| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Jan 2021 20:26:49 +0000
From: Will Deacon <will@...nel.org>
To: Lecopzer Chen <lecopzer.chen@...iatek.com>
Cc: akpm@...ux-foundation.org, andreyknvl@...gle.com, ardb@...nel.org,
aryabinin@...tuozzo.com, broonie@...nel.org,
catalin.marinas@....com, dan.j.williams@...el.com,
dvyukov@...gle.com, glider@...gle.com, gustavoars@...nel.org,
kasan-dev@...glegroups.com, lecopzer@...il.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-mediatek@...ts.infradead.org, linux-mm@...ck.org,
linux@...ck-us.net, robin.murphy@....com, rppt@...nel.org,
tyhicks@...ux.microsoft.com, vincenzo.frascino@....com,
yj.chiang@...iatek.com
Subject: Re: [PATCH v2 4/4] arm64: kaslr: support randomized module area with
KASAN_VMALLOC
On Thu, Jan 28, 2021 at 04:53:26PM +0800, Lecopzer Chen wrote:
>
> > On Sat, Jan 09, 2021 at 06:32:52PM +0800, Lecopzer Chen wrote:
> > > After KASAN_VMALLOC works in arm64, we can randomize module region
> > > into vmalloc area now.
> > >
> > > Test:
> > > VMALLOC area ffffffc010000000 fffffffdf0000000
> > >
> > > before the patch:
> > > module_alloc_base/end ffffffc008b80000 ffffffc010000000
> > > after the patch:
> > > module_alloc_base/end ffffffdcf4bed000 ffffffc010000000
> > >
> > > And the function that insmod some modules is fine.
> > >
> > > Suggested-by: Ard Biesheuvel <ardb@...nel.org>
> > > Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
> > > ---
> > > arch/arm64/kernel/kaslr.c | 18 ++++++++++--------
> > > arch/arm64/kernel/module.c | 16 +++++++++-------
> > > 2 files changed, 19 insertions(+), 15 deletions(-)
> > >
> > > diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> > > index 1c74c45b9494..a2858058e724 100644
> > > --- a/arch/arm64/kernel/kaslr.c
> > > +++ b/arch/arm64/kernel/kaslr.c
> > > @@ -161,15 +161,17 @@ u64 __init kaslr_early_init(u64 dt_phys)
> > > /* use the top 16 bits to randomize the linear region */
> > > memstart_offset_seed = seed >> 48;
> > >
> > > - if (IS_ENABLED(CONFIG_KASAN_GENERIC) ||
> > > - IS_ENABLED(CONFIG_KASAN_SW_TAGS))
> > > + if (!IS_ENABLED(CONFIG_KASAN_VMALLOC) &&
> > > + (IS_ENABLED(CONFIG_KASAN_GENERIC) ||
> >
> > CONFIG_KASAN_VMALLOC depends on CONFIG_KASAN_GENERIC so why is this
> > necessary?
> >
> > Will
>
> CONFIG_KASAN_VMALLOC=y means CONFIG_KASAN_GENERIC=y
> but CONFIG_KASAN_GENERIC=y doesn't means CONFIG_KASAN_VMALLOC=y
>
> So this if-condition allows only KASAN rather than
> KASAN + KASAN_VMALLOC enabled.
>
> Please correct me if I'm wrong.
Sorry, you're completely right -- I missed the '!' when I read this
initially.
Will
Powered by blists - more mailing lists