From: Electron752 <mzoran@crowfest.net>
Date: Sat, 14 Jan 2017 10:54:26 +0000 (-0800)
Subject: ARM64: Enable Kernel Address Space Randomization (#1792)
X-Git-Tag: archive/raspbian/4.9.82-1+deb9u3+rpi1_jessie~5^2~366
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0910298e3b667b4707818f20a7a466adeb8e99ad;p=linux-4.9.git

ARM64: Enable Kernel Address Space Randomization (#1792)

Randomization allows the mapping between virtual addresses and physical
address to be different on each boot.  This makes it more difficult
to exploit security vulnerabilities that require knowledge of fixed
hardware addresses.

The firmware generates a 8 byte random number during bootup and stores
it in the device tree under chosen/kaslr-seed. This number is used
to randomize the address mapping.

This change enables this feature in the build configuration for ARM64.

Signed-off-by: Michael Zoran <mzoran@crowfest.net>
---

diff --git a/arch/arm64/configs/bcmrpi3_defconfig b/arch/arm64/configs/bcmrpi3_defconfig
index c7e891d72969..974d8889c0cf 100644
--- a/arch/arm64/configs/bcmrpi3_defconfig
+++ b/arch/arm64/configs/bcmrpi3_defconfig
@@ -53,6 +53,7 @@ CONFIG_ARMV8_DEPRECATED=y
 CONFIG_SWP_EMULATION=y
 CONFIG_CP15_BARRIER_EMULATION=y
 CONFIG_SETEND_EMULATION=y
+CONFIG_RANDOMIZE_BASE=y
 CONFIG_CMDLINE="console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 root=/dev/mmcblk0p2 rootfstype=ext4 rootwait"
 CONFIG_BINFMT_MISC=y
 CONFIG_COMPAT=y