lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Mar 2018 16:17:39 +0800
From:   Chao Fan <fanc.fnst@...fujitsu.com>
To:     Baoquan He <bhe@...hat.com>
CC:     Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <hpa@...or.com>,
        <tglx@...utronix.de>, <mingo@...hat.com>, <keescook@...omium.org>,
        <yasu.isimatu@...il.com>, <indou.takao@...fujitsu.com>,
        <lcapitulino@...hat.com>, <fanc.fnst@...fujitsu.com>
Subject: Re: [PATCH v9 0/5] x86/KASLR: Add parameter
 kaslr_boot_mem=nn[KMG]@ss[KMG]

On Mon, Mar 19, 2018 at 03:24:46PM +0800, Baoquan He wrote:
>On 03/12/18 at 08:04pm, Chao Fan wrote:
>> On Mon, Mar 12, 2018 at 11:57:27AM +0100, Ingo Molnar wrote:
>> >
>> >* Baoquan He <bhe@...hat.com> wrote:
>> >
>> >> Hi Ingo,
>> >> 
>> >> On 03/12/18 at 10:35am, Ingo Molnar wrote:
>> >> > 
>> >> > * Chao Fan <fanc.fnst@...fujitsu.com> wrote:
>> >> > 
>> >> > > Long time no reply, rebase the patchset, change the parameter name
>> >> > > from 'kaslr_mem' to 'kaslr_boot_mem'. There's no more code change.
>> >> > > 
>> >> > > ***Background:
>> >> > > People reported that kaslr may randomly chooses some positions
>> >> > > which are located in movable memory regions. This will break memory
>> >> > > hotplug feature.
>> >> > 
>> >> > [...]
>> >> > 
>> >> > > ***Solutions:
>> >> > > Introduce a new kernel parameter 'kaslr_boot_mem=nn@ss' to let users to
>> >> > > specify the memory regions where kernel can be allowed to randomize
>> >> > > safely.
>> >> > 
>> >> > Manual solutions like that are pretty suboptimal to users, aren't they?
>> >> > 
>> >> > In what way does memory hotplug feature 'break'? Does it crash or misbehave? Or 
>> >> > simply does it not allow the movement of the affected memory region, while still 
>> >> > allowing the rest to be moved?
>> >> 
>> >> AFAIT, if kernel is randomized into the movable memory region, the
>> >> affected memory region can not be hot added/removed since it has kernel
>> >> data. Surely, the system can still work, the unaffected part still can
>> >> be moved. Still it will cause regression on memory hotplug.
>> >> 
>> >> Mainly we parse SRAT table to get the ranges of memory provided by
>> >> hot-added memory devices in initmem_init(), that's very late. During boot,
>> >> we don't know it. Chao ever posted patches to grab SRAT at decompressing
>> >> stage, the code is very complicated and not elegant, ACPI maintainer
>> >> NACKed that.
>
>Hi Chao,
>
>Seems Ingo prefers the handling in kaslr boot code. Maybe you can try
>to optimize and split your below patch and post anouther round?
>
>I will see how to sove the hugepage in boot/compressed/kaslr.c . 

Yes, seems that I need to pick up the old patch and try to optimize it.

Thanks,
Chao Fan

>
>Thanks
>Baoquan
>
>> 
>> Thanks for Ingo's suggestion and Baoquan's explaination.
>> 
>> Yes, I did ever try to dig SRAT table in boot period in early RFC PATCH:
>> https://lkml.org/lkml/2017/9/3/77
>> But the change is too huge so made this patchset to avoid this bug in a
>> small change, which will not make the code looks messy.
>> 
>> Thanks,
>> Chao Fan
>> 
>> >
>> >So there's apparently a mis-design here:
>> >
>> > - KASLR needs to be done very early on during bootup: - it's not realistic to 
>> >   expect KASLR to be done with a booted up kernel, because pointers to various 
>> >   KASLR-ed objects are already widely spread out in memory.
>> >
>> > - But for some unfathomable reason the memory hotplug attribute of memory
>> >   regions is not part of the regular memory map but part of late-init ACPI data
>> >   structures.
>> >
>> >The right solution would be _not_ to fudge the KASLR location, but to provide the 
>> >memory hotplug information to early code, preferably via the primary memory map. 
>> >KASLR can then make use of it and avoid those regions, just like it avoids other 
>> >memory regions already.
>> >
>> >In addition to that hardware makers (including virtualized hardware) should also 
>> >fix their systems to provide memory hotplug information to early code.
>> >
>> >Thanks,
>> >
>> >	Ingo
>> >
>> >
>> 
>> 
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ