summaryrefslogtreecommitdiff
path: root/arch/x86/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'arch/x86/Kconfig')
-rw-r--r--arch/x86/Kconfig14
1 files changed, 9 insertions, 5 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 51f439953d23..596cd9edeb9c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1735,13 +1735,17 @@ config RANDOMIZE_BASE
deters exploit attempts relying on knowledge of the location
of kernel internals.
- Entropy is generated using the RDRAND instruction if it
- is supported. If not, then RDTSC is used, if supported. If
- neither RDRAND nor RDTSC are supported, then no randomness
- is introduced.
+ Entropy is generated using the RDRAND instruction if it is
+ supported. If RDTSC is supported, it is used as well. If
+ neither RDRAND nor RDTSC are supported, then randomness is
+ read from the i8254 timer.
The kernel will be offset by up to RANDOMIZE_BASE_MAX_OFFSET,
- and aligned according to PHYSICAL_ALIGN.
+ and aligned according to PHYSICAL_ALIGN. Since the kernel is
+ built using 2GiB addressing, and PHYSICAL_ALGIN must be at a
+ minimum of 2MiB, only 10 bits of entropy is theoretically
+ possible. At best, due to page table layouts, 64-bit can use
+ 9 bits of entropy and 32-bit uses 8 bits.
config RANDOMIZE_BASE_MAX_OFFSET
hex "Maximum ASLR offset allowed"
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-03 21:02:52 +0000