lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <tip-a95ae27c2ee1cba5f4f6b9dea43ffe88252e79b1@git.kernel.org>
Date:	Fri, 8 Jul 2016 13:36:16 -0700
From:	tip-bot for Thomas Garnier <tipbot@...or.com>
To:	linux-tip-commits@...r.kernel.org
Cc:	lv.zheng@...el.com, dvlasenk@...hat.com, kuleshovmail@...il.com,
	aneesh.kumar@...ux.vnet.ibm.com, sds@...ho.nsa.gov,
	toshi.kani@....com, jgross@...e.com, dyoung@...hat.com,
	schwidefsky@...ibm.com, hpa@...or.com, alpopov@...ecurity.com,
	yinghai@...nel.org, jroedel@...e.de, dan.j.williams@...el.com,
	dvyukov@...gle.com, boris.ostrovsky@...cle.com,
	kirill.shutemov@...ux.intel.com, guangrong.xiao@...ux.intel.com,
	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
	dave.hansen@...ux.intel.com, matt@...eblueprint.co.uk,
	tglx@...utronix.de, brgerst@...il.com, msalter@...hat.com,
	jpoimboe@...hat.com, keescook@...omium.org, JBeulich@...e.com,
	corbet@....net, bp@...en8.de, borntraeger@...ibm.com,
	peterz@...radead.org, luto@...nel.org, bp@...e.de,
	mingo@...nel.org, bhe@...hat.com, thgarnie@...gle.com,
	akpm@...ux-foundation.org
Subject: [tip:x86/boot] x86/mm: Enable KASLR for vmalloc memory regions

Commit-ID:  a95ae27c2ee1cba5f4f6b9dea43ffe88252e79b1
Gitweb:     http://git.kernel.org/tip/a95ae27c2ee1cba5f4f6b9dea43ffe88252e79b1
Author:     Thomas Garnier <thgarnie@...gle.com>
AuthorDate: Tue, 21 Jun 2016 17:47:04 -0700
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Fri, 8 Jul 2016 17:35:21 +0200

x86/mm: Enable KASLR for vmalloc memory regions

Add vmalloc to the list of randomized memory regions.

The vmalloc memory region contains the allocation made through the vmalloc()
API. The allocations are done sequentially to prevent fragmentation and
each allocation address can easily be deduced especially from boot.

Signed-off-by: Thomas Garnier <thgarnie@...gle.com>
Signed-off-by: Kees Cook <keescook@...omium.org>
Cc: Alexander Kuleshov <kuleshovmail@...il.com>
Cc: Alexander Popov <alpopov@...ecurity.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@...ux.vnet.ibm.com>
Cc: Baoquan He <bhe@...hat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Borislav Petkov <bp@...e.de>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Christian Borntraeger <borntraeger@...ibm.com>
Cc: Dan Williams <dan.j.williams@...el.com>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Dave Young <dyoung@...hat.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Jan Beulich <JBeulich@...e.com>
Cc: Joerg Roedel <jroedel@...e.de>
Cc: Jonathan Corbet <corbet@....net>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Juergen Gross <jgross@...e.com>
Cc: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Lv Zheng <lv.zheng@...el.com>
Cc: Mark Salter <msalter@...hat.com>
Cc: Martin Schwidefsky <schwidefsky@...ibm.com>
Cc: Matt Fleming <matt@...eblueprint.co.uk>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Stephen Smalley <sds@...ho.nsa.gov>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Toshi Kani <toshi.kani@....com>
Cc: Xiao Guangrong <guangrong.xiao@...ux.intel.com>
Cc: Yinghai Lu <yinghai@...nel.org>
Cc: kernel-hardening@...ts.openwall.com
Cc: linux-doc@...r.kernel.org
Link: http://lkml.kernel.org/r/1466556426-32664-8-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 arch/x86/include/asm/kaslr.h            |  1 +
 arch/x86/include/asm/pgtable_64_types.h | 15 +++++++++++----
 arch/x86/mm/kaslr.c                     |  5 ++++-
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/kaslr.h b/arch/x86/include/asm/kaslr.h
index 62b1b81..2674ee3 100644
--- a/arch/x86/include/asm/kaslr.h
+++ b/arch/x86/include/asm/kaslr.h
@@ -5,6 +5,7 @@ unsigned long kaslr_get_random_long(const char *purpose);
 
 #ifdef CONFIG_RANDOMIZE_MEMORY
 extern unsigned long page_offset_base;
+extern unsigned long vmalloc_base;
 
 void kernel_randomize_memory(void);
 #else
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
index e6844df..6fdef9e 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
@@ -5,6 +5,7 @@
 
 #ifndef __ASSEMBLY__
 #include <linux/types.h>
+#include <asm/kaslr.h>
 
 /*
  * These are used to make use of C type-checking..
@@ -53,10 +54,16 @@ typedef struct { pteval_t pte; } pte_t;
 #define PGDIR_MASK	(~(PGDIR_SIZE - 1))
 
 /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */
-#define MAXMEM		 _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL)
-#define VMALLOC_START    _AC(0xffffc90000000000, UL)
-#define VMALLOC_END      _AC(0xffffe8ffffffffff, UL)
-#define VMEMMAP_START	 _AC(0xffffea0000000000, UL)
+#define MAXMEM		_AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL)
+#define VMALLOC_SIZE_TB	_AC(32, UL)
+#define __VMALLOC_BASE	_AC(0xffffc90000000000, UL)
+#define VMEMMAP_START	_AC(0xffffea0000000000, UL)
+#ifdef CONFIG_RANDOMIZE_MEMORY
+#define VMALLOC_START	vmalloc_base
+#else
+#define VMALLOC_START	__VMALLOC_BASE
+#endif /* CONFIG_RANDOMIZE_MEMORY */
+#define VMALLOC_END	(VMALLOC_START + _AC((VMALLOC_SIZE_TB << 40) - 1, UL))
 #define MODULES_VADDR    (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
 #define MODULES_END      _AC(0xffffffffff000000, UL)
 #define MODULES_LEN   (MODULES_END - MODULES_VADDR)
diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index 609ecf2..c939cfe 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -44,11 +44,13 @@
  * ensure that this order is correct and won't be changed.
  */
 static const unsigned long vaddr_start = __PAGE_OFFSET_BASE;
-static const unsigned long vaddr_end = VMALLOC_START;
+static const unsigned long vaddr_end = VMEMMAP_START;
 
 /* Default values */
 unsigned long page_offset_base = __PAGE_OFFSET_BASE;
 EXPORT_SYMBOL(page_offset_base);
+unsigned long vmalloc_base = __VMALLOC_BASE;
+EXPORT_SYMBOL(vmalloc_base);
 
 /*
  * Memory regions randomized by KASLR (except modules that use a separate logic
@@ -60,6 +62,7 @@ static __initdata struct kaslr_memory_region {
 	unsigned long size_tb;
 } kaslr_regions[] = {
 	{ &page_offset_base, 64/* Maximum */ },
+	{ &vmalloc_base, VMALLOC_SIZE_TB },
 };
 
 /* Get size in bytes used by the memory region */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ