[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160108154814.GI16432@e104818-lin.cambridge.arm.com>
Date: Fri, 8 Jan 2016 15:48:15 +0000
From: Catalin Marinas <catalin.marinas@....com>
To: Mark Rutland <mark.rutland@....com>
Cc: keescook@...omium.org, arnd@...db.de,
kernel-hardening@...ts.openwall.com, bhupesh.sharma@...escale.com,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
will.deacon@....com, linux-kernel@...r.kernel.org,
leif.lindholm@...aro.org, stuart.yoder@...escale.com,
marc.zyngier@....com, christoffer.dall@...aro.org,
linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v2 11/13] arm64: allow kernel Image to be loaded anywhere
in physical memory
On Fri, Jan 08, 2016 at 03:36:54PM +0000, Mark Rutland wrote:
> On Fri, Jan 08, 2016 at 03:27:38PM +0000, Catalin Marinas wrote:
> > On Wed, Dec 30, 2015 at 04:26:10PM +0100, Ard Biesheuvel wrote:
> > > +static void __init enforce_memory_limit(void)
> > > +{
> > > + const phys_addr_t kbase = round_down(__pa(_text), MIN_KIMG_ALIGN);
> > > + u64 to_remove = memblock_phys_mem_size() - memory_limit;
> > > + phys_addr_t max_addr = 0;
> > > + struct memblock_region *r;
> > > +
> > > + if (memory_limit == (phys_addr_t)ULLONG_MAX)
> > > + return;
> > > +
> > > + /*
> > > + * The kernel may be high up in physical memory, so try to apply the
> > > + * limit below the kernel first, and only let the generic handling
> > > + * take over if it turns out we haven't clipped enough memory yet.
> > > + */
> > > + for_each_memblock(memory, r) {
> > > + if (r->base + r->size > kbase) {
> > > + u64 rem = min(to_remove, kbase - r->base);
> > > +
> > > + max_addr = r->base + rem;
> > > + to_remove -= rem;
> > > + break;
> > > + }
> > > + if (to_remove <= r->size) {
> > > + max_addr = r->base + to_remove;
> > > + to_remove = 0;
> > > + break;
> > > + }
> > > + to_remove -= r->size;
> > > + }
> > > +
> > > + memblock_remove(0, max_addr);
> > > +
> > > + if (to_remove)
> > > + memblock_enforce_memory_limit(memory_limit);
> > > +}
> >
> > IIUC, this is changing the user expectations a bit. There are people
> > using the mem= limit to hijack some top of the RAM for other needs
> > (though they could do it in a saner way like changing the DT memory
> > nodes).
>
> Which will be hopelessly broken in the presence of KASLR, the kernel
> being loaded at a different address, pages betting reserved differently
> due to page size, etc.
With KASLR disabled, I think we should aim for the existing behaviour as
much as possible. The original aim of these patches was to relax the
kernel image placement rules, to make it easier for boot loaders rather
than completely randomising it.
With KASLR enabled, I agree it's hard to make any assumptions about what
memory is available. But removing memory only from the top would also
help with the point you already raised - keeping lower memory for
devices with narrower DMA mask.
--
Catalin
Powered by blists - more mailing lists