[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180518070046.GA18660@gmail.com>
Date: Fri, 18 May 2018 09:00:46 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Baoquan He <bhe@...hat.com>
Cc: linux-kernel@...r.kernel.org, lcapitulino@...hat.com,
keescook@...omium.org, tglx@...utronix.de, x86@...nel.org,
hpa@...or.com, fanc.fnst@...fujitsu.com, yasu.isimatu@...il.com,
indou.takao@...fujitsu.com, douly.fnst@...fujitsu.com
Subject: Re: [PATCH 0/2] x86/boot/KASLR: Skip specified number of 1GB huge
pages when do physical randomization
* Baoquan He <bhe@...hat.com> wrote:
> This is a regression bug fix. Luiz's team reported that 1GB huge page
> allocation will get one less 1GB page randomly when KASLR is enabled. On
> their KVM guest with 4GB RAM, which only has one good 1GB huge page,
> they found the 1GB huge page allocation sometime failed with below
> kernel option adding.
>
> default_hugepagesz=1G hugepagesz=1G hugepages=1
>
> This is because kernel may be randomized into those good 1GB huge pages.
>
> I ever thought to solve this by specifying available memory regions
> which kernel KASLR can be randomized into to avoid those good 1GB huge
> pages. Chao's patches can be used to fix it:
> https://lkml.org/lkml/2018/2/28/217
>
> Later, Ingo suggested avoiding them in boot KASLR code.
> https://lkml.org/lkml/2018/3/12/312
Yes, but these patches don't appear to implement what I suggested:
> So there's apparently a mis-design here:
>
> - KASLR needs to be done very early on during bootup: - it's not realistic to
> expect KASLR to be done with a booted up kernel, because pointers to various
> KASLR-ed objects are already widely spread out in memory.
>
> - But for some unfathomable reason the memory hotplug attribute of memory
> regions is not part of the regular memory map but part of late-init ACPI data
> structures.
>
> The right solution would be _not_ to fudge the KASLR location, but to provide
> the memory hotplug information to early code, preferably via the primary memory
> map. KASLR can then make use of it and avoid those regions, just like it avoids
> other memory regions already.
>
> In addition to that hardware makers (including virtualized hardware) should also
> fix their systems to provide memory hotplug information to early code.
So my question: why don't we pass in the information that these are hotplug pages
that should not be KASLR randomized into?
If that attribute of memory regions was present then KASLR could simply skip the
hotplug regions!
Thanks,
Ingo
Powered by blists - more mailing lists