lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <27bbea11-61fa-4f41-8b39-8508f2d2e385@broadcom.com>
Date: Mon, 13 Jan 2025 07:44:50 -0800
From: Florian Fainelli <florian.fainelli@...adcom.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: stable@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>,
 Anshuman Khandual <anshuman.khandual@....com>, Will Deacon
 <will@...nel.org>, Steven Price <steven.price@....com>,
 Robin Murphy <robin.murphy@....com>,
 Catalin Marinas <catalin.marinas@....com>, Baruch Siach <baruch@...s.co.il>,
 Petr Tesarik <ptesarik@...e.com>, Mark Rutland <mark.rutland@....com>,
 Joey Gouly <joey.gouly@....com>, "Mike Rapoport (IBM)" <rppt@...nel.org>,
 Yang Shi <yang@...amperecomputing.com>,
 "moderated list:ARM64 PORT (AARCH64 ARCHITECTURE)"
 <linux-arm-kernel@...ts.infradead.org>,
 open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] arm64: mm: account for hotplug memory when randomizing
 the linear region



On 1/12/2025 3:54 AM, Greg KH wrote:
> On Thu, Jan 09, 2025 at 09:01:13AM -0800, Florian Fainelli wrote:
>> On 1/9/25 08:54, Florian Fainelli wrote:
>>> From: Ard Biesheuvel <ardb@...nel.org>
>>>
>>> commit 97d6786e0669daa5c2f2d07a057f574e849dfd3e upstream
>>>
>>> As a hardening measure, we currently randomize the placement of
>>> physical memory inside the linear region when KASLR is in effect.
>>> Since the random offset at which to place the available physical
>>> memory inside the linear region is chosen early at boot, it is
>>> based on the memblock description of memory, which does not cover
>>> hotplug memory. The consequence of this is that the randomization
>>> offset may be chosen such that any hotplugged memory located above
>>> memblock_end_of_DRAM() that appears later is pushed off the end of
>>> the linear region, where it cannot be accessed.
>>>
>>> So let's limit this randomization of the linear region to ensure
>>> that this can no longer happen, by using the CPU's addressable PA
>>> range instead. As it is guaranteed that no hotpluggable memory will
>>> appear that falls outside of that range, we can safely put this PA
>>> range sized window anywhere in the linear region.
>>>
>>> Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
>>> Cc: Anshuman Khandual <anshuman.khandual@....com>
>>> Cc: Will Deacon <will@...nel.org>
>>> Cc: Steven Price <steven.price@....com>
>>> Cc: Robin Murphy <robin.murphy@....com>
>>> Link: https://lore.kernel.org/r/20201014081857.3288-1-ardb@kernel.org
>>> Signed-off-by: Catalin Marinas <catalin.marinas@....com>
>>> Signed-off-by: Florian Fainelli <florian.fainelli@...adcom.com>
>>
>> Forgot to update the patch subject, but this one is for 5.10.
> 
> You also forgot to tell us _why_ this is needed :(

This is explained in the second part of the first paragraph:

The consequence of this is that the randomization offset may be chosen 
such that any hotplugged memory located above memblock_end_of_DRAM() 
that appears later is pushed off the end of the linear region, where it 
cannot be accessed.

We use both memory hotplug and KASLR on our systems and that's how we 
eventually found out about the bug.
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ