| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Jul 2021 09:28:30 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Barry Song <song.bao.hua@...ilicon.com>
Cc: <catalin.marinas@....com>, <will@...nel.org>,
<linux-arm-kernel@...ts.infradead.org>, <mark.rutland@....com>,
<tyhicks@...ux.microsoft.com>, <linux@...ck-us.net>,
<maz@...nel.org>, <tabba@...gle.com>, <lecopzer.chen@...iatek.com>,
<linux-kernel@...r.kernel.org>, <linuxarm@...wei.com>,
"Masami Hiramatsu" <mhiramat@...nel.org>,
Ard Biesheuvel <ard.biesheuvel@....com>,
"Qi Liu" <liuqi115@...wei.com>
Subject: Re: [PATCH v2] arm64: fix the doc of RANDOMIZE_MODULE_REGION_FULL
On Sat, 31 Jul 2021 00:51:31 +1200
Barry Song <song.bao.hua@...ilicon.com> wrote:
> Obviously kaslr is setting the module region to 2GB rather than 4GB since
> commit b2eed9b588112 ("arm64/kernel: kaslr: reduce module randomization
> range to 2 GB"). So fix the size of region in Kconfig.
> On the other hand, even though RANDOMIZE_MODULE_REGION_FULL is not set,
> module_alloc() can fall back to a 2GB window if ARM64_MODULE_PLTS is set.
> In this case, veneers are still needed. !RANDOMIZE_MODULE_REGION_FULL
> doesn't necessarily mean veneers are not needed.
> So fix the doc to be more precise to avoid any confusion to the readers
> of the code.
>
> Cc: Masami Hiramatsu <mhiramat@...nel.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@....com>
> Cc: Qi Liu <liuqi115@...wei.com>
> Signed-off-by: Barry Song <song.bao.hua@...ilicon.com>
Thanks for explanation. This looks good to me.
Reviewed-by: Masami Hiramatsu <mhiramat@...nel.org>
Thank you,
> ---
> -v2:
> Add description about fallback can only happen while ARM64_MODULE_PLTS
> is enabled. Thanks for Will's comment.
>
> arch/arm64/Kconfig | 9 ++++++---
> arch/arm64/kernel/kaslr.c | 4 +++-
> 2 files changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index b5b13a932561..fdcd54d39c1e 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1800,11 +1800,11 @@ config RANDOMIZE_BASE
> If unsure, say N.
>
> config RANDOMIZE_MODULE_REGION_FULL
> - bool "Randomize the module region over a 4 GB range"
> + bool "Randomize the module region over a 2 GB range"
> depends on RANDOMIZE_BASE
> default y
> help
> - Randomizes the location of the module region inside a 4 GB window
> + Randomizes the location of the module region inside a 2 GB window
> covering the core kernel. This way, it is less likely for modules
> to leak information about the location of core kernel data structures
> but it does imply that function calls between modules and the core
> @@ -1812,7 +1812,10 @@ config RANDOMIZE_MODULE_REGION_FULL
>
> When this option is not set, the module region will be randomized over
> a limited range that contains the [_stext, _etext] interval of the
> - core kernel, so branch relocations are always in range.
> + core kernel, so branch relocations are almost always in range unless
> + ARM64_MODULE_PLTS is enabled and the region is exhausted. In this
> + particular case of region exhaustion, modules might be able to fall
> + back to a larger 2GB area.
>
> config CC_HAVE_STACKPROTECTOR_SYSREG
> def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0)
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index cfa2cfde3019..418b2bba1521 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -162,7 +162,9 @@ u64 __init kaslr_early_init(void)
> * a PAGE_SIZE multiple in the range [_etext - MODULES_VSIZE,
> * _stext) . This guarantees that the resulting region still
> * covers [_stext, _etext], and that all relative branches can
> - * be resolved without veneers.
> + * be resolved without veneers unless this region is exhausted
> + * and we fall back to a larger 2GB window in module_alloc()
> + * when ARM64_MODULE_PLTS is enabled.
> */
> module_range = MODULES_VSIZE - (u64)(_etext - _stext);
> module_alloc_base = (u64)_etext + offset - MODULES_VSIZE;
> --
> 2.25.1
>
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists