projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: eeff7d6) | patch
ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Tue, 4 Apr 2017 16:09:10 +0000 (17:09 +0100)
committerIngo Molnar <mingo@kernel.org>
Wed, 5 Apr 2017 10:27:29 +0000 (12:27 +0200)
commite69176d68d26d63d9214797c191ce65358ea1ecf
tree9783c68238dc65825137d1f736d59fc9fa642cb5tree | snapshot (tar.gz zip)
parenteeff7d634f4750306785be709ca444140c29b043commit | diff
ef/libstub/arm/arm64: Randomize the base of the UEFI rt services region

Update the allocation logic for the virtual mapping of the UEFI runtime
services to start from a randomized base address if KASLR is in effect,
and if the UEFI firmware exposes an implementation of EFI_RNG_PROTOCOL.

This makes it more difficult to predict the location of exploitable
data structures in the runtime UEFI firmware, which increases robustness
against attacks. Note that these regions are only mapped during the
time a runtime service call is in progress, and only on a single CPU
at a time, bit given the lack of a downside, let's enable it nonetheless.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bhe@redhat.com
Cc: bhsharma@redhat.com
Cc: eugene@hp.com
Cc: evgeny.kalugin@intel.com
Cc: jhugo@codeaurora.org
Cc: leif.lindholm@linaro.org
Cc: linux-efi@vger.kernel.org
Cc: mark.rutland@arm.com
Cc: roy.franz@cavium.com
Cc: rruigrok@codeaurora.org
Link: http://lkml.kernel.org/r/20170404160910.28115-3-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
drivers/firmware/efi/libstub/arm-stub.c diff | blob | blame | history
Motorola kernel-slsi