• Ard Biesheuvel's avatar
    arm64: kaslr: keep modules inside module region when KASAN is enabled · 18cd20c0
    Ard Biesheuvel authored
    commit 6f496a55 upstream.
    
    When KASLR and KASAN are both enabled, we keep the modules where they
    are, and randomize the placement of the kernel so it is within 2 GB
    of the module region. The reason for this is that putting modules in
    the vmalloc region (like we normally do when KASLR is enabled) is not
    possible in this case, given that the entire vmalloc region is already
    backed by KASAN zero shadow pages, and so allocating dedicated KASAN
    shadow space as required by loaded modules is not possible.
    
    The default module allocation window is set to [_etext - 128MB, _etext]
    in kaslr.c, which is appropriate for KASLR kernels booted without a
    seed or with 'nokaslr' on the command line. However, as it turns out,
    it is not quite correct for the KASAN case, since it still intersects
    the vmalloc region at the top, where attempts to allocate shadow pages
    will collide with the KASAN zero shadow pages, causing a WARN() and all
    kinds of other trouble. So cap the top end to MODULES_END explicitly
    when running with KASAN.
    
    Cc: <stable@vger.kernel.org> # 4.9+
    Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    Tested-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarWill Deacon <will@kernel.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    18cd20c0
module.c 12.5 KB