s390/kernel: add support for kernel address space layout randomization (KASLR)

This patch adds support for relocating the kernel to a random address. The random kernel offset is obtained from cpacf, using either TRNG, PRNO, or KMC_PRNG, depending on supported MSA level. KERNELOFFSET is added to vmcoreinfo, for crash --kaslr support. Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Reviewed-by: Philipp Rudo <prudo@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
author: Gerald Schaefer <gerald.schaefer@de.ibm.com> 2019-02-03 23:37:20 +0300
committer: Martin Schwidefsky <schwidefsky@de.ibm.com> 2019-04-29 11:47:10 +0300
commit: b2d24b97b2a9691351920e700bfda4368c177232 (patch)
tree: afc715c3029b79cf1430781ffcbe39ff0656cadb /arch/s390/Kconfig
parent: a80313ff91abda67641dc33bed97f6bcc5e9f6a4 (diff)
download: linux-b2d24b97b2a9691351920e700bfda4368c177232.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 4c99e4f5f366..8c15392ee985 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -637,6 +637,16 @@ config RELOCATABLE
 	  The relocations make the kernel image about 15% larger (compressed
 	  10%), but are discarded at runtime.
 
+config RANDOMIZE_BASE
+	bool "Randomize the address of the kernel image (KASLR)"
+	depends on RELOCATABLE
+	default y
+	help
+	  In support of Kernel Address Space Layout Randomization (KASLR),
+	  this randomizes the address at which the kernel image is loaded,
+	  as a security feature that deters exploit attempts relying on
+	  knowledge of the location of kernel internals.
+
 endmenu
 
 menu "Memory setup"
author	Gerald Schaefer <gerald.schaefer@de.ibm.com>	2019-02-03 23:37:20 +0300
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>	2019-04-29 11:47:10 +0300
commit	b2d24b97b2a9691351920e700bfda4368c177232 (patch)
tree	afc715c3029b79cf1430781ffcbe39ff0656cadb /arch/s390/Kconfig
parent	a80313ff91abda67641dc33bed97f6bcc5e9f6a4 (diff)
download	linux-b2d24b97b2a9691351920e700bfda4368c177232.tar.xz