lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <08746633-d844-4dc1-90c7-7c3d63b5f4b2@nvidia.com>
Date: Fri, 7 Feb 2025 09:23:50 +1100
From: Balbir Singh <balbirs@...dia.com>
To: Kees Cook <kees@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>, x86@...nel.org,
 linux-kernel@...r.kernel.org, apopple@...dia.com, jgg@...dia.com,
 jhubbard@...dia.com, Dave Hansen <dave.hansen@...ux.intel.com>,
 Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>,
 Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
 "H. Peter Anvin" <hpa@...or.com>
Subject: Re: [PATCH] x86/kaslr: Revisit entropy when CONFIG_PCI_P2PDMA is
 enabled

On 2/7/25 08:46, Kees Cook wrote:
> On Fri, Feb 07, 2025 at 08:22:23AM +1100, Balbir Singh wrote:
>> On 2/7/25 06:59, Kees Cook wrote:
>>> On Thu, Feb 06, 2025 at 09:10:58AM +0100, Peter Zijlstra wrote:
>>>> On Thu, Feb 06, 2025 at 01:32:01PM +1100, Balbir Singh wrote:
>>>>> When CONFIG_PCI_P2PDMA is enabled, it maps the PFN's via a
>>>>> ZONE_DEVICE mapping using devm_memremap_pages(). The mapped
>>>>> virtual address range corresponds to the pci_resource_start()
>>>>> of the BAR address and size corresponding to the BAR length.
>>>>>
>>>>> When KASLR is enabled, the direct map range of the kernel is
>>>>> reduced to the size of physical memory plus additional padding.
>>>>> If the BAR address is beyond this limit, PCI peer to peer DMA
>>>>> mappings fail.
>>>>>
>>>>> Fix this by not shrinking the size of direct map when CONFIG_PCI_P2PDMA
>>>>> is enabled. This reduces the total available entropy, but it's
>>>>> better than the current work around of having to disable KASLR
>>>>> completely.
>>>
>>> So, just to restate my understanding: this is about only the direct map
>>> (i.e. kaslr_region[0]). The notes (which I think should be left in the
>>> commit log) say that the entropy dropped from 49 TiB (46 bits) to 20 TiB
>>> (45 bits). If I'm reading right, the offset granularity is in PUD_SIZE
>>> (30 bits) steps, so the entropy is going from 16 bits to 15 bits. I don't
>>> see any general problem with that. Especially if the alternative is 0
>>> bits of entropy. :)
>>>
>>
>> Yes, this is about the direct map (kaslr_region[0]) and the data is from my
>> system which has 46 bits of physical address. On larger systems with LA57
>> the drop might be higher. I am happy to repost the patch with my testing notes
>> in the commit log, if you think it's useful to have in the commit log.
> 
> Actually, it might be more useful to note it in the CONFIG help
> text? "This may reduce direct map ASLR entropy by 1 bit with 46 physical
> bits, X bits with YY physical bits, [etc...]"
> 

I worded it as follows in drivers/pci/Kconfig

	  Enabling this option will reduce the entropy of x86 KASLR memory
	  regions. For example - on a 46 bit system, the entropy goes down
	  from 16 bits to 15 bits. The actual reduction in entropy depends
	  on the physical address bits, on processor features, kernel config
	  (5 level page table) and physical memory present on the system.

Does that seem reasonable?

Balbir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ