On Fri, Jun 17, 2016 at 3:26 AM, Ingo Molnar wrote:
>
> * Kees Cook wrote:
>
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1993,6 +1993,23 @@ config PHYSICAL_ALIGN
>>
>> Don't change this unless you know what you are doing.
>>
>>
On Fri, Jun 17, 2016 at 3:26 AM, Ingo Molnar wrote:
>
> * Kees Cook wrote:
>
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1993,6 +1993,23 @@ config PHYSICAL_ALIGN
>>
>> Don't change this unless you know what you are doing.
>>
>> +config RANDOMIZE_MEMORY
>> + bool
Thanks for the review! I'll let Thomas address the feedback, though
I've got some thoughts below on naming.
On Fri, Jun 17, 2016 at 3:26 AM, Ingo Molnar wrote:
>
> * Kees Cook wrote:
>
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1993,6
Thanks for the review! I'll let Thomas address the feedback, though
I've got some thoughts below on naming.
On Fri, Jun 17, 2016 at 3:26 AM, Ingo Molnar wrote:
>
> * Kees Cook wrote:
>
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1993,6 +1993,23 @@ config PHYSICAL_ALIGN
>>
>>
* Kees Cook wrote:
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1993,6 +1993,23 @@ config PHYSICAL_ALIGN
>
> Don't change this unless you know what you are doing.
>
> +config RANDOMIZE_MEMORY
> + bool "Randomize the kernel memory sections"
> +
* Kees Cook wrote:
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1993,6 +1993,23 @@ config PHYSICAL_ALIGN
>
> Don't change this unless you know what you are doing.
>
> +config RANDOMIZE_MEMORY
> + bool "Randomize the kernel memory sections"
> + depends on X86_64
>
From: Thomas Garnier
Randomizes the virtual address space of kernel memory sections (physical
memory mapping, vmalloc & vmemmap) for x86_64. This security feature
mitigates exploits relying on predictable kernel addresses. These
addresses can be used to disclose the kernel
From: Thomas Garnier
Randomizes the virtual address space of kernel memory sections (physical
memory mapping, vmalloc & vmemmap) for x86_64. This security feature
mitigates exploits relying on predictable kernel addresses. These
addresses can be used to disclose the kernel modules base addresses
8 matches
Mail list logo