On Fri, Jun 16, 2023 at 04:16:28PM +0000, Edgecombe, Rick P wrote:
> On Fri, 2023-06-16 at 11:50 +0300, Mike Rapoport wrote:
> > -void *module_alloc(unsigned long size)
> > -{
> > - gfp_t gfp_mask = GFP_KERNEL;
> > - void *p;
> > -
> > - if (PAGE_ALIGN(size) > MODULES_LEN)
> > - return NULL;
> > +static struct execmem_params execmem_params = {
> > + .modules = {
> > + .flags = EXECMEM_KASAN_SHADOW,
> > + .text = {
> > + .alignment = MODULE_ALIGN,
> > + },
> > + },
> > +};
>
> Did you consider making these execmem_params's ro_after_init? Not that
> it is security sensitive, but it's a nice hint to the reader that it is
> only modified at init. And I guess basically free sanitizing of buggy
> writes to it.
Makes sense.
> >
> > - p = __vmalloc_node_range(size, MODULE_ALIGN,
> > - MODULES_VADDR +
> > get_module_load_offset(),
> > - MODULES_END, gfp_mask, PAGE_KERNEL,
> > - VM_FLUSH_RESET_PERMS |
> > VM_DEFER_KMEMLEAK,
> > - NUMA_NO_NODE,
> > __builtin_return_address(0));
> > +struct execmem_params __init *execmem_arch_params(void)
> > +{
> > + unsigned long start = MODULES_VADDR +
> > get_module_load_offset();
>
> I think we can drop the mutex's in get_module_load_offset() now, since
> execmem_arch_params() should only be called once at init.
Right. Even more, the entire get_module_load_offset() can be folded into
execmem_arch_params() as
if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && kaslr_enabled())
module_load_offset =
get_random_u32_inclusive(1, 1024) * PAGE_SIZE;
> >
> > - if (p && (kasan_alloc_module_shadow(p, size, gfp_mask) < 0))
> > {
> > - vfree(p);
> > - return NULL;
> > - }
> > + execmem_params.modules.text.start = start;
> > + execmem_params.modules.text.end = MODULES_END;
> > + execmem_params.modules.text.pgprot = PAGE_KERNEL;
> >
> > - return p;
> > + return &execmem_params;
> > }
> >
>
--
Sincerely yours,
Mike.
