diff options
author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2018-03-06 17:15:32 +0000 |
---|---|---|
committer | Will Deacon <will.deacon@arm.com> | 2018-03-08 13:49:26 +0000 |
commit | f2b9ba871beb92fd6884b957acb14621b15fbe2b (patch) | |
tree | 85213c2c47d9ad9b3270aa14be3b80a4a3b46d42 /include/linux/sizes.h | |
parent | 5e8307b9c6f40526f290663e5a4de0f78bb0446a (diff) | |
download | lwn-f2b9ba871beb92fd6884b957acb14621b15fbe2b.tar.gz lwn-f2b9ba871beb92fd6884b957acb14621b15fbe2b.zip |
arm64/kernel: kaslr: reduce module randomization range to 4 GB
We currently have to rely on the GCC large code model for KASLR for
two distinct but related reasons:
- if we enable full randomization, modules will be loaded very far away
from the core kernel, where they are out of range for ADRP instructions,
- even without full randomization, the fact that the 128 MB module region
is now no longer fully reserved for kernel modules means that there is
a very low likelihood that the normal bottom-up allocation of other
vmalloc regions may collide, and use up the range for other things.
Large model code is suboptimal, given that each symbol reference involves
a literal load that goes through the D-cache, reducing cache utilization.
But more importantly, literals are not instructions but part of .text
nonetheless, and hence mapped with executable permissions.
So let's get rid of our dependency on the large model for KASLR, by:
- reducing the full randomization range to 4 GB, thereby ensuring that
ADRP references between modules and the kernel are always in range,
- reduce the spillover range to 4 GB as well, so that we fallback to a
region that is still guaranteed to be in range
- move the randomization window of the core kernel to the middle of the
VMALLOC space
Note that KASAN always uses the module region outside of the vmalloc space,
so keep the kernel close to that if KASAN is enabled.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Diffstat (limited to 'include/linux/sizes.h')
-rw-r--r-- | include/linux/sizes.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/sizes.h b/include/linux/sizes.h index ce3e8150c174..fbde0bc7e882 100644 --- a/include/linux/sizes.h +++ b/include/linux/sizes.h @@ -8,6 +8,8 @@ #ifndef __LINUX_SIZES_H__ #define __LINUX_SIZES_H__ +#include <linux/const.h> + #define SZ_1 0x00000001 #define SZ_2 0x00000002 #define SZ_4 0x00000004 @@ -44,4 +46,6 @@ #define SZ_1G 0x40000000 #define SZ_2G 0x80000000 +#define SZ_4G _AC(0x100000000, ULL) + #endif /* __LINUX_SIZES_H__ */ |