lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20201222113124.35367-1-zhangpan26@huawei.com>
Date:   Tue, 22 Dec 2020 19:31:24 +0800
From:   Pan Zhang <zhangpan26@...wei.com>
To:     <tglx@...utronix.de>, <mingo@...hat.com>, <bp@...en8.de>,
        <x86@...nel.org>, <hpa@...or.com>, <nivedita@...m.mit.edu>,
        <keescook@...omium.org>, <jroedel@...e.de>
CC:     <zhangpan26@...wei.com>, <hushiyuan@...wei.com>,
        <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] x86/kaslr: support separate multiple memmaps parameter parsing

When the kernel is loading,
the load address of the kernel needs to be calculated firstly.

If the kernel address space layout randomization(`kaslr`) is enabled,
the memory range reserved by the memmap parameter will be excluded
to avoid loading the kernel address into the memmap reserved area.

Currently, this is what the manual says:
	`memmap = nn [KMG] @ss [KMG]
		[KNL] Force usage of a specific region of memory.
    	Region of memory to be used is from ss to ss + nn.
   		If @ss [KMG] is omitted, it is equivalent to mem = nn [KMG],
    	which limits max address to nn [KMG].
		Multiple different regions can be specified,
		comma delimited.
		Example:
		memmap=100M@2G, 100M#3G, 1G!1024G
	`

Can we relax the use of memmap?
In our production environment we see many people who use it like this:
Separate multiple memmaps parameters to reserve memory,
memmap=xx\$xxx memmap=xx\$xxx memmap=xx\$xxx memmap=xx\$xxx memmap=xx\$xxx

If this format is used, and the reserved memory segment is greater than 4,
there is no way to parse the 5th and subsequent memmaps and the kaslr cannot be disabled by `memmap_too_large`
so the kernel loading address may fall within the memmap range
(reserved memory area from memmap after fourth segment),
which will have bad consequences for use of reserved memory.

Signed-off-by: Pan Zhang <zhangpan26@...wei.com>
---
 arch/x86/boot/compressed/kaslr.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index d7408af..24a2778 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -203,9 +203,6 @@ static void mem_avoid_memmap(enum parse_mode mode, char *str)
 {
 	static int i;
 
-	if (i >= MAX_MEMMAP_REGIONS)
-		return;
-
 	while (str && (i < MAX_MEMMAP_REGIONS)) {
 		int rc;
 		unsigned long long start, size;
@@ -233,7 +230,7 @@ static void mem_avoid_memmap(enum parse_mode mode, char *str)
 	}
 
 	/* More than 4 memmaps, fail kaslr */
-	if ((i >= MAX_MEMMAP_REGIONS) && str)
+	if ((i >= MAX_MEMMAP_REGIONS) && !memmap_too_large)
 		memmap_too_large = true;
 }
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ