lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210731092830.8e9622d45ac52a739fd80b88@kernel.org>
Date:   Sat, 31 Jul 2021 09:28:30 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Barry Song <song.bao.hua@...ilicon.com>
Cc:     <catalin.marinas@....com>, <will@...nel.org>,
        <linux-arm-kernel@...ts.infradead.org>, <mark.rutland@....com>,
        <tyhicks@...ux.microsoft.com>, <linux@...ck-us.net>,
        <maz@...nel.org>, <tabba@...gle.com>, <lecopzer.chen@...iatek.com>,
        <linux-kernel@...r.kernel.org>, <linuxarm@...wei.com>,
        "Masami Hiramatsu" <mhiramat@...nel.org>,
        Ard Biesheuvel <ard.biesheuvel@....com>,
        "Qi Liu" <liuqi115@...wei.com>
Subject: Re: [PATCH v2] arm64: fix the doc of RANDOMIZE_MODULE_REGION_FULL

On Sat, 31 Jul 2021 00:51:31 +1200
Barry Song <song.bao.hua@...ilicon.com> wrote:

> Obviously kaslr is setting the module region to 2GB rather than 4GB since
> commit b2eed9b588112 ("arm64/kernel: kaslr: reduce module randomization
> range to 2 GB"). So fix the size of region in Kconfig.
> On the other hand, even though RANDOMIZE_MODULE_REGION_FULL is not set,
> module_alloc() can fall back to a 2GB window if ARM64_MODULE_PLTS is set.
> In this case, veneers are still needed. !RANDOMIZE_MODULE_REGION_FULL
> doesn't necessarily mean veneers are not needed.
> So fix the doc to be more precise to avoid any confusion to the readers
> of the code.
> 
> Cc: Masami Hiramatsu <mhiramat@...nel.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@....com>
> Cc: Qi Liu <liuqi115@...wei.com>
> Signed-off-by: Barry Song <song.bao.hua@...ilicon.com>

Thanks for explanation. This looks good to me.

Reviewed-by: Masami Hiramatsu <mhiramat@...nel.org>

Thank you,

> ---
>  -v2:
>  Add description about fallback can only happen while ARM64_MODULE_PLTS
>  is enabled. Thanks for Will's comment.
> 
>  arch/arm64/Kconfig        | 9 ++++++---
>  arch/arm64/kernel/kaslr.c | 4 +++-
>  2 files changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index b5b13a932561..fdcd54d39c1e 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1800,11 +1800,11 @@ config RANDOMIZE_BASE
>  	  If unsure, say N.
>  
>  config RANDOMIZE_MODULE_REGION_FULL
> -	bool "Randomize the module region over a 4 GB range"
> +	bool "Randomize the module region over a 2 GB range"
>  	depends on RANDOMIZE_BASE
>  	default y
>  	help
> -	  Randomizes the location of the module region inside a 4 GB window
> +	  Randomizes the location of the module region inside a 2 GB window
>  	  covering the core kernel. This way, it is less likely for modules
>  	  to leak information about the location of core kernel data structures
>  	  but it does imply that function calls between modules and the core
> @@ -1812,7 +1812,10 @@ config RANDOMIZE_MODULE_REGION_FULL
>  
>  	  When this option is not set, the module region will be randomized over
>  	  a limited range that contains the [_stext, _etext] interval of the
> -	  core kernel, so branch relocations are always in range.
> +	  core kernel, so branch relocations are almost always in range unless
> +	  ARM64_MODULE_PLTS is enabled and the region is exhausted. In this
> +	  particular case of region exhaustion, modules might be able to fall
> +	  back to a larger 2GB area.
>  
>  config CC_HAVE_STACKPROTECTOR_SYSREG
>  	def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0)
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index cfa2cfde3019..418b2bba1521 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -162,7 +162,9 @@ u64 __init kaslr_early_init(void)
>  		 * a PAGE_SIZE multiple in the range [_etext - MODULES_VSIZE,
>  		 * _stext) . This guarantees that the resulting region still
>  		 * covers [_stext, _etext], and that all relative branches can
> -		 * be resolved without veneers.
> +		 * be resolved without veneers unless this region is exhausted
> +		 * and we fall back to a larger 2GB window in module_alloc()
> +		 * when ARM64_MODULE_PLTS is enabled.
>  		 */
>  		module_range = MODULES_VSIZE - (u64)(_etext - _stext);
>  		module_alloc_base = (u64)_etext + offset - MODULES_VSIZE;
> -- 
> 2.25.1
> 


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ