Re: [PATCH] mm/vmalloc: randomize vmalloc() allocations

From: Topi Miettinen
Date: Wed Dec 09 2020 - 14:09:44 EST

Next message: Greg KH: "Re: [PATCH v5 4/5] Driver core: platform: Add devm_platform_get_irqs_affinity()"
Previous message: Saeed Mahameed: "Re: [PATCHv3 net-next] octeontx2-pf: Add RSS multi group support"
Next in thread: Topi Miettinen: "Re: [PATCH] mm/vmalloc: randomize vmalloc() allocations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3.12.2020 8.58, Mike Rapoport wrote:

On Wed, Dec 02, 2020 at 08:49:06PM +0200, Topi Miettinen wrote:

On 1.12.2020 23.45, Topi Miettinen wrote:

Memory mappings inside kernel allocated with vmalloc() are in
predictable order and packed tightly toward the low addresses. With
new kernel boot parameter 'randomize_vmalloc=1', the entire area is
used randomly to make the allocations less predictable and harder to
guess for attackers.

This also seems to randomize module addresses. I was going to check that
next, so nice surprise!

Heh, that's because module_alloc() uses vmalloc() in that way or another :)

The modules are still allocated from their small (1.5GB) separate area instead of the much larger (32TB/12.5PB) vmalloc area, which would greatly improve ASLR for the modules. To fix that, I tried to to #define MODULES_VADDR to VMALLOC_START etc. like x86_32 does, but then kernel dies very early without even any output.

-Topi

Next message: Greg KH: "Re: [PATCH v5 4/5] Driver core: platform: Add devm_platform_get_irqs_affinity()"
Previous message: Saeed Mahameed: "Re: [PATCHv3 net-next] octeontx2-pf: Add RSS multi group support"
Next in thread: Topi Miettinen: "Re: [PATCH] mm/vmalloc: randomize vmalloc() allocations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]