mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-17 01:04:19 +08:00
f80fb3a3d5
This adds support for KASLR is implemented, based on entropy provided by the bootloader in the /chosen/kaslr-seed DT property. Depending on the size of the address space (VA_BITS) and the page size, the entropy in the virtual displacement is up to 13 bits (16k/2 levels) and up to 25 bits (all 4 levels), with the sidenote that displacements that result in the kernel image straddling a 1GB/32MB/512MB alignment boundary (for 4KB/16KB/64KB granule kernels, respectively) are not allowed, and will be rounded up to an acceptable value. If CONFIG_RANDOMIZE_MODULE_REGION_FULL is enabled, the module region is randomized independently from the core kernel. This makes it less likely that the location of core kernel data structures can be determined by an adversary, but causes all function calls from modules into the core kernel to be resolved via entries in the module PLTs. If CONFIG_RANDOMIZE_MODULE_REGION_FULL is not enabled, the module region is randomized by choosing a page aligned 128 MB region inside the interval [_etext - 128 MB, _stext + 128 MB). This gives between 10 and 14 bits of entropy (depending on page size), independently of the kernel randomization, but still guarantees that modules are within the range of relative branch and jump instructions (with the caveat that, since the module region is shared with other uses of the vmalloc area, modules may need to be loaded further away if the module region is exhausted) Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
41 lines
1.1 KiB
C
41 lines
1.1 KiB
C
/*
|
|
* Copyright (C) 2012 ARM Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
#ifndef __ASM_MODULE_H
|
|
#define __ASM_MODULE_H
|
|
|
|
#include <asm-generic/module.h>
|
|
|
|
#define MODULE_ARCH_VERMAGIC "aarch64"
|
|
|
|
#ifdef CONFIG_ARM64_MODULE_PLTS
|
|
struct mod_arch_specific {
|
|
struct elf64_shdr *plt;
|
|
int plt_num_entries;
|
|
int plt_max_entries;
|
|
};
|
|
#endif
|
|
|
|
u64 module_emit_plt_entry(struct module *mod, const Elf64_Rela *rela,
|
|
Elf64_Sym *sym);
|
|
|
|
#ifdef CONFIG_RANDOMIZE_BASE
|
|
extern u64 module_alloc_base;
|
|
#else
|
|
#define module_alloc_base ((u64)_etext - MODULES_VSIZE)
|
|
#endif
|
|
|
|
#endif /* __ASM_MODULE_H */
|