lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 18 Jan 2018 09:11:14 +0800
From:   Chao Fan <fanc.fnst@...fujitsu.com>
To:     Luiz Capitulino <lcapitulino@...hat.com>
CC:     <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <hpa@...or.com>,
        <tglx@...utronix.de>, <mingo@...hat.com>, <bhe@...hat.com>,
        <keescook@...omium.org>, <yasu.isimatu@...il.com>,
        <indou.takao@...fujitsu.com>
Subject: Re: [PATCH v7 0/5] x86/KASLR: Add parameter kaslr_mem=nn[KMG]@ss[KMG]

On Wed, Jan 17, 2018 at 12:32:35PM -0500, Luiz Capitulino wrote:
>On Wed, 17 Jan 2018 18:53:46 +0800
>Chao Fan <fanc.fnst@...fujitsu.com> wrote:
>
>> ***Background:
>> People reported that kaslr may randomly chooses some positions
>> which are located in movable memory regions. This will break memory
>> hotplug feature. 
>> 
>> And also on kvm guest with 4GB meory, the good unfragmented 1GB could
>> be occupied by randomized kernel. It will cause hugetlb failing to
>> allocate 1GB page. While kernel with 'nokaslr' has not such issue.
>> This causes regression. Please see the discussion mail:
>> 	https://lkml.org/lkml/2018/1/4/236
>> 
>> ***Solutions:
>> Introduce a new kernel parameter 'kaslr_mem=nn@ss' to let users to
>> specify the memory regions where kernel can be allowed to randomize
>> safely.
>
>I've tested this series with a 4GB KVM guest. With kaslr_mem=1G, I
>got one 1GB page allocated 100% of the time in 85 boots. Without
>kaslr_mem=, I got 3 failures in only 10 boots (that is, in 3 boots
>I had no 1GB page allocated).
>
>So, this series solves the 1GB page problem for me.
>


Thanks for Luiz's test.

Thanks,
Chao Fan

>> 
>> E.g if 'movable_node' is spedified, we can use 'kaslr_mem=nn@ss' to
>> tell KASLR where we can put kernel safely. Then KASLR code can avoid
>> those movable regions and only choose those immovable regions
>> specified.
>> 
>> For hugetlb case, users can always add 'kaslr_mem=1G' in kernel
>> cmdline since the 0~1G is always fragmented region because of BIOS
>> reserved area. Surely users can specify regions more precisely if
>> they know system memory very well.
>> 
>> *** Issues need be discussed
>> There are several issues I am not quite sure, please help review and
>> give suggestions:
>> 
>> 1) Since there's already mem_avoid[] which stores the memory regions
>> KASLR need avoid. For the regions KASLR can safely use, I name it as
>> mem_usable[], not sure if it's appropriate. Or kaslr_mem[] directly?
>> 
>> 2) In v6, I made 'kaslr_mem=' as a kernel parameter which users can use
>> to specify memory regions where kenrel can be extracted safely by
>> 'kaslr_mem=nn@ss', or regions where we need avoid to extract kernel by
>> 'kaslr_mem=nn!ss'. While later I rethink about it, seems
>> 'kaslr_mem=nn@ss' can satisfy the current requirement, there's no need
>> to introduce the 'kaslr_mem=nn!ss'. So I just take that
>> 'kaslr_mem=nn!ss' handling patch off, may add it later if anyone think
>> it's necessary. Any suggestions?
>> 	https://www.spinics.net/lists/kernel/msg2698457.html
>> 
>> ***Test results:
>>  - I did some tests for the memory hotplug issues. I specify the memory
>>    region in one node, then I found every time the kernel will be
>>    extracted to the memory of this node.
>>  - Luiz said he will do some tests for the 1G huge page issue.
>> 
>> ***History
>> v6->v7:
>>  - Drop the unnecessary avoid part for now.
>>  - Add document for the new parameter.
>> 
>> v5->v6:
>>  - Add the last patch to save the avoid memory regions.
>> 
>> v4->v5:
>>  - Change the problem reported by LKP
>> Follow Dou's suggestion:
>>  - Also return if match "movable_node" when parsing kernel commandline
>>    in handle_mem_filter without define CONFIG_MEMORY_HOTPLUG
>> 
>> v3->v4:
>> Follow Kees's suggestion:
>>  - Put the functions variables of immovable_mem to #ifdef
>>    CONFIG_MEMORY_HOTPLUG and change some code place
>>  - Change the name of "process_mem_region" to "slots_count"
>>  - Reanme the new function "process_immovable_mem" to "process_mem_region"
>> Follow Baoquan's suggestion:
>>  - Fail KASLR if "movable_node" specified without "immovable_mem"
>>  - Ajust the code place of handling mem_region directely if no
>>    immovable_mem specified
>> Follow Randy's suggestion:
>>  - Change the mistake and add detailed description for the document.
>> 
>> v2->v3:
>> Follow Baoquan He's suggestion:
>>  - Change names of several functions.
>>  - Add a new parameter "immovable_mem" instead of extending mvoable_node
>>  - Use the clamp to calculate the memory intersecting, which makes
>>    logical more clear.
>>  - Disable memory mirror if movable_node specified
>> 
>> v1->v2:
>> Follow Dou Liyang's suggestion:
>>  - Add the parse for movable_node=nn[KMG] without @ss[KMG]
>>  - Fix the bug for more than one "movable_node=" specified
>>  - Drop useless variables and use mem_vector region directely
>>  - Add more comments.
>> 
>> Chao Fan (5):
>>   x86/KASLR: Add kaslr_mem=nn[KMG]@ss[KMG]
>>   x86/KASLR: Handle the memory regions specified in kaslr_mem
>>   x86/KASLR: Give a warning if movable_node specified without kaslr_mem=
>>   x86/KASLR: Skip memory mirror handling if movable_node specified
>>   document: add document for kaslr_mem
>> 
>>  Documentation/admin-guide/kernel-parameters.txt |  10 ++
>>  arch/x86/boot/compressed/kaslr.c                | 154 +++++++++++++++++++++---
>>  2 files changed, 150 insertions(+), 14 deletions(-)
>> 
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ