From patchwork Tue Mar 14 17:05:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Garnier X-Patchwork-Id: 9623927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2FDEF60244 for ; Tue, 14 Mar 2017 17:05:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1DBCD28595 for ; Tue, 14 Mar 2017 17:05:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 11414285CA; Tue, 14 Mar 2017 17:05:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 6EB9B285C4 for ; Tue, 14 Mar 2017 17:05:42 +0000 (UTC) Received: (qmail 1961 invoked by uid 550); 14 Mar 2017 17:05:41 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 1935 invoked from network); 14 Mar 2017 17:05:40 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=M/Eh5df723NxTou+Vb7unNH4cKBdhMNBTm2R41b5MQM=; b=rT8Qs//E/StB8dZflmii3NpKyw1SRzZTS5tuYNFl/rTPto/iKcqeqiOfrTIc8Kd3pi IjVFaCYR9sTdiJeYzjO3uHKwcaA3hvenmseEpSQ5X9d8hrsSBEEGFdzT/+XB78xcu5Zf 4Mrajyw3FB3FKwBLP3ZY6hVibmSzvBGQXSN32uuUjOSiKMI3wxLUAAwKVmu0TajjYvwY FlBgLarCDWHTmsiHXRSBVK1AfR4+MQYGutQrLrFO2Up3iGuPwedTraoS39BTcStGbJLz iCyPOPCowM3suxhfq6xHVv/9M7mNtle393oOURYG70byONHH5yRrmVy+SPBLdFIdJFSu 8M8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=M/Eh5df723NxTou+Vb7unNH4cKBdhMNBTm2R41b5MQM=; b=tGhci/yOecIfqpBhLqD7FjJyZDBm3Og+RL9orOiBqiFa0SAd7XXPqx0FOOHnLyKjv8 PtSk94jaC9zlbLI3Z6H2M3jbIR79RnexmIefaUT+g3736tZwlv85ja3arCyRjBag40Zj TVx5grAw/LdDCurX7c0fBb2yH1IisUnKYCND2+O35c7ET09PzDQQZGTm8cZxTP7Wwi26 kZGoTxVlbeAGm625WJNCbudN6KvuO/hilYxH8lextUIJm8R4LzS/BufIjDnvEP9f/3jp S0ftNWtA7JsHlDwWkcjDQtQCVNuzSZ64MhfEfPcs/2goAmKRujEsUaxs9lgAzxhKwN7w 3kWQ== X-Gm-Message-State: AMke39nHhAE0+wROI5g0OdKCNFvkXU1RUArc4tsVCbsghRafLFSQi8MnbjcVK9+IGcqI6GaW X-Received: by 10.98.103.75 with SMTP id b72mr45692387pfc.105.1489511128523; Tue, 14 Mar 2017 10:05:28 -0700 (PDT) From: Thomas Garnier To: Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Jonathan Corbet , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov , Thomas Garnier , Lorenzo Stoakes , Kees Cook , Juergen Gross , Andy Lutomirski , Paul Gortmaker , Andrew Morton , Michal Hocko , zijun_hu , Chris Wilson , Andy Lutomirski , "Rafael J . Wysocki" , Len Brown , Pavel Machek , Jiri Kosina , Matt Fleming , Ard Biesheuvel , Boris Ostrovsky , Rusty Russell , Paolo Bonzini , Borislav Petkov , Christian Borntraeger , Frederic Weisbecker , "Luis R . Rodriguez" , Stanislaw Gruszka , Peter Zijlstra , Josh Poimboeuf , Vitaly Kuznetsov , Tim Chen , Joerg Roedel , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-pm@vger.kernel.org, linux-efi@vger.kernel.org, xen-devel@lists.xenproject.org, lguest@lists.ozlabs.org, kvm@vger.kernel.org, kernel-hardening@lists.openwall.com Date: Tue, 14 Mar 2017 10:05:06 -0700 Message-Id: <20170314170508.100882-1-thgarnie@google.com> X-Mailer: git-send-email 2.12.0.367.g23dc2f6d3c-goog Subject: [kernel-hardening] [PATCH v7 1/3] x86/mm: Adapt MODULES_END based on Fixmap section size X-Virus-Scanned: ClamAV using ClamSMTP This patch aligns MODULES_END to the beginning of the Fixmap section. It optimizes the space available for both sections. The address is pre-computed based on the number of pages required by the Fixmap section. It will allow GDT remapping in the Fixmap section. The current MODULES_END static address does not provide enough space for the kernel to support a large number of processors. Signed-off-by: Thomas Garnier --- Based on next-20170308 --- Documentation/x86/x86_64/mm.txt | 5 ++++- arch/x86/include/asm/pgtable_64_types.h | 3 ++- arch/x86/kernel/module.c | 1 + arch/x86/mm/dump_pagetables.c | 1 + arch/x86/mm/kasan_init_64.c | 1 + mm/vmalloc.c | 1 + 6 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt index 5724092db811..ee3f9c30957c 100644 --- a/Documentation/x86/x86_64/mm.txt +++ b/Documentation/x86/x86_64/mm.txt @@ -19,7 +19,7 @@ ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space ... unused hole ... ffffffff80000000 - ffffffff9fffffff (=512 MB) kernel text mapping, from phys 0 -ffffffffa0000000 - ffffffffff5fffff (=1526 MB) module mapping space +ffffffffa0000000 - ffffffffff5fffff (=1526 MB) module mapping space (variable) ffffffffff600000 - ffffffffffdfffff (=8 MB) vsyscalls ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole @@ -39,6 +39,9 @@ memory window (this size is arbitrary, it can be raised later if needed). The mappings are not part of any other kernel PGD and are only available during EFI runtime calls. +The module mapping space size changes based on the CONFIG requirements for the +following fixmap section. + Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all physical memory, vmalloc/ioremap space and virtual memory map are randomized. Their order is preserved but their base will be offset early at boot time. diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 3a264200c62f..bb05e21cf3c7 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -67,7 +67,8 @@ typedef struct { pteval_t pte; } pte_t; #endif /* CONFIG_RANDOMIZE_MEMORY */ #define VMALLOC_END (VMALLOC_START + _AC((VMALLOC_SIZE_TB << 40) - 1, UL)) #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) -#define MODULES_END _AC(0xffffffffff000000, UL) +/* The module sections ends with the start of the fixmap */ +#define MODULES_END __fix_to_virt(__end_of_fixed_addresses + 1) #define MODULES_LEN (MODULES_END - MODULES_VADDR) #define ESPFIX_PGD_ENTRY _AC(-2, UL) #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c index 477ae806c2fa..fad61caac75e 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c @@ -35,6 +35,7 @@ #include #include #include +#include #if 0 #define DEBUGP(fmt, ...) \ diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c index 58b5bee7ea27..75efeecc85eb 100644 --- a/arch/x86/mm/dump_pagetables.c +++ b/arch/x86/mm/dump_pagetables.c @@ -20,6 +20,7 @@ #include #include +#include /* * The dumper groups pagetable entries of the same type into one, and for diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index 8d63d7a104c3..1bde19ef86bd 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -9,6 +9,7 @@ #include #include +#include extern pgd_t early_level4_pgt[PTRS_PER_PGD]; extern struct range pfn_mapped[E820_X_MAX]; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 32979d945766..1fc9598ed019 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -35,6 +35,7 @@ #include #include #include +#include #include "internal.h"