Received: by 2002:ac0:8c8e:0:0:0:0:0 with SMTP id r14csp568180ima; Wed, 6 Feb 2019 05:00:38 -0800 (PST) X-Google-Smtp-Source: AHgI3IaCW87tAncOtt5u1PSwdN/VQwh7/3Eb5yyhBIBeLY0CNl3fIaljypSh6OigxsP2tg+JRrim X-Received: by 2002:a65:6496:: with SMTP id e22mr9323941pgv.7.1549458037980; Wed, 06 Feb 2019 05:00:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1549458037; cv=none; d=google.com; s=arc-20160816; b=eEPi6Y4Yd3WqH2qzFtl2keuzCZAXDkaZIRlEbRj6UKYMV8gYzNNAQY3rDRg5jT5KR/ /dxfkfLIq5nWqMXKspizMesQftdQsyZihdUPFfZD3fkOqrpU2ECZYaDgC9r1LZ7An0dA sgDRfRZoTuBsGoXJ7L+uqtZ13a5WQK5owdfFc7L1pDmJgX/6xLDKKYc2r9niEBGxjuJx XKd9TgG2iSsJz+3nC0LyDSKaz3GS4Qqz62zGmDMIwmTpBN/eCyuTDPGQCAi5dWn+ArT5 vWxaaGKQA/CTWTlQC0g6+m0mWUlQ+kwYQZIjiTjLKVE4M0K2+xO60Atbec4UJvpYC8rG x8Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:dkim-signature; bh=c30j1jBoxCPs4EVxPhFuqO1NAS4gRcXcpTLiUyHbDBQ=; b=tFrb36fftitMvDHViwhkkRT7Eh4oDTuAa3IW7Osibd9jeeVHYbABQK05EFskDFbg5t NrPiqJj73qJ+3IsUwQPQTyohZR+uHJUE6uiCzxbuIE2LTBfoY0XMNs2OEopdgIVCHQdU R+o9S6llIQMcioandinsmdHui9Lt1F1RBPpMUt8ddKFGPwiOEMwo/UN1l0qE9YFQ1hVA YL4Yxb4fuHMFpKrV+FTGDkY094H8eYue52HFQSfjXutTs/tZ9h/vNtDBSo9f6LFRdHXF LtHjIAZ/RSwZm5dvZYlEaHkjxfAamMl7964GtTBEAeQNHaxRVeLnIxyWQFCfgyGIs24G TgCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b="ia/cl/8s"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q189si6153947pfb.62.2019.02.06.05.00.20; Wed, 06 Feb 2019 05:00:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.de header.s=amazon201209 header.b="ia/cl/8s"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729737AbfBFMvO (ORCPT + 99 others); Wed, 6 Feb 2019 07:51:14 -0500 Received: from smtp-fw-6001.amazon.com ([52.95.48.154]:36327 "EHLO smtp-fw-6001.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727724AbfBFMvO (ORCPT ); Wed, 6 Feb 2019 07:51:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1549457473; x=1580993473; h=from:to:cc:subject:references:date:in-reply-to: message-id:mime-version; bh=c30j1jBoxCPs4EVxPhFuqO1NAS4gRcXcpTLiUyHbDBQ=; b=ia/cl/8sKM3DLQWMyQKmf2Ey6Is2IE2szNSXwihFyM3dyPOFlNLoLHfq laQ38RZTrjLQZUomSYWQv6F0KLcYf6WdL1PdTT/HIwBhOZxepRxQRi5WO xDEJYn2Hs4F1Xw0hBjNFnhAZOrkR/Ck+GreoArzqzvbaBuY+f6WtIHTSt U=; X-IronPort-AV: E=Sophos;i="5.58,339,1544486400"; d="scan'208";a="379949945" Received: from iad6-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-1e-57e1d233.us-east-1.amazon.com) ([10.124.125.6]) by smtp-border-fw-out-6001.iad6.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Feb 2019 12:51:11 +0000 Received: from u54ee758033e858cfa736.ant.amazon.com (iad7-ws-svc-lb50-vlan3.amazon.com [10.0.93.214]) by email-inbound-relay-1e-57e1d233.us-east-1.amazon.com (8.14.7/8.14.7) with ESMTP id x16CovSP070579 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 6 Feb 2019 12:51:00 GMT From: Julian Stecklina To: Borislav Petkov Cc: Julian Stecklina , x86@kernel.org, Thomas Gleixner , Ingo Molnar , hpa@zytor.com, linux-kernel@vger.kernel.org, jschoenh@amazon.de, Dave Jiang , Kees Cook , Baoquan He , Andy Lutomirski , Peter Zijlstra Subject: Re: [PATCH 2/2] x86/boot: increase maximum number of avoided KASLR regions References: <1548866403-13390-1-git-send-email-js@alien8.de> <1548866403-13390-2-git-send-email-js@alien8.de> <20190205144441.GS21801@zn.tnic> Date: Wed, 06 Feb 2019 13:50:57 +0100 In-Reply-To: <20190205144441.GS21801@zn.tnic> (Borislav Petkov's message of "Tue, 5 Feb 2019 15:44:41 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Borislav Petkov writes: >> @@ -213,7 +213,7 @@ static void mem_avoid_memmap(char *str) >> i++; >> } >> >> - /* More than 4 memmaps, fail kaslr */ >> + /* Can't store all regions, fail kaslr */ >> if ((i >= MAX_MEMMAP_REGIONS) && str) >> memmap_too_large = true; >> } >> -- > > Lemme add some of the folks from > f28442497b5caf7bf573ade22a7f8d3559e3ef56 to Cc. > > It all looks arbitrary to me: first 4 unusable memmap regions, this > patch raises it to 16. Why are we even imposing such a limit? Because at this point, we are not in a good position to handle an unlimited amount of regions. As for the choice of "16", I took our usecase and multiplied it by two. FWIW, this could be even larger. Julian