Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7149224ybi;
        Mon, 8 Jul 2019 15:37:55 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyabAIMFd6Wq+i4lMxHKaZ1gigubBlFX3VL65mYQlgPorLJQlpMYpuamrXAhJrcey1EKNaD
X-Received: by 2002:a65:65c5:: with SMTP id y5mr23834884pgv.342.1562625475745;
        Mon, 08 Jul 2019 15:37:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562625475; cv=none;
        d=google.com; s=arc-20160816;
        b=DqPSdlZ5fBgSkCn1bslI7U2q5D1iWlGd1teT5DIZm1RNE2SxuLO27ATIT8Hjt/0cZC
         z07vnWiJKWyokrLbsE7TR31Y88fvpxyj+WvWTBimHDc+JywTWovX+jFZxLuixZ5YMMGM
         h0vb1fsKwW9sxekeXkXJtdxLmMZoe0nX83Kvb5exfOGTBeBjMPAGJRHbqHXyH2x+J3Vf
         rO3sAixcRu1Cg+01bT6MetqZvAdlh11LpNqJax8FIN2ObVDJQ0kqexP06mUTEjwTQT7z
         CZlg7O1uAnWnsAs6NGk2HoJbb6bY1UAGybPYtMf1jvkEn2wYxbFgOeON59k12bAsFtNj
         7ssA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=EBGThibohalGDQx0JHUjvLSErbP6tzO0lJHuIrkqJAw=;
        b=fz44vel4Yvkdg979PlFE7h9BEs9/W2rB8PTW2tMZlbjNOtUZZh7X0X1xsnpo4GMrBE
         e8dd3bZIpAITdMX06P4TZn/zEELmfAwcjQwgHCLYyLU6NamHP8bOMuZt4bEpla+i/3Tl
         Ew4Pw+Msz4XBfXzL9GL13SqHX8oOSuOIoxhNXNB+b1T/54xMAoyhvi9jT4MglXc2gumB
         ZDGYQZ+wK/hV3bVqkzZziwZ9u0he8xOAsV+Jm5KaYEz/rbpwI9LROB4kvbGjMHfIWLuE
         JUei5II1fzC6uPHFTZ38Nka2zejfuTVpW8GVfY/rwReUNe7TPdB4JtcWPiV3OsukhvCj
         oQ+w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=xojPNPSw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t4si19142213plb.188.2019.07.08.15.37.41;
        Mon, 08 Jul 2019 15:37:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=xojPNPSw;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388147AbfGHPXL (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Mon, 8 Jul 2019 11:23:11 -0400
Received: from mail.kernel.org ([198.145.29.99]:50044 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388134AbfGHPXJ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Jul 2019 11:23:09 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D958E204EC;
        Mon,  8 Jul 2019 15:23:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1562599388;
        bh=N+UVgD7OA5w7i4Zf1c+vj6sMbNBUCNtULkD6pkUw0ws=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=xojPNPSwViqvhqS/AWJkLO6l7Lr3/qj1C5vtEDrBcm0LUp2pv9r0gLx5hhZQ/CmC5
         GRFDeIvWk4MmIUKvfnHsO+g68cXaWvZ/iUP30NzP/7zg8EWaVG4Tzmup/IeOUSDPsd
         E6GXmehiLDzU/K1sSkzPBjyL+50s7tywWO143HPQ=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Catalin Marinas <catalin.marinas@arm.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Will Deacon <will@kernel.org>
Subject: [PATCH 4.9 102/102] arm64: kaslr: keep modules inside module region when KASAN is enabled
Date:   Mon,  8 Jul 2019 17:13:35 +0200
Message-Id: <20190708150531.760421168@linuxfoundation.org>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20190708150525.973820964@linuxfoundation.org>
References: <20190708150525.973820964@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>

commit 6f496a555d93db7a11d4860b9220d904822f586a upstream.

When KASLR and KASAN are both enabled, we keep the modules where they
are, and randomize the placement of the kernel so it is within 2 GB
of the module region. The reason for this is that putting modules in
the vmalloc region (like we normally do when KASLR is enabled) is not
possible in this case, given that the entire vmalloc region is already
backed by KASAN zero shadow pages, and so allocating dedicated KASAN
shadow space as required by loaded modules is not possible.

The default module allocation window is set to [_etext - 128MB, _etext]
in kaslr.c, which is appropriate for KASLR kernels booted without a
seed or with 'nokaslr' on the command line. However, as it turns out,
it is not quite correct for the KASAN case, since it still intersects
the vmalloc region at the top, where attempts to allocate shadow pages
will collide with the KASAN zero shadow pages, causing a WARN() and all
kinds of other trouble. So cap the top end to MODULES_END explicitly
when running with KASAN.

Cc: <stable@vger.kernel.org> # 4.9+
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[will: backport to 4.9.y]
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/kernel/module.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/arch/arm64/kernel/module.c
+++ b/arch/arm64/kernel/module.c
@@ -33,10 +33,14 @@
 void *module_alloc(unsigned long size)
 {
 	void *p;
+	u64 module_alloc_end = module_alloc_base + MODULES_VSIZE;
+
+	if (IS_ENABLED(CONFIG_KASAN))
+		/* don't exceed the static module region - see below */
+		module_alloc_end = MODULES_END;
 
 	p = __vmalloc_node_range(size, MODULE_ALIGN, module_alloc_base,
-				module_alloc_base + MODULES_VSIZE,
-				GFP_KERNEL, PAGE_KERNEL_EXEC, 0,
+				module_alloc_end, GFP_KERNEL, PAGE_KERNEL_EXEC, 0,
 				NUMA_NO_NODE, __builtin_return_address(0));
 
 	if (!p && IS_ENABLED(CONFIG_ARM64_MODULE_PLTS) &&