-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plat/kvm_x86: ASLR for Unikraft #1317
Open
SerbanSo
wants to merge
5
commits into
unikraft:staging
Choose a base branch
from
SerbanSo:staging
base: staging
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
'uk_early_initcall()' gets called too late to be used for the stach and heap randomization. 'ASLR_early_uk_random_init()' is created, which is explicitly called before the stack initialization (only when run-time ASLR is enabled) Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
Introduced 'stackmemory_aslr_palloc' function which loops through all available memory regions and randomly selectes where the stack is put. Usually, the stack will be placed in the middle of a free regions. The spaces before and after the stack will be readded in the free memory pool. Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
When LIBUKBOOT_HEAP_BASE and RUNTIME_ASLR are set, a random virtual address for the heap is created, which overrides the value from LIBUKBOOT_HEAPBASE. The addrerss is generated between the last virtual base from the last memory region and 2 ** 46. The upper limit is set to 2 ** 46 due to the canonical addresses used in x86-64 architecture. When LIBUKBOOT_HEAP_BASE is disabled, the logic is similar with the stack randomization. A random base address is generated inside any of the remaining memory regions. The rest of them are added to the allocator. Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
We have three new scripts used for the compile-time randomization. 'base_address.py' is used to randomize the base address of the '.text' section. 'Analyzer.py' is used to parse the linker file 'link64.lds' and extract the sections which will be randomized 'ASLR.py' is used to randomize the sections extracted by 'Analyzer.py', randomize the order of PHDRS, randomize the order of libraries, and add padding between any two adjacent libs and write the new 'link64_ASLR.lds' file. Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
Added the "Memory security" menu for plat/kvm, which has two options: "LINK_ASLR" for compile-time ASLR, and "RUNTIME_ASLR" for run-time ASLR Added the "RANDOMIZE_BASE_ADDRESS" flag. The generated address is exported in the env variable "BASE_ADDRESS" and can be used later in the build process Changed the Linker from plat/kvm in order to accomodate the use of the new 'link64_ASLR.lds' file Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/arch
Unikraft Architecture
area/docs
Documentation
area/include
Part of include/uk
area/kconfig
Part of the Unikraft KConfig option system
area/lib
Internal Unikraft Microlibrary
area/makefile
Part of the Unikraft Makefile build system
area/plat
Unikraft Patform
area/support
Support scripts, tools, services.
lang/c
Issues or PRs to do with C/C++
lang/python
Issues or PRs to do with Python
lib/ukboot
lib/ukrandom
plat/common
Common to all platforms
plat/kvm
Unikraft for KVM
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prerequisite checklist
checkpatch.uk
on your commit series before opening this PR;Base target
Additional configuration
(the last requires CONFIG_LIBUKSWRAND)
Description of changes
Add python scripts for library randomization at build-time
Add randomized base address placement for stack and heap
Continued the work from this PR: #492
The ASLR.py and Analyzer.py scripts are used for the build-time randomization.
Analyzer.py parses the 'link64.lds' file to make a symbol table that is then randomized in ASLR.py, resulting in the 'link64_ASLR.lds' used in the linking process.
The build-time ASLR includes:
- PHDRS order randomization
- .text library randomization and padding between each adjacent libraries
- .text base address randomization
- segment order randomization
- section inside segments order randomization (except ”bss”, ”uk inittab”, ”uk ctortab”, and ”intrstack”)
stackmemory_aslr_palloc
function is used to loop through the free memory regions and select at random a region where the stack will be put. Usually, the stack will be placed somewhere inside the region, resulting in unused space before and after the stack. This spaces will create two new memory regions that will be readded in the memory pool.The heap is allocated later in the
heap_init
function. There are separate cases depending on theCONFIG_LIBUKBOOT_HEAP_BASE
flag. If the flag is enabled, the heap address is generated between the last virtual address used and 2 ** 46. If the flag is disabled, the heap address is generated somewhere inside the free memory regions, similar to how the stack base address is generated.