| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Apr 2019 09:55:47 +0800
From: Baoquan He <bhe@...hat.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
x86@...nel.org, mingo@...nel.org, hpa@...or.com,
kirill@...temov.name, keescook@...omium.org,
yamada.masahiro@...ionext.com, dave.hansen@...ux.intel.com,
luto@...nel.org, peterz@...radead.org, thgarnie@...gle.com,
mike.travis@....com, frank.ramsay@....com
Subject: Re: [PATCH 1/2] x86/mm/KASLR: Fix the wrong calculation of memory
region initial size
On 04/05/19 at 07:22pm, Thomas Gleixner wrote:
> On Fri, 5 Apr 2019, Borislav Petkov wrote:
> > On Thu, Apr 04, 2019 at 10:03:13AM +0800, Baoquan He wrote:
> > > In memory region KASLR, __PHYSICAL_MASK_SHIFT is taken to calculate
> >
> > What is "memory region KASLR"?
> >
> > > the initial size of the direct mapping region. This is correct in
> > > the old code where __PHYSICAL_MASK_SHIFT was equal to MAX_PHYSMEM_BITS,
> > > 46 bits, and only 4-level mode was supported.
> > >
> > > Later, in commit:
> > > b83ce5ee91471d ("x86/mm/64: Make __PHYSICAL_MASK_SHIFT always 52"),
> > > __PHYSICAL_MASK_SHIFT was changed to be always 52 bits, no matter it's
> > > 5-level or 4-level.
> > >
> > > This is wrong for 4-level paging since it may cause randomness of KASLR
> > > being greatly weakened in 4-level. For KASLR, we compare the sum of RAM
> > > size and CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING with the size of the
> > > max RAM which can be supported by system, then choose the bigger one as
> > > the value to reserve space for the direct mapping region. The max RAM
> > > supported in 4-level is 64 TB according to MAX_PHYSMEM_BITS. However,
> > > here it's 4 PB in code to be compared with when __PHYSICAL_MASK_SHIFT is
> > > mistakenly used. E.g in a system owning 64 TB RAM, it will reserve 74 TB
> > > (which is 64 TB plus CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING). In fact
> > > it should reserve 64 TB according to the algorithm which is supposed to
> > > do. Obviously the extra 10 TB space should be saved to join randomization.
> >
> > It is not a trivial situation you're trying to explain and that
> > paragraph is very very hard to understand. I can only rhyme up what
> > you're trying to say.
> >
> > So please rewrite it using simple declarative sentences. Don't try to
> > say three things in one sentence but say one thing in three sentences.
> > Keep it simple.
>
> For complex scenarios a simple ascii scheme is often helpful
>
> Situation A
>
> ------- LIMIT1
>
> ------- LIMIT2
> <- unused area
> -------
>
> ------- 0
>
> Situation B
>
> ------- LIMIT1
>
>
>
> ------- LIMIT2
>
> ------- 0
>
>
> I was not trying to depict your problem, it's just a random thing, but you get
> the idea.
OK, got it. Will rewrite with simpler sentences, and some more
understandable ways to depict. Thanks a lot.
Thanks
Baoquan
Powered by blists - more mailing lists