ARM64: Enable Kernel Address Space Randomization (#1792)

Randomization allows the mapping between virtual addresses and physical
address to be different on each boot.  This makes it more difficult
to exploit security vulnerabilities that require knowledge of fixed
hardware addresses.

The firmware generates a 8 byte random number during bootup and stores
it in the device tree under chosen/kaslr-seed. This number is used
to randomize the address mapping.

This change enables this feature in the build configuration for ARM64.

Signed-off-by: Michael Zoran <mzoran@crowfest.net>

diff --git a/arch/arm64/configs/bcmrpi3_defconfig b/arch/arm64/configs/bcmrpi3_defconfig
index dac962ca1634662ce7d966f1ffb53b5bfa27c506..aae33b4b3c3e736ea7cd3ca242158ad6ba558aff 100644 (file)
--- a/arch/arm64/configs/bcmrpi3_defconfig
+++ b/arch/arm64/configs/bcmrpi3_defconfig
@@ -53,6 +53,7 @@ CONFIG_ARMV8_DEPRECATED=y
 CONFIG_SWP_EMULATION=y
 CONFIG_CP15_BARRIER_EMULATION=y
 CONFIG_SETEND_EMULATION=y
+CONFIG_RANDOMIZE_BASE=y
 CONFIG_CMDLINE="console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 root=/dev/mmcblk0p2 rootfstype=ext4 rootwait"
 CONFIG_BINFMT_MISC=y
 CONFIG_COMPAT=y