summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2014-06-13 22:30:36 +0200
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>2014-06-16 23:30:44 +0200
commit24f2e0273f80ec262a772059e140a0adef35296d (patch)
treeabc4fadb0de6845ed9c4b88918f14b54e5d213c5 /arch
parentPM / hibernate: introduce "nohibernate" boot parameter (diff)
downloadlinux-24f2e0273f80ec262a772059e140a0adef35296d.tar.xz
linux-24f2e0273f80ec262a772059e140a0adef35296d.zip
x86, kaslr: boot-time selectable with hibernation
Changes kASLR from being compile-time selectable (blocked by CONFIG_HIBERNATION), to being boot-time selectable (with hibernation available by default) via the "kaslr" kernel command line. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Diffstat (limited to 'arch')
-rw-r--r--arch/x86/Kconfig1
-rw-r--r--arch/x86/boot/compressed/aslr.c9
2 files changed, 8 insertions, 2 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index fcefdda5136d..a8f749ef0fdc 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1672,7 +1672,6 @@ config RELOCATABLE
config RANDOMIZE_BASE
bool "Randomize the address of the kernel image"
depends on RELOCATABLE
- depends on !HIBERNATION
default n
---help---
Randomizes the physical and virtual address at which the
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index 4dbf967da50d..fc6091abedb7 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -289,10 +289,17 @@ unsigned char *choose_kernel_location(unsigned char *input,
unsigned long choice = (unsigned long)output;
unsigned long random;
+#ifdef CONFIG_HIBERNATION
+ if (!cmdline_find_option_bool("kaslr")) {
+ debug_putstr("KASLR disabled by default...\n");
+ goto out;
+ }
+#else
if (cmdline_find_option_bool("nokaslr")) {
- debug_putstr("KASLR disabled...\n");
+ debug_putstr("KASLR disabled by cmdline...\n");
goto out;
}
+#endif
/* Record the various known unsafe memory ranges. */
mem_avoid_init((unsigned long)input, input_size,