| History log of /src/sys/arch/amd64/stand/prekern/prekern.c |
| Revision | | Date | Author | Comments |
| 1.14 |
| 04-May-2021 |
khorben | prekern: add support for warning messages
As submitted on port-amd64@ (part 1/3)
Tested on NetBSD/amd64.
|
| 1.13 |
| 23-May-2020 |
maxv | branches: 1.13.6;
Bump copyrights.
|
| 1.12 |
| 23-May-2020 |
maxv | Hum, forgot to include this file in my "Clarify." commit on mm.c:rev1.27
and elf.c:rev1.21.
|
| 1.11 |
| 19-Mar-2019 |
maxv | Fix/remove some half-baked stuff I left in the prekern:
- Page-align the idt store, to be extra sure.
- Remove unneeded prototypes.
- Drop the TSS, we don't care and aren't even using it.
- Initialize %ss with a default value.
- Fix three exception handlers, no need to push an error code.
No actual impact, because these things are used only when returning from
exceptions received in the prekern; these exceptions are not supposed to
be ever received, never are, and if they were we wouldn't return anyway.
|
| 1.10 |
| 12-Aug-2018 |
maxv | Move the PTE area from slot 255 to slot 509. I've never understood why we
put it on 255; the "kernel" half of the VM space begins on slot 256, so
if anything, the PTE area should have been above it, not below.
Virtually extend the user slots in slotspace, because we don't want
(randomized) kernel mappings to land on slot 255.
The prekern is updated accordingly.
Tested on GENERIC, GENERIC_KASLR and XEN3_DOM0.
|
| 1.9 |
| 02-Aug-2018 |
maxv | Add a "version" field in the prekern_args structure. The kernel checks it,
and if it's not happy it returns back to the prekern.
|
| 1.8 |
| 25-May-2018 |
maxv | branches: 1.8.2;
Rename the entry points of the prekern, rename the array and move it into
.rodata.
|
| 1.7 |
| 26-Nov-2017 |
maxv | branches: 1.7.2; 1.7.4;
Add a PRNG for the prekern, based on SHA512. The formula is basically:
Y0 = SHA512(entropy-file, 256bit rdseed, 64bit rdtsc)
Yn+1 = SHA512(256bit lowerhalf(Yn), 256bit rdseed, 64bit rdtsc)
On each round, random values are taken from the higher half of Yn. If
rdseed is not available, rdrand is used.
The SHA1 checksum of entropy-file is verified. However, the rndsave_t::data
field is not updated by the prekern, because the area is accessed via the
read-only view we created in locore. I like this design, so it will have
to be updated differently.
|
| 1.6 |
| 17-Nov-2017 |
maxv | style
|
| 1.5 |
| 14-Nov-2017 |
maxv | Add -Wstrict-prototypes, and fix each warning.
|
| 1.4 |
| 05-Nov-2017 |
maxv | Mprotect the segments in mm.c using bootspace, and remove the now unused
fields of elfinfo.
|
| 1.3 |
| 29-Oct-2017 |
maxv | Randomize the kernel segments independently. That is to say, put text,
rodata and data at different addresses (and in a random order).
To achieve that, the mapping order in the prekern is changed. Until now,
we were creating the kernel map the following way:
-> choose a random VA
-> map [kernpa_start; kernpa_end[ at this VA
-> parse the ELF structures from there
-> determine where exactly the kernel segments are located
-> relocate etc
Now, we are doing:
-> create a read-only view of [kernpa_start; kernpa_end[
-> from this view, compute the size of the "head" region
-> choose a random VA in the HEAD window, and map the head there
-> for each region in (text, rodata, data, boot)
-> compute the size of the region from the RO view
-> choose a random VA in the KASLR window
-> map the region there
-> relocate etc
Each time we map a region, we initialize its bootspace fields right away.
The "head" region must be put before the other regions in memory, because
the kernel uses (headva + sh_offset) to get the addresses of the symbols,
and the offset is unsigned.
Given that the head does not have an mcmodel constraint, its location is
randomized in a window located below the KASLR window.
The rest of the regions being in the same window, we need to detect
collisions.
Note that the module map is embedded in the "boot" region, and that
therefore its location is randomized too.
|
| 1.2 |
| 29-Oct-2017 |
maxv | Add a fifth region, called "head". On kaslr kernels it contains the ELF
Header and the ELF Section Headers. On normal kernels it is empty (the
headers are in the "boot" region).
Note: if you're using GENERIC_KASLR, you also need to rebuild the prekern.
|
| 1.1 |
| 10-Oct-2017 |
maxv | Add the amd64 prekern. It is a kernel relocator used for Kernel ASLR (see
tech-kern@). It works, but is not yet linked to the build system, because
I can't build a distribution right now.
|
| 1.7.4.2 |
| 06-Sep-2018 |
pgoyette | Sync with HEAD
Resolve a couple of conflicts (result of the uimin/uimax changes)
|
| 1.7.4.1 |
| 25-Jun-2018 |
pgoyette | Sync with HEAD
|
| 1.7.2.2 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.7.2.1 |
| 26-Nov-2017 |
jdolecek | file prekern.c was added on branch tls-maxphys on 2017-12-03 11:35:48 +0000
|
| 1.8.2.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.13.6.1 |
| 13-May-2021 |
thorpej | Sync with HEAD.
|
