernate_setup); +__setup("nokaslr", nokaslr_hibernate_setup); __setup("page_poison=", page_poison_nohibernate_setup);