plat/kvm_x86: ASLR for Unikraft #1317
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
area/include
4 tasks
github-actions
bot
added
area/kconfig
github-actions
bot
added
arch/arm
arch/arm64
area/arch
'uk_early_initcall()' gets called too late to be used for the stach and heap randomization. 'ASLR_early_uk_random_init()' is created, which is explicitly called before the stack initialization (only when run-time ASLR is enabled) Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
Introduced 'stackmemory_aslr_palloc' function which loops through all available memory regions and randomly selectes where the stack is put. Usually, the stack will be placed in the middle of a free regions. The spaces before and after the stack will be readded in the free memory pool. Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
When LIBUKBOOT_HEAP_BASE and RUNTIME_ASLR are set, a random virtual address for the heap is created, which overrides the value from LIBUKBOOT_HEAPBASE. The addrerss is generated between the last virtual base from the last memory region and 2 ** 46. The upper limit is set to 2 ** 46 due to the canonical addresses used in x86-64 architecture. When LIBUKBOOT_HEAP_BASE is disabled, the logic is similar with the stack randomization. A random base address is generated inside any of the remaining memory regions. The rest of them are added to the allocator. Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
We have three new scripts used for the compile-time randomization. 'base_address.py' is used to randomize the base address of the '.text' section. 'Analyzer.py' is used to parse the linker file 'link64.lds' and extract the sections which will be randomized 'ASLR.py' is used to randomize the sections extracted by 'Analyzer.py', randomize the order of PHDRS, randomize the order of libraries, and add padding between any two adjacent libs and write the new 'link64_ASLR.lds' file. Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
SerbanSo
changed the title
SerbanSo
removed
area/lib
Added the "Memory security" menu for plat/kvm, which has two options: "LINK_ASLR" for compile-time ASLR, and "RUNTIME_ASLR" for run-time ASLR Added the "RANDOMIZE_BASE_ADDRESS" flag. The generated address is exported in the env variable "BASE_ADDRESS" and can be used later in the build process Changed the Linker from plat/kvm in order to accomodate the use of the new 'link64_ASLR.lds' file Signed-off-by: Serban Sorohan <serban.sorohan@gmail.com>
github-actions
bot
added
area/kconfig
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prerequisite checklist
checkpatch.ukon your commit series before opening this PR;Base target
Additional configuration
(the last requires CONFIG_LIBUKSWRAND)
Description of changes
Add python scripts for library randomization at build-time
Add randomized base address placement for stack and heap
Continued the work from this PR: #492
The ASLR.py and Analyzer.py scripts are used for the build-time randomization.
Analyzer.py parses the 'link64.lds' file to make a symbol table that is then randomized in ASLR.py, resulting in the 'link64_ASLR.lds' used in the linking process.
The build-time ASLR includes:
- PHDRS order randomization
- .text library randomization and padding between each adjacent libraries
- .text base address randomization
- segment order randomization
- section inside segments order randomization (except ”bss”, ”uk inittab”, ”uk ctortab”, and ”intrstack”)
stackmemory_aslr_pallocfunction is used to loop through the free memory regions and select at random a region where the stack will be put. Usually, the stack will be placed somewhere inside the region, resulting in unused space before and after the stack. This spaces will create two new memory regions that will be readded in the memory pool.The heap is allocated later in the
heap_initfunction. There are separate cases depending on theCONFIG_LIBUKBOOT_HEAP_BASEflag. If the flag is enabled, the heap address is generated between the last virtual address used and 2 ** 46. If the flag is disabled, the heap address is generated somewhere inside the free memory regions, similar to how the stack base address is generated.