Received: by 10.213.65.68 with SMTP id h4csp1032405imn; Wed, 28 Mar 2018 18:48:24 -0700 (PDT) X-Google-Smtp-Source: AIpwx48DTADbP01joai19fRt5MlJ+KuoiSYN7h/9WnP6gt0vwwVTb2iZSdB/RcuFuVFsMIOLIgNH X-Received: by 2002:a17:902:7045:: with SMTP id h5-v6mr679550plt.1.1522288104801; Wed, 28 Mar 2018 18:48:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522288104; cv=none; d=google.com; s=arc-20160816; b=pZAReaib00OEdOs0B7JrKOj6ZpoSEZiMTofWfM6pgclbu5+tbrzz8K/kXzm+E/Z6hA G3JA5CEZHBsA3MmQvBD+7BR1tNOXdVEqDxX138gTAoW1wuO82uyA6jn35J4cZlhyLWDJ ANN5DdTR9YCPA7slnLlqGmllapt6Bh5aguH+eYftF5C2x4gQOGz7yvaatUBv52Ttqu8U HmutX690YGvFrru7x9wMeQAt4MYnEom6ZgMGlodm8krhKfaNGt6KizclEooeqKbtoUwh n7Hx9mbnrJu04X1bRQkhilJDmz26mB8aoFa1BHCdk1dtcyYttQfaSQ0qMbCpO9kkarqg jCtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=o/mwL56pIZpXjxuHRPGy60Q4v6uTiMR+e/dtC/5dmWw=; b=SqhpMj2q6eMTQPqnasAO2Vhv9sP6vdmqSGi7SysATvGuNWnt8Cyo38aXf6BuBhXUBo JuVsdCdgRzUqTMuA/O3jK46IobE3gFKSs7bHMR2ThlaUmALWlR5kT8z3H7te96LHYL0f M9Jne+MFBNfpU0ze3V8AX5o3hf/WMHzja95fC6Pt6lTyzpy2o0CHOkQHtYhVKIjq++p2 HkfV0NnlotRj4QCW11GUaJy6Bua5f+bPPrXppyjRu1qVMeYI/OqtESXSs4magrODsLRS snMFBlHs6sA9bhlqWptPb7iEx2rQspOSxzboyz0AAKWI2n9y23U7a0th0jKDkPEZq8QO IiDg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 85si3724853pfh.176.2018.03.28.18.48.10; Wed, 28 Mar 2018 18:48:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752082AbeC2BrM (ORCPT + 99 others); Wed, 28 Mar 2018 21:47:12 -0400 Received: from mail.cn.fujitsu.com ([183.91.158.132]:6904 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751207AbeC2BrL (ORCPT ); Wed, 28 Mar 2018 21:47:11 -0400 X-IronPort-AV: E=Sophos;i="5.43,368,1503331200"; d="scan'208";a="38303357" Received: from bogon (HELO cn.fujitsu.com) ([10.167.33.5]) by heian.cn.fujitsu.com with ESMTP; 29 Mar 2018 09:47:09 +0800 Received: from G08CNEXCHPEKD02.g08.fujitsu.local (unknown [10.167.33.83]) by cn.fujitsu.com (Postfix) with ESMTP id D73A648AE76C; Thu, 29 Mar 2018 09:47:07 +0800 (CST) Received: from localhost.localdomain (10.167.226.106) by G08CNEXCHPEKD02.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 29 Mar 2018 09:47:05 +0800 Subject: Re: [PATCH v9 0/5] x86/KASLR: Add parameter kaslr_boot_mem=nn[KMG]@ss[KMG] To: Ingo Molnar , Baoquan He , Chao Fan , CC: Andrew Morton , , , , , , , , References: <20180228105105.11487-1-fanc.fnst@cn.fujitsu.com> <20180312093557.gxypr66vrbftz3v3@gmail.com> <20180312101031.GH18656@localhost.localdomain> <20180312105727.mzrtjvnyxgyz7jn7@gmail.com> From: Dou Liyang Message-ID: Date: Thu, 29 Mar 2018 09:47:04 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180312105727.mzrtjvnyxgyz7jn7@gmail.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [10.167.226.106] X-yoursite-MailScanner-ID: D73A648AE76C.ADD2A X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: douly.fnst@cn.fujitsu.com X-Spam-Status: No Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Ingo, Kees, Baoquan and Chao At 03/12/2018 06:57 PM, Ingo Molnar wrote: [...] > So there's apparently a mis-design here: > > - KASLR needs to be done very early on during bootup: - it's not realistic to > expect KASLR to be done with a booted up kernel, because pointers to various > KASLR-ed objects are already widely spread out in memory. > > - But for some unfathomable reason the memory hotplug attribute of memory > regions is not part of the regular memory map but part of late-init ACPI data > structures. > > The right solution would be _not_ to fudge the KASLR location, but to provide the > memory hotplug information to early code, preferably via the primary memory map. > KASLR can then make use of it and avoid those regions, just like it avoids other > memory regions already. > > In addition to that hardware makers (including virtualized hardware) should also > fix their systems to provide memory hotplug information to early code. > Yes, but before this, can we fix this problem by the following patch which has been sent and reviewed by Kees before[1]. its solution is:   Extend movable_node option to restrict kernel to be randomized in   immovable nodes by adding a parameter. this parameter sets up   the boundaries between the home nodes and other nodes. My reason is here:   - What we really want to solve is the KASLR breaks *physical Node     hotplug*, Keep the decompressed kernel in an immovable node is     enough.   - AFAICS, there are not too many systems where physical Node hotplug actually works in practice, and there mush be one node called *home     node* which is immovable for storing basic information.   - the node in modern systems could have double-digit gigabytes memory,     It can completely satisfy the operation of KASLR. So, Just restrict kernel to be randomized in the home node, and ignore other nodes when kernel has the *movable_node* option in the command line. Thoughts? may I rebase and resend the patch? [1] https://lkml.org/lkml/2017/8/3/401 Thanks, dou