diff options
Diffstat (limited to 'target/linux/brcm2708/patches-4.9/950-0122-ARM64-Enable-Kernel-Address-Space-Randomization-1792.patch')
-rw-r--r-- | target/linux/brcm2708/patches-4.9/950-0122-ARM64-Enable-Kernel-Address-Space-Randomization-1792.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/target/linux/brcm2708/patches-4.9/950-0122-ARM64-Enable-Kernel-Address-Space-Randomization-1792.patch b/target/linux/brcm2708/patches-4.9/950-0122-ARM64-Enable-Kernel-Address-Space-Randomization-1792.patch new file mode 100644 index 0000000..423db95 --- /dev/null +++ b/target/linux/brcm2708/patches-4.9/950-0122-ARM64-Enable-Kernel-Address-Space-Randomization-1792.patch @@ -0,0 +1,31 @@ +From 6dfa60daaa0966a8e414ab0a7fd002a99001920a Mon Sep 17 00:00:00 2001 +From: Electron752 <mzoran@crowfest.net> +Date: Sat, 14 Jan 2017 02:54:26 -0800 +Subject: [PATCH] ARM64: Enable Kernel Address Space Randomization (#1792) + +Randomization allows the mapping between virtual addresses and physical +address to be different on each boot. This makes it more difficult +to exploit security vulnerabilities that require knowledge of fixed +hardware addresses. + +The firmware generates a 8 byte random number during bootup and stores +it in the device tree under chosen/kaslr-seed. This number is used +to randomize the address mapping. + +This change enables this feature in the build configuration for ARM64. + +Signed-off-by: Michael Zoran <mzoran@crowfest.net> +--- + arch/arm64/configs/bcmrpi3_defconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/configs/bcmrpi3_defconfig ++++ b/arch/arm64/configs/bcmrpi3_defconfig +@@ -53,6 +53,7 @@ CONFIG_ARMV8_DEPRECATED=y + CONFIG_SWP_EMULATION=y + CONFIG_CP15_BARRIER_EMULATION=y + CONFIG_SETEND_EMULATION=y ++CONFIG_RANDOMIZE_BASE=y + CONFIG_CMDLINE="console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 root=/dev/mmcblk0p2 rootfstype=ext4 rootwait" + CONFIG_BINFMT_MISC=y + CONFIG_COMPAT=y |