On 3.12.2020 8.58, Mike Rapoport wrote:
On Wed, Dec 02, 2020 at 08:49:06PM +0200, Topi Miettinen wrote:
On 1.12.2020 23.45, Topi Miettinen wrote:
Memory mappings inside kernel allocated with vmalloc() are in
predictable order and packed tightly toward the low addresses. With
new kernel boot parameter 'randomize_vmalloc=1', the entire area is
used randomly to make the allocations less predictable and harder to
guess for attackers.
This also seems to randomize module addresses. I was going to check that
next, so nice surprise!
Heh, that's because module_alloc() uses vmalloc() in that way or another :)
The modules are still allocated from their small (1.5GB) separate area
instead of the much larger (32TB/12.5PB) vmalloc area, which would
greatly improve ASLR for the modules. To fix that, I tried to to #define
MODULES_VADDR to VMALLOC_START etc. like x86_32 does, but then kernel
dies very early without even any output.
-Topi
