[PATCH] arm64: allow the module region to be randomized independently
Catalin Marinas
catalin.marinas at arm.com
Tue Feb 9 02:45:33 PST 2016
On Tue, Feb 09, 2016 at 11:03:01AM +0100, Ard Biesheuvel wrote:
> On 8 February 2016 at 19:13, Catalin Marinas <catalin.marinas at arm.com> wrote:
> > On Mon, Feb 08, 2016 at 11:12:12AM +0100, Ard Biesheuvel wrote:
> >> This adds the option to randomize the module region independently from the
> >> core kernel, and enables it by default. This makes it less likely that the
> >> location of core kernel data structures can be determined by an adversary,
> >> but causes all function calls from modules into the core kernel to be
> >> resolved via entries in the module PLTs.
> >>
> >> Signed-off-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
> >> ---
> >> arch/arm64/Kconfig | 15 ++++++++
> >> arch/arm64/include/asm/module.h | 6 ++++
> >> arch/arm64/kernel/kaslr.c | 36 +++++++++++++++-----
> >> arch/arm64/kernel/module.c | 9 ++---
> >> 4 files changed, 50 insertions(+), 16 deletions(-)
> >
> > With this patch I get an unhandled paging request, coming from
> > kernel/module.c:2982 (the memset). The PC is wrongly attributed but it's
> > in arch/arm64/lib/memset.S:
> >
>
> This was due to a thinko in kaslr_early_init(). Folding the following
> hunk will fix it (or I can resend the patch if you prefer)
>
> -------8<----------
> diff --git a/arch/arm64/kernel/kaslr.c b/arch/arm64/kernel/kaslr.c
> index f8ad30160026..d7eba99ab140 100644
> --- a/arch/arm64/kernel/kaslr.c
> +++ b/arch/arm64/kernel/kaslr.c
> @@ -82,6 +82,12 @@ u64 __init kaslr_early_init(u64 dt_phys)
> int size;
>
> /*
> + * Set a reasonable default for module_alloc_base in case
> + * we end up running with KASLR disabled.
> + */
> + module_alloc_base = (u64)_etext - MODULES_VSIZE;
> +
> + /*
> * Try to map the FDT early. If this fails, we simply bail,
> * and proceed with KASLR disabled. We will make another
> * attempt at mapping the FDT in setup_machine()
> -------8<----------
I'll fold the hunk in and give it a try. Thanks.
--
Catalin
More information about the linux-arm-kernel
mailing list