From patchwork Mon Jul  8 15:13:26 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Greg KH <gregkh@linuxfoundation.org>
X-Patchwork-Id: 168665
Delivered-To: patch@linaro.org
Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp7304839ilk;
 Mon, 8 Jul 2019 08:25:03 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwrTj2GTWK4jpHKAoH4yX6ggxuaiq7ap8uRh9nNiYd5Twor3SPFgyXq1hgZrcodsxj/iN3e
X-Received: by 2002:a17:902:2868:: with SMTP id
 e95mr24109859plb.319.1562599503047; 
 Mon, 08 Jul 2019 08:25:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562599503; cv=none;
 d=google.com; s=arc-20160816;
 b=fdD4oEgm5xNjE9AwkXZfWwTrPlLIO1IcsvQPW4rORCwOGkSuJLYqDBwkhwr9gJi7CD
 5Ht1VCBDARo0Emfud901CkKz9osFeiChJ8f2MnEwMwX9CHsh8vIGczScxlizkgvMiIKX
 N37J75xjH9t2/khmMtwg2FKEe7rdbaokRl1hmh9YaJkSk3YiPDgqvCE+Wg07evKhBKSg
 1NxN58YWGewvmmlX9q7u/ug0Y9y3QXsfhJ2YtSLrhd5lWpw9nfC+GQJUlzNIzRBFlzT6
 gmxLtQS8/98xeJ/ZTMG895wHItyvtcZn8e/crS9X1XNdAnoYLiiAX3TLeF4iMDRc/xDg
 QogA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :user-agent:references:in-reply-to:message-id:date:subject:cc:to
 :from:dkim-signature;
 bh=Q0Bn/kCsAAEIsl7/JRuTgs73rspEWlcATaIwKGAvCAc=;
 b=w1qk957UUU20VGj3ZrooHbix2ocYTF9z1yS4v4ccVsWrUBche4VcQJBOihTGyhBne1
 qcaqHOQBMxVs7nuJ9ydD/2XNFW2v7d8J5LyI3Qsrzwq/f1mxwGoUmVcwx+S9mE2QcAFg
 TsHgntD50v5yvmfFo5spA2Eu73aCURc4amYA6lEc/SXIo+3ZUzzvt4OzmmgheGDj7SVt
 GGQV/xhujW50KUsTl/ZmCuXmzNHGbDBfcFE+rpMa0IDMNtw3B/cSNMWlklxTiX++Jebq
 9YWNR8j1QFqKL5xOSVBDD+vISC/IB79OtLEnI3d9U5I4dyLEUj2Womrz0N3w/AfGaLo6
 7oDg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@kernel.org header.s=default header.b=jbvVOL7A;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 t17si19938727pfe.269.2019.07.08.08.25.02; 
 Mon, 08 Jul 2019 08:25:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@kernel.org header.s=default header.b=jbvVOL7A;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S2388539AbfGHPZB (ORCPT <rfc822;mike.holmes@linaro.org>
 + 30 others); Mon, 8 Jul 2019 11:25:01 -0400
Received: from mail.kernel.org ([198.145.29.99]:52264 "EHLO mail.kernel.org"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S2388412AbfGHPY4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Mon, 8 Jul 2019 11:24:56 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl
 [83.86.89.107])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mail.kernel.org (Postfix) with ESMTPSA id BCF2F2166E;
 Mon,  8 Jul 2019 15:24:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=default; t=1562599495;
 bh=+LiCpwHsjJSrbJyVIAOZQxJz3K+eHJCNVBkQ9T3ckGk=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=jbvVOL7AwI3h9VVKf3sC0RF0H6xN9e4NFZ+GsO/+3nsBd12oTiIa64sSamB0yEOYe
 ddalTxlfNRHXfL1R+uO93jaYn46qSdHG335Z3xk+b2y43nz2GqQjgVYDVvDZcL7De6
 sOn3wEBKZ3zN7DIO6ps48RaZ4eoOkcDKH5uoN9dY=
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 stable@vger.kernel.org, Catalin Marinas <catalin.marinas@arm.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>, Will Deacon <will@kernel.org>
Subject: [PATCH 4.14 34/56] arm64: kaslr: keep modules inside module region
 when KASAN is enabled
Date: Mon,  8 Jul 2019 17:13:26 +0200
Message-Id: <20190708150523.116862643@linuxfoundation.org>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20190708150514.376317156@linuxfoundation.org>
References: <20190708150514.376317156@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

commit 6f496a555d93db7a11d4860b9220d904822f586a upstream.

When KASLR and KASAN are both enabled, we keep the modules where they
are, and randomize the placement of the kernel so it is within 2 GB
of the module region. The reason for this is that putting modules in
the vmalloc region (like we normally do when KASLR is enabled) is not
possible in this case, given that the entire vmalloc region is already
backed by KASAN zero shadow pages, and so allocating dedicated KASAN
shadow space as required by loaded modules is not possible.

The default module allocation window is set to [_etext - 128MB, _etext]
in kaslr.c, which is appropriate for KASLR kernels booted without a
seed or with 'nokaslr' on the command line. However, as it turns out,
it is not quite correct for the KASAN case, since it still intersects
the vmalloc region at the top, where attempts to allocate shadow pages
will collide with the KASAN zero shadow pages, causing a WARN() and all
kinds of other trouble. So cap the top end to MODULES_END explicitly
when running with KASAN.

Cc: <stable@vger.kernel.org> # 4.9+
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm64/kernel/module.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -32,6 +32,7 @@
 
 void *module_alloc(unsigned long size)
 {
+	u64 module_alloc_end = module_alloc_base + MODULES_VSIZE;
 	gfp_t gfp_mask = GFP_KERNEL;
 	void *p;
 
@@ -39,9 +40,12 @@ void *module_alloc(unsigned long size)
 	if (IS_ENABLED(CONFIG_ARM64_MODULE_PLTS))
 		gfp_mask |= __GFP_NOWARN;
 
+	if (IS_ENABLED(CONFIG_KASAN))
+		/* don't exceed the static module region - see below */
+		module_alloc_end = MODULES_END;
+
 	p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
-				module_alloc_base + MODULES_VSIZE,
-				gfp_mask, PAGE_KERNEL_EXEC, 0,
+				module_alloc_end, gfp_mask, PAGE_KERNEL_EXEC, 0,
 				NUMA_NO_NODE, __builtin_return_address(0));
 
 	if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) &&