Received: by 10.213.65.16 with SMTP id m16csp287545imf; Mon, 12 Mar 2018 03:58:56 -0700 (PDT) X-Google-Smtp-Source: AG47ELuzN7xkSGHGdwW2ObD+kE1JONT4GgSmap8mnivvG4GJGiMsFEfD584QI1jAfKL09bDpVJZj X-Received: by 2002:a17:902:7b85:: with SMTP id w5-v6mr7845538pll.131.1520852335997; Mon, 12 Mar 2018 03:58:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520852335; cv=none; d=google.com; s=arc-20160816; b=D+CqE28vroz4BR9s5AOq46kUS39Djn6bZGo/b0hLgp6PigMjAXKiqs9XtYrl4DF5RV EAC5mBy/70nijp2KWcjU3985wjta3xB9EcdZJBr18MQVcmKIDQO/GNw5cN/zQiTnitfx q7wzamSOkmcckzqjMDSXW/JRuUICPTpZR5ydUaJ+pwr97ghcaZTt68cbWo11o2LKKJWp Xuw3z/hZXMXRb8LFfwOL2JXKMAQBKD52LLLQPJGnwiGc7k9vdLh/ZuOvSXDXO2MV/2Ae PEycAfO4djyW5BEnB04f6uhE1KvSa2IbIXRsSpcZ7UHX8PdkFMhWFWPtImpiy/RaHfvY 14zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=C4f9nd6m0w7Pz/ThaNwsgyN2Zz0jmBYqsKqCfzSoWpM=; b=Dv0NhToUacPKMxjECiWpEispj3weQ22CqSLAvipXalDvj43I7b1rWE8t2C1PgZMEFA o12+33dKuTavDNyql7Fg8lJec5nMwfvP4SgabUYqJysqqd07UTSfAa6qQvRV078wCvev 5FGo5ukprKyk1vWs0S1W/9qZJEW59+K4UjvdtyH8YRsknihkYIjc6nvzSXac4bTqlyqa BtCdN3vkLGqS8dZfHJ/9G9IjNCt+ZtuJFNajK5lUc1oEF7+RrNDoFURouI9O0+xGMAo/ zvj8BBrKN9zicFKe04zYavYeY+AX7cr0n+lSEftSMH4Cr+tUAr6EbC2n+qP0uGm6iwaB Vlbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=PKZFvmCG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k1-v6si6023290pli.616.2018.03.12.03.58.42; Mon, 12 Mar 2018 03:58:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=PKZFvmCG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751280AbeCLK5d (ORCPT + 99 others); Mon, 12 Mar 2018 06:57:33 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:51427 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750988AbeCLK5c (ORCPT ); Mon, 12 Mar 2018 06:57:32 -0400 Received: by mail-wm0-f68.google.com with SMTP id h21so15530058wmd.1 for ; Mon, 12 Mar 2018 03:57:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=C4f9nd6m0w7Pz/ThaNwsgyN2Zz0jmBYqsKqCfzSoWpM=; b=PKZFvmCGyCFCXZPXK6BNiK8JTHoH4rCazyRc3h+O0ylZsQrY2DIrEXgb2MDJj03zJB iIWsi21YU0oDx6hX7oLMv7GoTuMA7qSVYfPz+RzVc35POfN99fw7w3AgHOt1uSyBOXdX n7wYphtUJ0T0xrvF5x6bBlQQM7UJ+WjXnH6TXyodvqtCeRP+VhaKy10f6qVE4ycwUOsh Fo5jG1rNYc5OZXZY8mnqzqIv0wYRIkDl6DG5gpfhOPY2WUfwwODtO4QHjFds7kH7FFkM HGvYG0FsGtQMJJo8E0SdsFlI1Al3wHGjRlN4JmqqTd6ScemW03hz4bxr0xOerjVu5gAf ZbVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=C4f9nd6m0w7Pz/ThaNwsgyN2Zz0jmBYqsKqCfzSoWpM=; b=kKcoO/E/HtZF8pZqCy9GWxVaWx3nh4WEPwJ3mtRDDIQOYX7LycWESm/8nX6+tN4a4W vUNx1fE60AMeqRj7KJeRHw1NGhaKC3Biy9IKe+hgbcUAfrCaKqTukUg+IOIdB/6dKTIk nYQbX4QE++yKqqIJzgAX9f62cyB1bKHi9qQPUQSFdwuyCZ3kIdJZExzwDQHAYNC4Fhxz 1hnMV3Fg32/zR8ZsPF+xkqibUcebCfwvAK+DVmUVXvFFcdjoQncTDp0V8voRuppdJt/d Oe6MATfpY8ZDpKMftGc9CgG7jcHzEnS5ZjHP6c+euw6UW4n0BGcoiWBtr+xLmA0qDwli 86Qg== X-Gm-Message-State: AElRT7H7D5ZreVdcsnPE0U/D/XBIq4Scbr45D9qU9USH954XVQ8Gc9+U 7coP2Tf3THIxYMe5Dy7dOOM= X-Received: by 10.28.6.83 with SMTP id 80mr5107451wmg.12.1520852251242; Mon, 12 Mar 2018 03:57:31 -0700 (PDT) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id 4sm6366139wra.4.2018.03.12.03.57.29 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 12 Mar 2018 03:57:30 -0700 (PDT) Date: Mon, 12 Mar 2018 11:57:27 +0100 From: Ingo Molnar To: Baoquan He , Andrew Morton Cc: Chao Fan , linux-kernel@vger.kernel.org, x86@kernel.org, hpa@zytor.com, tglx@linutronix.de, mingo@redhat.com, keescook@chromium.org, yasu.isimatu@gmail.com, indou.takao@jp.fujitsu.com, lcapitulino@redhat.com Subject: Re: [PATCH v9 0/5] x86/KASLR: Add parameter kaslr_boot_mem=nn[KMG]@ss[KMG] Message-ID: <20180312105727.mzrtjvnyxgyz7jn7@gmail.com> References: <20180228105105.11487-1-fanc.fnst@cn.fujitsu.com> <20180312093557.gxypr66vrbftz3v3@gmail.com> <20180312101031.GH18656@localhost.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180312101031.GH18656@localhost.localdomain> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Baoquan He wrote: > Hi Ingo, > > On 03/12/18 at 10:35am, Ingo Molnar wrote: > > > > * Chao Fan wrote: > > > > > Long time no reply, rebase the patchset, change the parameter name > > > from 'kaslr_mem' to 'kaslr_boot_mem'. There's no more code change. > > > > > > ***Background: > > > People reported that kaslr may randomly chooses some positions > > > which are located in movable memory regions. This will break memory > > > hotplug feature. > > > > [...] > > > > > ***Solutions: > > > Introduce a new kernel parameter 'kaslr_boot_mem=nn@ss' to let users to > > > specify the memory regions where kernel can be allowed to randomize > > > safely. > > > > Manual solutions like that are pretty suboptimal to users, aren't they? > > > > In what way does memory hotplug feature 'break'? Does it crash or misbehave? Or > > simply does it not allow the movement of the affected memory region, while still > > allowing the rest to be moved? > > AFAIT, if kernel is randomized into the movable memory region, the > affected memory region can not be hot added/removed since it has kernel > data. Surely, the system can still work, the unaffected part still can > be moved. Still it will cause regression on memory hotplug. > > Mainly we parse SRAT table to get the ranges of memory provided by > hot-added memory devices in initmem_init(), that's very late. During boot, > we don't know it. Chao ever posted patches to grab SRAT at decompressing > stage, the code is very complicated and not elegant, ACPI maintainer > NACKed that. So there's apparently a mis-design here: - KASLR needs to be done very early on during bootup: - it's not realistic to expect KASLR to be done with a booted up kernel, because pointers to various KASLR-ed objects are already widely spread out in memory. - But for some unfathomable reason the memory hotplug attribute of memory regions is not part of the regular memory map but part of late-init ACPI data structures. The right solution would be _not_ to fudge the KASLR location, but to provide the memory hotplug information to early code, preferably via the primary memory map. KASLR can then make use of it and avoid those regions, just like it avoids other memory regions already. In addition to that hardware makers (including virtualized hardware) should also fix their systems to provide memory hotplug information to early code. Thanks, Ingo