lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160108154814.GI16432@e104818-lin.cambridge.arm.com>
Date:	Fri, 8 Jan 2016 15:48:15 +0000
From:	Catalin Marinas <catalin.marinas@....com>
To:	Mark Rutland <mark.rutland@....com>
Cc:	keescook@...omium.org, arnd@...db.de,
	kernel-hardening@...ts.openwall.com, bhupesh.sharma@...escale.com,
	Ard Biesheuvel <ard.biesheuvel@...aro.org>,
	will.deacon@....com, linux-kernel@...r.kernel.org,
	leif.lindholm@...aro.org, stuart.yoder@...escale.com,
	marc.zyngier@....com, christoffer.dall@...aro.org,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2 11/13] arm64: allow kernel Image to be loaded anywhere
 in physical memory

On Fri, Jan 08, 2016 at 03:36:54PM +0000, Mark Rutland wrote:
> On Fri, Jan 08, 2016 at 03:27:38PM +0000, Catalin Marinas wrote:
> > On Wed, Dec 30, 2015 at 04:26:10PM +0100, Ard Biesheuvel wrote:
> > > +static void __init enforce_memory_limit(void)
> > > +{
> > > +	const phys_addr_t kbase = round_down(__pa(_text), MIN_KIMG_ALIGN);
> > > +	u64 to_remove = memblock_phys_mem_size() - memory_limit;
> > > +	phys_addr_t max_addr = 0;
> > > +	struct memblock_region *r;
> > > +
> > > +	if (memory_limit == (phys_addr_t)ULLONG_MAX)
> > > +		return;
> > > +
> > > +	/*
> > > +	 * The kernel may be high up in physical memory, so try to apply the
> > > +	 * limit below the kernel first, and only let the generic handling
> > > +	 * take over if it turns out we haven't clipped enough memory yet.
> > > +	 */
> > > +	for_each_memblock(memory, r) {
> > > +		if (r->base + r->size > kbase) {
> > > +			u64 rem = min(to_remove, kbase - r->base);
> > > +
> > > +			max_addr = r->base + rem;
> > > +			to_remove -= rem;
> > > +			break;
> > > +		}
> > > +		if (to_remove <= r->size) {
> > > +			max_addr = r->base + to_remove;
> > > +			to_remove = 0;
> > > +			break;
> > > +		}
> > > +		to_remove -= r->size;
> > > +	}
> > > +
> > > +	memblock_remove(0, max_addr);
> > > +
> > > +	if (to_remove)
> > > +		memblock_enforce_memory_limit(memory_limit);
> > > +}
> > 
> > IIUC, this is changing the user expectations a bit. There are people
> > using the mem= limit to hijack some top of the RAM for other needs
> > (though they could do it in a saner way like changing the DT memory
> > nodes).
> 
> Which will be hopelessly broken in the presence of KASLR, the kernel
> being loaded at a different address, pages betting reserved differently
> due to page size, etc.

With KASLR disabled, I think we should aim for the existing behaviour as
much as possible. The original aim of these patches was to relax the
kernel image placement rules, to make it easier for boot loaders rather
than completely randomising it.

With KASLR enabled, I agree it's hard to make any assumptions about what
memory is available. But removing memory only from the top would also
help with the point you already raised - keeping lower memory for
devices with narrower DMA mask.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ