lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180117123235.2276f2e7@redhat.com>
Date:   Wed, 17 Jan 2018 12:32:35 -0500
From:   Luiz Capitulino <lcapitulino@...hat.com>
To:     Chao Fan <fanc.fnst@...fujitsu.com>
Cc:     <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <hpa@...or.com>,
        <tglx@...utronix.de>, <mingo@...hat.com>, <bhe@...hat.com>,
        <keescook@...omium.org>, <yasu.isimatu@...il.com>,
        <indou.takao@...fujitsu.com>
Subject: Re: [PATCH v7 0/5] x86/KASLR: Add parameter
 kaslr_mem=nn[KMG]@ss[KMG]

On Wed, 17 Jan 2018 18:53:46 +0800
Chao Fan <fanc.fnst@...fujitsu.com> wrote:

> ***Background:
> People reported that kaslr may randomly chooses some positions
> which are located in movable memory regions. This will break memory
> hotplug feature. 
> 
> And also on kvm guest with 4GB meory, the good unfragmented 1GB could
> be occupied by randomized kernel. It will cause hugetlb failing to
> allocate 1GB page. While kernel with 'nokaslr' has not such issue.
> This causes regression. Please see the discussion mail:
> 	https://lkml.org/lkml/2018/1/4/236
> 
> ***Solutions:
> Introduce a new kernel parameter 'kaslr_mem=nn@ss' to let users to
> specify the memory regions where kernel can be allowed to randomize
> safely.

I've tested this series with a 4GB KVM guest. With kaslr_mem=1G, I
got one 1GB page allocated 100% of the time in 85 boots. Without
kaslr_mem=, I got 3 failures in only 10 boots (that is, in 3 boots
I had no 1GB page allocated).

So, this series solves the 1GB page problem for me.

> 
> E.g if 'movable_node' is spedified, we can use 'kaslr_mem=nn@ss' to
> tell KASLR where we can put kernel safely. Then KASLR code can avoid
> those movable regions and only choose those immovable regions
> specified.
> 
> For hugetlb case, users can always add 'kaslr_mem=1G' in kernel
> cmdline since the 0~1G is always fragmented region because of BIOS
> reserved area. Surely users can specify regions more precisely if
> they know system memory very well.
> 
> *** Issues need be discussed
> There are several issues I am not quite sure, please help review and
> give suggestions:
> 
> 1) Since there's already mem_avoid[] which stores the memory regions
> KASLR need avoid. For the regions KASLR can safely use, I name it as
> mem_usable[], not sure if it's appropriate. Or kaslr_mem[] directly?
> 
> 2) In v6, I made 'kaslr_mem=' as a kernel parameter which users can use
> to specify memory regions where kenrel can be extracted safely by
> 'kaslr_mem=nn@ss', or regions where we need avoid to extract kernel by
> 'kaslr_mem=nn!ss'. While later I rethink about it, seems
> 'kaslr_mem=nn@ss' can satisfy the current requirement, there's no need
> to introduce the 'kaslr_mem=nn!ss'. So I just take that
> 'kaslr_mem=nn!ss' handling patch off, may add it later if anyone think
> it's necessary. Any suggestions?
> 	https://www.spinics.net/lists/kernel/msg2698457.html
> 
> ***Test results:
>  - I did some tests for the memory hotplug issues. I specify the memory
>    region in one node, then I found every time the kernel will be
>    extracted to the memory of this node.
>  - Luiz said he will do some tests for the 1G huge page issue.
> 
> ***History
> v6->v7:
>  - Drop the unnecessary avoid part for now.
>  - Add document for the new parameter.
> 
> v5->v6:
>  - Add the last patch to save the avoid memory regions.
> 
> v4->v5:
>  - Change the problem reported by LKP
> Follow Dou's suggestion:
>  - Also return if match "movable_node" when parsing kernel commandline
>    in handle_mem_filter without define CONFIG_MEMORY_HOTPLUG
> 
> v3->v4:
> Follow Kees's suggestion:
>  - Put the functions variables of immovable_mem to #ifdef
>    CONFIG_MEMORY_HOTPLUG and change some code place
>  - Change the name of "process_mem_region" to "slots_count"
>  - Reanme the new function "process_immovable_mem" to "process_mem_region"
> Follow Baoquan's suggestion:
>  - Fail KASLR if "movable_node" specified without "immovable_mem"
>  - Ajust the code place of handling mem_region directely if no
>    immovable_mem specified
> Follow Randy's suggestion:
>  - Change the mistake and add detailed description for the document.
> 
> v2->v3:
> Follow Baoquan He's suggestion:
>  - Change names of several functions.
>  - Add a new parameter "immovable_mem" instead of extending mvoable_node
>  - Use the clamp to calculate the memory intersecting, which makes
>    logical more clear.
>  - Disable memory mirror if movable_node specified
> 
> v1->v2:
> Follow Dou Liyang's suggestion:
>  - Add the parse for movable_node=nn[KMG] without @ss[KMG]
>  - Fix the bug for more than one "movable_node=" specified
>  - Drop useless variables and use mem_vector region directely
>  - Add more comments.
> 
> Chao Fan (5):
>   x86/KASLR: Add kaslr_mem=nn[KMG]@ss[KMG]
>   x86/KASLR: Handle the memory regions specified in kaslr_mem
>   x86/KASLR: Give a warning if movable_node specified without kaslr_mem=
>   x86/KASLR: Skip memory mirror handling if movable_node specified
>   document: add document for kaslr_mem
> 
>  Documentation/admin-guide/kernel-parameters.txt |  10 ++
>  arch/x86/boot/compressed/kaslr.c                | 154 +++++++++++++++++++++---
>  2 files changed, 150 insertions(+), 14 deletions(-)
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ