Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp4270592imm; Fri, 18 May 2018 02:11:41 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqy4g25jiDcylu9UemPKUCW4AZ+HudGKTNnSTKMmWOuA+rHAMRZVie6Vzk4fhuoibleNxGT X-Received: by 2002:a62:cd45:: with SMTP id o66-v6mr8643937pfg.250.1526634701243; Fri, 18 May 2018 02:11:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526634701; cv=none; d=google.com; s=arc-20160816; b=EirnMo3WhlZM2CdknCOkLiiyxOsOpg3Xyay8ANtBkQlMFJpvv8T/tLLFF7q2zB9HI2 y1O7H/7ZiRY2NanNXyO3V0EuqjjD1oSM0imfWBr3ctdcKD+GkG7ktboI6e++C1AznhYf wJN4+iPZEjuZQiVjdpoHJc2mNllwDoMl95feoAywChWXz08/QtoDmjhEcVaTjhz6vVVH j7jib8wydDKX17Xa3QtcVu8SlsMnXOWo7f1rUcemoBk0PRI5Kk5YU+hbGe51vv/TCkT+ XlEah2j4gcxpj/Oh4lrmXbt3bCjfkQgr81bCEM03iKPwofOUIwsbrcwUQrHDhu6oHrWd Ma/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=3rVzy4VXgMT0pEZjwDp0IAYu1jH21nvTTzU+9PjaIiY=; b=DJs2OFDd9MTWLkktG3c6HEO9TXwMb2rNqadORsYGHc/KYTLm4fR2VbfJOeFWwhj5Nt 8NZ3+HHknXmxwdFFufxVBqnEWHfz0satHd3aXTaFrSPBDOi+fDbxTAgs9l1yqB5ZEoZV xTbI0ACkCVfZr9qbGw+3AZ3UpL3gsddmhSz3Uz+IFWarkAu/WdiiDQZ49pxQViZ7w7G4 GPmUrxLAXRPJfBNbV6UhiGHpLkidqqzyLxcIPBVOGSMj3qKZkaa8jTh+W73GxfGcox8l lUza345zk0LELsffdCh1PByrrt4trtg+t28vffFB5C7isopAdlTvA+W46UBwK2KifuUH 2X4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=WtT33z0F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e129-v6si7384568pfa.217.2018.05.18.02.11.26; Fri, 18 May 2018 02:11:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=WtT33z0F; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753082AbeERITb (ORCPT + 99 others); Fri, 18 May 2018 04:19:31 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:36000 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753046AbeERITY (ORCPT ); Fri, 18 May 2018 04:19:24 -0400 Received: by mail-wr0-f196.google.com with SMTP id p4-v6so8254371wrh.3 for ; Fri, 18 May 2018 01:19:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=3rVzy4VXgMT0pEZjwDp0IAYu1jH21nvTTzU+9PjaIiY=; b=WtT33z0FYaZRjY8mHfxIZUr6cELk2O6aYoVUQu4cZ1i2EjW3J7c7wbrQJv6dzha8fF FTYsQ340anOj24+eI7YPTYhP1W1Vzzj+eQrDW3TnTl1nQVSTRVIEdQr88YC+/wQ8KF7h a/F2gtQBGzsdTnYspf7sbEYp/k8bFAG/NNmUpZ/nKHFjJ9Q5zbuaQAxj5l1cKxL/ybFM 1PXagstpC1ToaAg0InxEeo6GMwdC7l0y49ip+l6uAT7CsvXpGA/SLayMJAcmxSghyPZo m5iZ/rN2L74+isonNPAAVG3LRSy1qaVgXer8Q9hDj43nNGYmAd5W85WqwriBrjmaPinz cKRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=3rVzy4VXgMT0pEZjwDp0IAYu1jH21nvTTzU+9PjaIiY=; b=U2WDGwkUsSuSpgJ6wwlscyyeiiCJA+mm7eABHhMRTTNZZ7cjJS/3HTCeWr7pmmmOHU 6QvSSSmiQ2PLTiRHsxmD1EGnnu950BHLq4RCziqcbvfPBo9ZjDGGPLOsMPRjZ4EYq7dB OvWEAEoHjd66bKcQ8JG6OA3MvuhfKJMjmvns6hDp65ruI4oaLJ10tfj9r2iKb1cDTfxl BkAaDCRslsJwmSxK6eN6sGz5xV8Irpvgq+1z1zH+FCRVPkKd/auPYFbseRYr6RCVmSBy eP0wqX4Z7+ldr383M1n08QxI9B/m7AjKuT7QJe9pXLnoJQtzgbaaBpV4JDthOAXBrc5y 9ZpA== X-Gm-Message-State: ALKqPwcHl+3RqKNyczUrM0iCivscXk8wUCkWZcKdKqdp5q7i4HRAjCI4 HqScziS9tCrOLMS7ZVQYkVM= X-Received: by 2002:adf:d4c8:: with SMTP id w8-v6mr7636378wrk.8.1526631562978; Fri, 18 May 2018 01:19:22 -0700 (PDT) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id w11-v6sm7832869wrn.86.2018.05.18.01.19.21 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 18 May 2018 01:19:22 -0700 (PDT) Date: Fri, 18 May 2018 10:19:19 +0200 From: Ingo Molnar To: Baoquan He Cc: linux-kernel@vger.kernel.org, lcapitulino@redhat.com, keescook@chromium.org, tglx@linutronix.de, x86@kernel.org, hpa@zytor.com, fanc.fnst@cn.fujitsu.com, yasu.isimatu@gmail.com, indou.takao@jp.fujitsu.com, douly.fnst@cn.fujitsu.com Subject: Re: [PATCH 0/2] x86/boot/KASLR: Skip specified number of 1GB huge pages when do physical randomization Message-ID: <20180518081919.GB11379@gmail.com> References: <20180516100532.14083-1-bhe@redhat.com> <20180518070046.GA18660@gmail.com> <20180518074359.GR24627@MiWiFi-R3L-srv> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180518074359.GR24627@MiWiFi-R3L-srv> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Baoquan He wrote: > OK, I realized my saying above is misled because I didn't explain the > background clearly. Let me add it: > > Previously, FJ reported the movable_node issue that KASLR will put > kernel into movable_node. That cause those movable_nodes can't be hot > plugged any more. So finally we plannned to solve it by adding a new > kernel parameter : > > kaslr_boot_mem=nn[KMG]@ss[KMG] > > We want customer to specify memory regions which KASLR can make use to > randomize kernel into. *WHY* should the "customer" care? This is a _bug_: movable, hotpluggable zones of physical memory should not be randomized into. > [...] Outside of the specified regions, we need avoid to put kernel into those > regions even though they are also available RAM. As for movable_node issue, we > can add immovable regions into kaslr_boot_mem=nn[KMG]@ss[KMG]. > > During this hotplug issue reviewing, Luiz's team reported this 1GB hugepages > regression bug, I reproduced the bug and found out the root cause, then > realized that I can utilize kaslr_boot_mem=nn[KMG]@ss[KMG] parameter to > fix it too. E.g the KVM guest with 4GB RAM, we have a good 1GB huge > page, then we can add "kaslr_boot_mem=1G@0, kaslr_boot_mem=3G@2G" to > kernel command-line, then the good 1GB region [1G, 2G) won't be taken > into account for kernel physical randomization. > > Later, you pointed out that 'kaslr_boot_mem=' way need user to specify > memory region manually, it's not good, suggested to solve them by > getting information and solving them in KASLR boot code. So they are two > issues now, for the movable_node issue, we need get hotplug information > from SRAT table and then avoid them; for this 1GB hugepage issue, we > need get information from kernel command-line, then avoid them. > > This patch is for the hugepage issue only. Since FJ reported the hotplug > issue and they assigned engineers to work on it, I would like to wait > for them to post according to your suggestion. All of this is handling it the wrong way about. This is *not* primarily about KASLR at all, and the user should not be required to specify some weird KASLR parameters. This is a basic _memory map enumeration_ problem in both cases: - in the hotplug case KASLR doesn't know that it's a movable zone and relocates into it, - and in the KVM case KASLR doesn't know that it's a valuable 1GB page that shouldn't be broken up. Note that it's not KASLR specific: if we had some other kernel feature that tried to allocate a piece of memory from what appears to be perfectly usable generic RAM we'd have the same problems! We need to fix the real root problem, which is lack of knowledge about crutial attributes of physical memory. Once that knowledge is properly represented at this early boot stage both KASLR and other memory allocators can make use of it to avoid those regions. Thanks, Ingo