Received: by 10.213.65.68 with SMTP id h4csp3059015imn; Mon, 2 Apr 2018 20:37:49 -0700 (PDT) X-Google-Smtp-Source: AIpwx49xdwbCdGucW5NIf5VEF1uWnrkclW4snjvA0rce2Y69P8pHf+MFal8dilWdmlucU1wEeMfW X-Received: by 2002:a17:902:968f:: with SMTP id n15-v6mr7058620plp.332.1522726669169; Mon, 02 Apr 2018 20:37:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522726669; cv=none; d=google.com; s=arc-20160816; b=tiVqihC5Wmcg06aLbVB5yk6PQFBmtLLTNWI0EMl+p6Yj8DdMcWj9FL0Jr0U9P0p4Ma QUHVzEmJw4ofLR+hrlF0raf49/xQjn3Eo8HL9SorQjmojMeBnsSZi++KxNW91p/dux2W +a5oV7sHLz4wpycFTQmKAK755ZnSmKTxZFBOJxMQerGnIRNJgnnMlzzYh8/Y74g+0TXX +6gNsbsXCAzMco+rqQNy/UgFNLYSFoyGK3oK0RuROvh6zI0dhbg+TxL8cghPbt8Dsyhx BFcwwJtISckJpaMz9quuLlG+srRegcOoUNp89DxtL1FepmvcdJs7YzJ+vBXoPctjz8Br rqNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=is2D6a187/DKIeVOT038jXyWPftLkcfbkI+TdtnfMOc=; b=yiXbEtbk23cWkVTGWk0H/71Ql336NvQnU5MXKr4yris+j8xogy3bHdN/gPxz7vxDBo M5fn4yvQ0xeZ8nFpBDepyevcEC+Q9PyKV9K7yRXYADhyUnBNjg/Zikum8Ztasb+u+67h kyN39Upe14yIbF3ParbCvYoUex9w2s0E2V1q17lADl8E8+s0ojgStWruF5z7T8STOirP FoU8o0UBC5QMVIE89324WtZ/oN/wtHIDOlXM2SF5XGv+kkHryyN6FY61DkiKqSlVaGSv p90dn/tVeBpp2oa02xb/V215PrwmpTp0lDbK/hBN+yZy3VYNo2Cppw91qpYrmc4jTG7U USEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b10-v6si1889481pls.542.2018.04.02.20.37.34; Mon, 02 Apr 2018 20:37:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752789AbeDCDg1 (ORCPT + 99 others); Mon, 2 Apr 2018 23:36:27 -0400 Received: from mail.cn.fujitsu.com ([183.91.158.132]:41936 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751368AbeDCDgZ (ORCPT ); Mon, 2 Apr 2018 23:36:25 -0400 X-IronPort-AV: E=Sophos;i="5.43,368,1503331200"; d="scan'208";a="38478272" Received: from bogon (HELO cn.fujitsu.com) ([10.167.33.5]) by heian.cn.fujitsu.com with ESMTP; 03 Apr 2018 11:36:21 +0800 Received: from G08CNEXCHPEKD02.g08.fujitsu.local (unknown [10.167.33.83]) by cn.fujitsu.com (Postfix) with ESMTP id BE64348AE922; Tue, 3 Apr 2018 11:36:20 +0800 (CST) Received: from localhost.localdomain (10.167.226.106) by G08CNEXCHPEKD02.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 3 Apr 2018 11:36:19 +0800 From: Dou Liyang To: , , CC: , , , , , , , Dou Liyang Subject: [RESEND PATCH] x86/boot/KASLR: Extend movable_node option for KASLR Date: Tue, 3 Apr 2018 11:36:12 +0800 Message-ID: <20180403033612.19925-1-douly.fnst@cn.fujitsu.com> X-Mailer: git-send-email 2.14.3 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.167.226.106] X-yoursite-MailScanner-ID: BE64348AE922.A277B X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: douly.fnst@cn.fujitsu.com X-Spam-Status: No Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The movable_node option is a boot-time switch to make sure the physical NUMA nodes can be hot-added/removed when ACPI table can't be parsed to provide the memory hotplug information. As we all know, there is always one node, called "home node", which can't be movabled and the kernel image resides in it. With movable_node option, Linux allocates new early memorys near the kernel image to avoid using the other movable node. But, due to KASLR also can't get the the memory hotplug information, it may randomize the kernel image into a movable node which breaks the rule of movable_node option and makes the physical hot-add/remove operation failed. The perfect solution is providing the memory hotplug information to KASLR. But, it needs the efforts from hardware engineers and software engineers. Here is an alternative method. Extend movable_node option to restrict kernel to be randomized in the home node by adding a parameter. this parameter sets up the boundaries between the home nodes and other nodes. Reported-by: Chao Fan Signed-off-by: Dou Liyang Reviewed-by: Kees Cook --- Changelog: -Rewrite the commit log and document. Documentation/admin-guide/kernel-parameters.txt | 12 ++++++++++-- arch/x86/boot/compressed/kaslr.c | 19 ++++++++++++++++--- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 1d1d53f85ddd..0cfc0b10a117 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2353,7 +2353,8 @@ mousedev.yres= [MOUSE] Vertical screen resolution, used for devices reporting absolute coordinates, such as tablets - movablecore=nn[KMG] [KNL,X86,IA-64,PPC] This parameter + movablecore=nn[KMG] + [KNL,X86,IA-64,PPC] This parameter is similar to kernelcore except it specifies the amount of memory used for migratable allocations. If both kernelcore and movablecore is specified, @@ -2363,12 +2364,19 @@ that the amount of memory usable for all allocations is not too small. - movable_node [KNL] Boot-time switch to make hotplugable memory + movable_node [KNL] Boot-time switch to make hot-pluggable memory NUMA nodes to be movable. This means that the memory of such nodes will be usable only for movable allocations which rules out almost all kernel allocations. Use with caution! + movable_node=nn[KMG] + [KNL] Extend movable_node to make it work well with KASLR. + This parameter is the boundaries between the "home node" and + the other nodes. The "home node" is an immovable node and is + defined by BIOS. Set the 'nn' to the memory size of "home + node", the kernel image will be extracted in immovable nodes. + MTD_Partition= [MTD] Format: ,,, diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c index 8199a6187251..f906d7890e69 100644 --- a/arch/x86/boot/compressed/kaslr.c +++ b/arch/x86/boot/compressed/kaslr.c @@ -92,7 +92,10 @@ struct mem_vector { static bool memmap_too_large; -/* Store memory limit specified by "mem=nn[KMG]" or "memmap=nn[KMG]" */ +/* + * Store memory limit specified by the following situations: + * "mem=nn[KMG]" or "memmap=nn[KMG]" or "movable_node=nn[KMG]" + */ unsigned long long mem_limit = ULLONG_MAX; @@ -214,7 +217,8 @@ static int handle_mem_memmap(void) char *param, *val; u64 mem_size; - if (!strstr(args, "memmap=") && !strstr(args, "mem=")) + if (!strstr(args, "memmap=") && !strstr(args, "mem=") && + !strstr(args, "movable_node=")) return 0; tmp_cmdline = malloc(len + 1); @@ -249,7 +253,16 @@ static int handle_mem_memmap(void) free(tmp_cmdline); return -EINVAL; } - mem_limit = mem_size; + mem_limit = mem_limit > mem_size ? mem_size : mem_limit; + } else if (!strcmp(param, "movable_node")) { + char *p = val; + + mem_size = memparse(p, &p); + if (mem_size == 0) { + free(tmp_cmdline); + return -EINVAL; + } + mem_limit = mem_limit > mem_size ? mem_size : mem_limit; } } -- 2.14.3