lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 Feb 2019 11:08:42 +0800
From:   Pingfan Liu <kernelfans@...il.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, Baoquan He <bhe@...hat.com>,
        Will Deacon <will.deacon@....com>,
        Nicolas Pitre <nico@...aro.org>,
        Chao Fan <fanc.fnst@...fujitsu.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] x86/boot/KASLR: skip the specified crashkernel reserved region

On Mon, Feb 25, 2019 at 5:45 PM Borislav Petkov <bp@...en8.de> wrote:
>
> On Mon, Feb 25, 2019 at 03:59:56PM +0800, Pingfan Liu wrote:
> > crashkernel=x@y option may fail to reserve the required memory region if
> > KASLR puts kernel into the region. To avoid this uncertainty, making KASLR
> > skip the required region.
>
> Lemme see if I understand this correctly: supplying crashkernel=X@Y
> influences where KASLR would put the randomized kernel. And it should be

Yes, you get it.
> the other way around, IMHO. crashkernel= will have to "work" with KASLR
> to find a suitable range and if the reservation at Y fails, then we tell
> the user to try the more relaxed variant crashkernel=M.
>
I follow Baoquan's opinion. Due to the randomness caused by KASLR, a
user may be surprised to find crashkernel=x@y not working sometime. If
kernel can help them out of this corner automatically, then no need to
bother them with the message to use alternative method crashkernel=M.
Anyway it is a cheap method already used by other options like
hugepages and memmap in handle_mem_options().
If commitment, then do it without failure. Or just removing
crashkernel=x@y option on x86.

Thanks and regards,
Pingfan

> --
> Regards/Gruss,
>     Boris.
>
> Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists