| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231026085800.GK2824@kernel.org>
Date: Thu, 26 Oct 2023 11:58:00 +0300
From: Mike Rapoport <rppt@...nel.org>
To: Will Deacon <will@...nel.org>
Cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>,
Björn Töpel <bjorn@...nel.org>,
Catalin Marinas <catalin.marinas@....com>,
Christophe Leroy <christophe.leroy@...roup.eu>,
"David S. Miller" <davem@...emloft.net>,
Dinh Nguyen <dinguyen@...nel.org>,
Heiko Carstens <hca@...ux.ibm.com>, Helge Deller <deller@....de>,
Huacai Chen <chenhuacai@...nel.org>,
Kent Overstreet <kent.overstreet@...ux.dev>,
Luis Chamberlain <mcgrof@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Michael Ellerman <mpe@...erman.id.au>,
Nadav Amit <nadav.amit@...il.com>,
"Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>,
Palmer Dabbelt <palmer@...belt.com>,
Puranjay Mohan <puranjay12@...il.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Russell King <linux@...linux.org.uk>, Song Liu <song@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Thomas Gleixner <tglx@...utronix.de>, bpf@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-mips@...r.kernel.org,
linux-mm@...ck.org, linux-modules@...r.kernel.org,
linux-parisc@...r.kernel.org, linux-riscv@...ts.infradead.org,
linux-s390@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, loongarch@...ts.linux.dev,
netdev@...r.kernel.org, sparclinux@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH v3 04/13] mm/execmem, arch: convert remaining overrides
of module_alloc to execmem
Hi Will,
On Mon, Oct 23, 2023 at 06:14:20PM +0100, Will Deacon wrote:
> Hi Mike,
>
> On Mon, Sep 18, 2023 at 10:29:46AM +0300, Mike Rapoport wrote:
> > From: "Mike Rapoport (IBM)" <rppt@...nel.org>
> >
> > Extend execmem parameters to accommodate more complex overrides of
> > module_alloc() by architectures.
> >
> > This includes specification of a fallback range required by arm, arm64
> > and powerpc and support for allocation of KASAN shadow required by
> > arm64, s390 and x86.
> >
> > The core implementation of execmem_alloc() takes care of suppressing
> > warnings when the initial allocation fails but there is a fallback range
> > defined.
> >
> > Signed-off-by: Mike Rapoport (IBM) <rppt@...nel.org>
> > ---
> > arch/arm/kernel/module.c | 38 ++++++++++++---------
> > arch/arm64/kernel/module.c | 57 ++++++++++++++------------------
> > arch/powerpc/kernel/module.c | 52 ++++++++++++++---------------
> > arch/s390/kernel/module.c | 52 +++++++++++------------------
> > arch/x86/kernel/module.c | 64 +++++++++++-------------------------
> > include/linux/execmem.h | 14 ++++++++
> > mm/execmem.c | 43 ++++++++++++++++++++++--
> > 7 files changed, 167 insertions(+), 153 deletions(-)
>
> [...]
>
> > diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c
> > index dd851297596e..cd6320de1c54 100644
> > --- a/arch/arm64/kernel/module.c
> > +++ b/arch/arm64/kernel/module.c
> > @@ -20,6 +20,7 @@
> > #include <linux/random.h>
> > #include <linux/scs.h>
> > #include <linux/vmalloc.h>
> > +#include <linux/execmem.h>
> >
> > #include <asm/alternative.h>
> > #include <asm/insn.h>
> > @@ -108,46 +109,38 @@ static int __init module_init_limits(void)
> >
> > return 0;
> > }
> > -subsys_initcall(module_init_limits);
> >
> > -void *module_alloc(unsigned long size)
> > +static struct execmem_params execmem_params __ro_after_init = {
> > + .ranges = {
> > + [EXECMEM_DEFAULT] = {
> > + .flags = EXECMEM_KASAN_SHADOW,
> > + .alignment = MODULE_ALIGN,
> > + },
> > + },
> > +};
> > +
> > +struct execmem_params __init *execmem_arch_params(void)
> > {
> > - void *p = NULL;
> > + struct execmem_range *r = &execmem_params.ranges[EXECMEM_DEFAULT];
> >
> > - /*
> > - * Where possible, prefer to allocate within direct branch range of the
> > - * kernel such that no PLTs are necessary.
> > - */
>
> Why are you removing this comment? I think you could just move it next
> to the part where we set a 128MiB range.
Oops, my bad. Will add it back.
> > - if (module_direct_base) {
> > - p = __vmalloc_node_range(size, MODULE_ALIGN,
> > - module_direct_base,
> > - module_direct_base + SZ_128M,
> > - GFP_KERNEL | __GFP_NOWARN,
> > - PAGE_KERNEL, 0, NUMA_NO_NODE,
> > - __builtin_return_address(0));
> > - }
> > + module_init_limits();
>
> Hmm, this used to be run from subsys_initcall(), but now you're running
> it _really_ early, before random_init(), so randomization of the module
> space is no longer going to be very random if we don't have early entropy
> from the firmware or the CPU, which is likely to be the case on most SoCs.
Well, it will be as random as KASLR. Won't that be enough?
> > diff --git a/mm/execmem.c b/mm/execmem.c
> > index f25a5e064886..a8c2f44d0133 100644
> > --- a/mm/execmem.c
> > +++ b/mm/execmem.c
> > @@ -11,12 +11,46 @@ static void *execmem_alloc(size_t size, struct execmem_range *range)
> > {
> > unsigned long start = range->start;
> > unsigned long end = range->end;
> > + unsigned long fallback_start = range->fallback_start;
> > + unsigned long fallback_end = range->fallback_end;
> > unsigned int align = range->alignment;
> > pgprot_t pgprot = range->pgprot;
> > + bool kasan = range->flags & EXECMEM_KASAN_SHADOW;
> > + unsigned long vm_flags = VM_FLUSH_RESET_PERMS;
> > + bool fallback = !!fallback_start;
> > + gfp_t gfp_flags = GFP_KERNEL;
> > + void *p;
> >
> > - return __vmalloc_node_range(size, align, start, end,
> > - GFP_KERNEL, pgprot, VM_FLUSH_RESET_PERMS,
> > - NUMA_NO_NODE, __builtin_return_address(0));
> > + if (PAGE_ALIGN(size) > (end - start))
> > + return NULL;
> > +
> > + if (kasan)
> > + vm_flags |= VM_DEFER_KMEMLEAK;
>
> Hmm, I don't think we passed this before on arm64, should we have done?
It was there on arm64 before commit 8339f7d8e178 ("arm64: module: remove
old !KASAN_VMALLOC logic").
There's no need to pass VM_DEFER_KMEMLEAK when KASAN_VMALLOC is enabled and
arm64 always selects KASAN_VMALLOC with KASAN.
And for the generic case, I should have made the condition to check for
KASAN_VMALLOC as well.
> Will
--
Sincerely yours,
Mike.
Powered by blists - more mailing lists