lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 May 2018 09:00:46 +0200
From:   Ingo Molnar <mingo@...nel.org>
To:     Baoquan He <bhe@...hat.com>
Cc:     linux-kernel@...r.kernel.org, lcapitulino@...hat.com,
        keescook@...omium.org, tglx@...utronix.de, x86@...nel.org,
        hpa@...or.com, fanc.fnst@...fujitsu.com, yasu.isimatu@...il.com,
        indou.takao@...fujitsu.com, douly.fnst@...fujitsu.com
Subject: Re: [PATCH 0/2] x86/boot/KASLR: Skip specified number of 1GB huge
 pages when do physical randomization


* Baoquan He <bhe@...hat.com> wrote:

> This is a regression bug fix. Luiz's team reported that 1GB huge page
> allocation will get one less 1GB page randomly when KASLR is enabled. On
> their KVM guest with 4GB RAM, which only has one good 1GB huge page,
> they found the 1GB huge page allocation sometime failed with below
> kernel option adding.
> 
>   default_hugepagesz=1G hugepagesz=1G hugepages=1
> 
> This is because kernel may be randomized into those good 1GB huge pages.
> 
> I ever thought to solve this by specifying available memory regions
> which kernel KASLR can be randomized into to avoid those good 1GB huge
> pages. Chao's patches can be used to fix it:
> https://lkml.org/lkml/2018/2/28/217
> 
> Later, Ingo suggested avoiding them in boot KASLR code.
> https://lkml.org/lkml/2018/3/12/312

Yes, but these patches don't appear to implement what I suggested:

> So there's apparently a mis-design here:
>
> - KASLR needs to be done very early on during bootup: - it's not realistic to 
>   expect KASLR to be done with a booted up kernel, because pointers to various 
>   KASLR-ed objects are already widely spread out in memory.
>
> - But for some unfathomable reason the memory hotplug attribute of memory
>   regions is not part of the regular memory map but part of late-init ACPI data
>   structures.
>
> The right solution would be _not_ to fudge the KASLR location, but to provide 
> the memory hotplug information to early code, preferably via the primary memory 
> map. KASLR can then make use of it and avoid those regions, just like it avoids 
> other memory regions already.
>
> In addition to that hardware makers (including virtualized hardware) should also 
> fix their systems to provide memory hotplug information to early code.

So my question: why don't we pass in the information that these are hotplug pages 
that should not be KASLR randomized into?

If that attribute of memory regions was present then KASLR could simply skip the 
hotplug regions!

Thanks,

	Ingo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ