| Message ID | 20210730105056.19784-1-song.bao.hua@hisilicon.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: fix the doc of RANDOMIZE_MODULE_REGION_FULL | expand |
On Fri, Jul 30, 2021 at 10:50:56PM +1200, Barry Song wrote: > Obviously kaslr is setting the module region to 2GB rather than 4GB since > commit b2eed9b588112 ("arm64/kernel: kaslr: reduce module randomization > range to 2 GB"). > On the other hand, module_alloc() can fall back to a 2GB window even though > RANDOMIZE_MODULE_REGION_FULL is not set. In this case, PLT is still needed. > So fix the doc to be more precise to avoid any confusion to the readers of > the code. > > Cc: Masami Hiramatsu <mhiramat@kernel.org> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> > Cc: Qi Liu <liuqi115@huawei.com> > Signed-off-by: Barry Song <song.bao.hua@hisilicon.com> > --- > arch/arm64/Kconfig | 7 ++++--- > arch/arm64/kernel/kaslr.c | 4 +++- > 2 files changed, 7 insertions(+), 4 deletions(-) Ack for the general idea, but I think this still isn't quite right... > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index b5b13a932561..525c1f0b2430 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1800,11 +1800,11 @@ config RANDOMIZE_BASE > If unsure, say N. > > config RANDOMIZE_MODULE_REGION_FULL > - bool "Randomize the module region over a 4 GB range" > + bool "Randomize the module region over a 2 GB range" > depends on RANDOMIZE_BASE > default y > help > - Randomizes the location of the module region inside a 4 GB window > + Randomizes the location of the module region inside a 2 GB window > covering the core kernel. This way, it is less likely for modules > to leak information about the location of core kernel data structures > but it does imply that function calls between modules and the core > @@ -1812,7 +1812,8 @@ config RANDOMIZE_MODULE_REGION_FULL > > When this option is not set, the module region will be randomized over > a limited range that contains the [_stext, _etext] interval of the > - core kernel, so branch relocations are always in range. > + core kernel, so branch relocations are almost always in range unless > + the region is exhausted and we fall back to a larger 2GB area. Hmm, that's only true if ARM64_MODULE_PLTS=y. Will
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index b5b13a932561..525c1f0b2430 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1800,11 +1800,11 @@ config RANDOMIZE_BASE If unsure, say N. config RANDOMIZE_MODULE_REGION_FULL - bool "Randomize the module region over a 4 GB range" + bool "Randomize the module region over a 2 GB range" depends on RANDOMIZE_BASE default y help - Randomizes the location of the module region inside a 4 GB window + Randomizes the location of the module region inside a 2 GB window covering the core kernel. This way, it is less likely for modules to leak information about the location of core kernel data structures but it does imply that function calls between modules and the core @@ -1812,7 +1812,8 @@ config RANDOMIZE_MODULE_REGION_FULL When this option is not set, the module region will be randomized over a limited range that contains the [_stext, _etext] interval of the - core kernel, so branch relocations are always in range. + core kernel, so branch relocations are almost always in range unless + the region is exhausted and we fall back to a larger 2GB area. config CC_HAVE_STACKPROTECTOR_SYSREG def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c index cfa2cfde3019..2bc43014ced3 100644 --- a/arch/arm64/kernel/kaslr.c +++ b/arch/arm64/kernel/kaslr.c @@ -162,7 +162,9 @@ u64 __init kaslr_early_init(void) * a PAGE_SIZE multiple in the range [_etext - MODULES_VSIZE, * _stext) . This guarantees that the resulting region still * covers [_stext, _etext], and that all relative branches can - * be resolved without veneers. + * be resolved without veneers unless this region is exhausted + * and we fall back to get memory from a larger 2GB window in + * module_alloc() */ module_range = MODULES_VSIZE - (u64)(_etext - _stext); module_alloc_base = (u64)_etext + offset - MODULES_VSIZE;
Obviously kaslr is setting the module region to 2GB rather than 4GB since commit b2eed9b588112 ("arm64/kernel: kaslr: reduce module randomization range to 2 GB"). On the other hand, module_alloc() can fall back to a 2GB window even though RANDOMIZE_MODULE_REGION_FULL is not set. In this case, PLT is still needed. So fix the doc to be more precise to avoid any confusion to the readers of the code. Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Qi Liu <liuqi115@huawei.com> Signed-off-by: Barry Song <song.bao.hua@hisilicon.com> --- arch/arm64/Kconfig | 7 ++++--- arch/arm64/kernel/kaslr.c | 4 +++- 2 files changed, 7 insertions(+), 4 deletions(-)