Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932806AbeALCBe (ORCPT + 1 other); Thu, 11 Jan 2018 21:01:34 -0500 Received: from mail.cn.fujitsu.com ([183.91.158.132]:38558 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932283AbeALCBc (ORCPT ); Thu, 11 Jan 2018 21:01:32 -0500 X-IronPort-AV: E=Sophos;i="5.43,368,1503331200"; d="scan'208";a="35223029" Date: Fri, 12 Jan 2018 10:00:23 +0800 From: Chao Fan To: Kees Cook CC: Baoquan He , Luiz Capitulino , LKML , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , , , , Dou Liyang Subject: Re: KASLR may break some kernel features (was Re: [PATCH v5 1/4] kaslr: add immovable_mem=nn[KMG]@ss[KMG] to specify extracting memory) Message-ID: <20180112020022.GB13719@localhost.localdomain> References: <20180104080219.23893-1-fanc.fnst@cn.fujitsu.com> <20180104080219.23893-2-fanc.fnst@cn.fujitsu.com> <20180104103057.GC7235@x1> <20180104112104.67b88e2d@redhat.com> <20180111090006.GA9648@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) X-Originating-IP: [10.167.225.56] X-yoursite-MailScanner-ID: 2C06849F0DE1.ABA3C X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: fanc.fnst@cn.fujitsu.com Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Thu, Jan 11, 2018 at 10:04:56AM -0800, Kees Cook wrote: >On Thu, Jan 11, 2018 at 1:00 AM, Baoquan He wrote: >> Hi Luiz, >> >> On 01/04/18 at 11:21am, Luiz Capitulino wrote: >>> Having a generic kaslr parameter to control where the kernel is extracted >>> is one solution for this problem. >>> >>> The general problem statement is that KASLR may break some kernel features >>> depending on where the kernel is extracted. Two examples are hot-plugged >>> memory (this series) and 1GB HugeTLB pages. >>> >>> The 1GB HugeTLB page issue is not specific to KVM guests. It just happens >>> that there's a bunch of people running guests with up to 5GB of memory and >>> with that amount of memory you have one or two 1GB pages and is easier for >>> KASLR to extract the kernel into a 1GB region and split a 1GB page. So, >>> you may not get any 1GB pages at all when this happens. However, I can also >>> reproduce this on bare-metal with lots of memory where I can loose a 1GB >>> page from time to time. >>> >>> Having a kaslr_range= parameter solves both issues, but two major drawbacks >>> is that it breaks existing setups and I guess users will have a very hard >>> time choosing good ranges. >>> >>> Another idea would be to have a CONFIG_KASLR_RANGES, where each arch >>> could have a list of ranges known to contain holes and/or immovable >>> memory and only extract the kernel into those ranges. >> >> If add CONFIG_KASLR_RANGES, then a distro like RHEL will have this range >> always, whether people need hugetlb or not. >> >> So in this case, what range do we need to avoid? Only [1G, 2G]? > >Any ranges like that that need to be avoided should be known at build >time, so they should simply be added to the mem_avoid list that is >already present in the KASLR code... > Hi Kees, So this issue can be figured out in a independent patch. And does this patch have any problems? If so, please tell me, I will try my best to improve it. Thanks, Chao Fan >-Kees > >-- >Kees Cook >Pixel Security > >