aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2013-10-10 20:18:18 -0400
committerH. Peter Anvin <hpa@linux.intel.com>2013-10-13 06:13:13 -0400
commit6145cfe394a7f138f6b64491c5663f97dba12450 (patch)
tree409c39dce2121c84fd1a96102a16e7d69c20285c
parentf32360ef6608434a032dc7ad262d45e9693c27f3 (diff)
x86, kaslr: Raise the maximum virtual address to -1 GiB on x86_64
On 64-bit, this raises the maximum location to -1 GiB (from -1.5 GiB), the upper limit currently, since the kernel fixmap page mappings need to be moved to use the other 1 GiB (which would be the theoretical limit when building with -mcmodel=kernel). Signed-off-by: Kees Cook <keescook@chromium.org> Link: http://lkml.kernel.org/r/1381450698-28710-7-git-send-email-keescook@chromium.org Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Diffstat
-rw-r--r--arch/x86/Kconfig16
-rw-r--r--arch/x86/include/asm/page_64_types.h15
-rw-r--r--arch/x86/include/asm/pgtable_64_types.h2
-rw-r--r--arch/x86/mm/init_32.c3
4 files changed, 29 insertions, 7 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 992701d4d4f8..51f439953d23 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1746,13 +1746,23 @@ config RANDOMIZE_BASE
1746config RANDOMIZE_BASE_MAX_OFFSET 1746config RANDOMIZE_BASE_MAX_OFFSET
1747 hex "Maximum ASLR offset allowed" 1747 hex "Maximum ASLR offset allowed"
1748 depends on RANDOMIZE_BASE 1748 depends on RANDOMIZE_BASE
1749 default "0x10000000" 1749 range 0x0 0x20000000 if X86_32
1750 range 0x0 0x10000000 1750 default "0x20000000" if X86_32
1751 range 0x0 0x40000000 if X86_64
1752 default "0x40000000" if X86_64
1751 ---help--- 1753 ---help---
1752 Determines the maximal offset in bytes that will be applied to the 1754 Determines the maximal offset in bytes that will be applied to the
1753 kernel when Address Space Layout Randomization (ASLR) is active. 1755 kernel when Address Space Layout Randomization (ASLR) is active.
1754 Must be less than or equal to the actual physical memory on the 1756 Must be less than or equal to the actual physical memory on the
1755 system. This must be a power of two. 1757 system. This must be a multiple of CONFIG_PHYSICAL_ALIGN.
1758
1759 On 32-bit this is limited to 512MiB.
1760
1761 On 64-bit this is limited by how the kernel fixmap page table is
1762 positioned, so this cannot be larger that 1GiB currently. Normally
1763 there is a 512MiB to 1.5GiB split between kernel and modules. When
1764 this is raised above the 512MiB default, the modules area will
1765 shrink to compensate, up to the current maximum 1GiB to 1GiB split.
1756 1766
1757# Relocation on x86 needs some additional build support 1767# Relocation on x86 needs some additional build support
1758config X86_NEED_RELOCS 1768config X86_NEED_RELOCS
diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 43dcd804ebd5..8de6d9cf3b95 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -39,9 +39,18 @@
39#define __VIRTUAL_MASK_SHIFT 47 39#define __VIRTUAL_MASK_SHIFT 47
40 40
41/* 41/*
42 * Kernel image size is limited to 512 MB (see level2_kernel_pgt in 42 * Kernel image size is limited to 1GiB due to the fixmap living in the
43 * arch/x86/kernel/head_64.S), and it is mapped here: 43 * next 1GiB (see level2_kernel_pgt in arch/x86/kernel/head_64.S). Use
44 * 512MiB by default, leaving 1.5GiB for modules once the page tables
45 * are fully set up. If kernel ASLR is configured, it can extend the
46 * kernel page table mapping, reducing the size of the modules area.
44 */ 47 */
45#define KERNEL_IMAGE_SIZE (512 * 1024 * 1024) 48#define KERNEL_IMAGE_SIZE_DEFAULT (512 * 1024 * 1024)
49#if defined(CONFIG_RANDOMIZE_BASE) && \
50 CONFIG_RANDOMIZE_BASE_MAX_OFFSET > KERNEL_IMAGE_SIZE_DEFAULT
51#define KERNEL_IMAGE_SIZE CONFIG_RANDOMIZE_BASE_MAX_OFFSET
52#else
53#define KERNEL_IMAGE_SIZE KERNEL_IMAGE_SIZE_DEFAULT
54#endif
46 55
47#endif /* _ASM_X86_PAGE_64_DEFS_H */ 56#endif /* _ASM_X86_PAGE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
index 2d883440cb9a..c883bf726398 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
@@ -58,7 +58,7 @@ typedef struct { pteval_t pte; } pte_t;
58#define VMALLOC_START _AC(0xffffc90000000000, UL) 58#define VMALLOC_START _AC(0xffffc90000000000, UL)
59#define VMALLOC_END _AC(0xffffe8ffffffffff, UL) 59#define VMALLOC_END _AC(0xffffe8ffffffffff, UL)
60#define VMEMMAP_START _AC(0xffffea0000000000, UL) 60#define VMEMMAP_START _AC(0xffffea0000000000, UL)
61#define MODULES_VADDR _AC(0xffffffffa0000000, UL) 61#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
62#define MODULES_END _AC(0xffffffffff000000, UL) 62#define MODULES_END _AC(0xffffffffff000000, UL)
63#define MODULES_LEN (MODULES_END - MODULES_VADDR) 63#define MODULES_LEN (MODULES_END - MODULES_VADDR)
64 64
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 4287f1ffba7e..5bdc5430597c 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -806,6 +806,9 @@ void __init mem_init(void)
806 BUILD_BUG_ON(VMALLOC_START >= VMALLOC_END); 806 BUILD_BUG_ON(VMALLOC_START >= VMALLOC_END);
807#undef high_memory 807#undef high_memory
808#undef __FIXADDR_TOP 808#undef __FIXADDR_TOP
809#ifdef CONFIG_RANDOMIZE_BASE
810 BUILD_BUG_ON(CONFIG_RANDOMIZE_BASE_MAX_OFFSET > KERNEL_IMAGE_SIZE);
811#endif
809 812
810#ifdef CONFIG_HIGHMEM 813#ifdef CONFIG_HIGHMEM
811 BUG_ON(PKMAP_BASE + LAST_PKMAP*PAGE_SIZE > FIXADDR_START); 814 BUG_ON(PKMAP_BASE + LAST_PKMAP*PAGE_SIZE > FIXADDR_START);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-10 22:08:13 -0500