From owner-freebsd-stable@FreeBSD.ORG  Mon Apr  2 19:37:40 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 65E7A1065672
	for <freebsd-stable@freebsd.org>; Mon,  2 Apr 2012 19:37:40 +0000 (UTC)
	(envelope-from peter@wemm.org)
Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com
	[209.85.160.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C6EF8FC12
	for <freebsd-stable@freebsd.org>; Mon,  2 Apr 2012 19:37:39 +0000 (UTC)
Received: by ghrr20 with SMTP id r20so1677283ghr.13
	for <freebsd-stable@freebsd.org>; Mon, 02 Apr 2012 12:37:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=google;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=Pbxew3SWIwipZ7vY3s1KPjLKlPnOeGFk2r1ExUeklEk=;
	b=SWkVtu0n9zoL+jPJpKbuHHbRZV9eMRT4vBkn+zRkuUAYEGPyO3kee2WuvcKnEEnCna
	pT6HCCc7joWxszSm6ZYRnZGPvLuPd3zWBS7lu4zRXm3cSAPA9sP+LntqYRy/33LyK9R5
	LZWTIGB4TRJddRqrwb54fam+BvHbmgGx7XSb4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding:x-gm-message-state;
	bh=Pbxew3SWIwipZ7vY3s1KPjLKlPnOeGFk2r1ExUeklEk=;
	b=aNbzWFTIazOkhVSe5EEtB3qvD/sWssHJsej+kKzOYafFrU6zAVY+D+eXcZq1BGCf3/
	b37f0CinnWxNuspVLW88mK6vFdkyoXjnloLl7TJNRXHxObtDIgjQWY8HiUJV7gLI8JDN
	NDI8m+SA2pNCURzbIiUg5fcLcViHcZH4H5y2TRuB476DdEiWYps9g6nENGxrxd0V7f03
	IsvnjuzM2OLjO47VerJlAO2eB5e6Bp0Xsrg46XJoxLLoplwdCHBFL5kyHPJpHbzZ2SOu
	bZhFFFDjI23xs51NRLIivnoVQf+8PdEY8FabM+Oy5ja7lm04dcqxEO67cMCTP7AjDFzG
	As8w==
MIME-Version: 1.0
Received: by 10.50.216.132 with SMTP id oq4mr7915941igc.6.1333395459081; Mon,
	02 Apr 2012 12:37:39 -0700 (PDT)
Received: by 10.231.172.138 with HTTP; Mon, 2 Apr 2012 12:37:38 -0700 (PDT)
In-Reply-To: <4F79FCB8.1090003@cs.stonybrook.edu>
References: <4F75E404.8000104@cs.stonybrook.edu>
	<4F75EF86.6090909@cs.stonybrook.edu>
	<20120330190713.GG2358@deviant.kiev.zoral.com.ua>
	<4F760C9E.6060405@cs.stonybrook.edu>
	<20120330194649.GH2358@deviant.kiev.zoral.com.ua>
	<4F761371.7020606@cs.stonybrook.edu>
	<20120330203605.GI2358@deviant.kiev.zoral.com.ua>
	<4F76350F.8000708@cs.stonybrook.edu>
	<20120330224631.GJ2358@deviant.kiev.zoral.com.ua>
	<4F7637F3.2060502@cs.stonybrook.edu>
	<CAGE5yCpuvsVrc-+DTVas-W4fjuP2s+6PQONMOTyEbGnj2CY3ig@mail.gmail.com>
	<4F766F29.2030803@cs.stonybrook.edu>
	<CAFHbX1KiZx68MP4bCAvPc0Zui3fA4O35_z3kP781zoJqLYp7Bw@mail.gmail.com>
	<4F79D88B.3040102@cs.stonybrook.edu>
	<CAFHbX1KE15G9gx7Duw2R8zC5jL1jiEir0yMB0-s5+4xx517WtQ@mail.gmail.com>
	<4F79E27E.3000509@cs.stonybrook.edu>
	<CAGE5yCrwLosuTT2yq0DEx+z8ztKpkrB=tORmURcuh_SCz=L7qg@mail.gmail.com>
	<4F79FCB8.1090003@cs.stonybrook.edu>
Date: Mon, 2 Apr 2012 12:37:38 -0700
Message-ID: <CAGE5yCrz45AWeJGv=2UWRq7xpXZVtvsx+5O6cvaE6ZzoFrz5mA@mail.gmail.com>
From: Peter Wemm <peter@wemm.org>
To: Richard Yao <ryao@cs.stonybrook.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQmGlbonorq3Nz2dSW5BAAS9kz/BbLi23BE3eSKGezvzYeaEVO4CUeOauhzBx/7Txt9UPrSi
Cc: freebsd-stable@freebsd.org
Subject: Re: Text relocations in kernel modules
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2012 19:37:40 -0000

On Mon, Apr 2, 2012 at 12:23 PM, Richard Yao <ryao@cs.stonybrook.edu> wrote=
:
> On 04/02/12 14:46, Peter Wemm wrote:
>> Remember.. ASLR is a userland thing. =A0.ko files, which is what this
>> thread is about, already use random address layout. =A0When you do a
>> "kldload virtio.ko", you have no way to predict what address it will
>> be loaded at. =A0And you don't even have access to the addresses.
>>
>> Of course if you want to talk about ASLR and userland .so files then
>> that's an entirely different thing. =A0But this thread is about your
>> tools finding DT_TEXTREL in a .ko kernel file, not userland .so files.
>>
>
> The PaX project's patches to the Linux kernel include kernel stack
> randomization. The Gentoo Hardened project makes use of this in their
> fork of the Linux kernel.
>

I looked at their code, and their description here:
http://pax.grsecurity.net/docs/randkstack.txt

Of note:
"pax_randomize_kstack() gathers entropy from the rdtsc instruction
(read time stamp counter) and applies it to bits 2-6 of the kernel
stack pointer. This means that 5 bits are randomized providing a
maximum shift of 128 bytes - this was deemed safe enough to not cause
kernel stack overflows  yet give enough randomness to deter
guessing/brute forcing attempts."

This has nothing to do with the DT_TEXTREL in .ko that this thread is
about and has no bearing on ASLR in any way.
--=20
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell