Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp959110ybl; Fri, 6 Dec 2019 08:58:41 -0800 (PST) X-Google-Smtp-Source: APXvYqzzrwc1kzIikB6FtzasmSRnHhu+HQdwVeEj+UuCBHkGJLSvhXKCv82fmgouEtfepdj5OfGv X-Received: by 2002:a9d:da2:: with SMTP id 31mr11206517ots.319.1575651521073; Fri, 06 Dec 2019 08:58:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575651521; cv=none; d=google.com; s=arc-20160816; b=Zro3au1lTE/ELiXAC0v5841Lv6zHhWIwppVLMawwEiFZxxUPl+UMtxJldXlgU5Uu5s amJlu2bsLI7rV6f0ZbNhNeK4B/JqnbCKpXGRCPh4klENkLBfF05Cyi96xvCfM90eU3qk xoKlm9DZkJrhYnUhBgmy8DoMQL7Fup9wHL3L4U0m+d02nUE4tZWFHYkaxrIfqHK4SDF/ yNIjStYUd9EWZtpnIeAnK65oX2D2oU02iCknTWIMTIymTf1Bkb8/09J7OUjrG4av13x8 h7BZls7wQmcI8QJHge77IQCJJSfDBP7LIpKti5FlRtu9Dhw1Cjb/TjbSHnNjORvwz0iC 05LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=aMaYQ6yXmhlltBmW/p8k1pc2abuhRB+m4YdSEAS0CnE=; b=cBe8AxDk59sGzrFJ/iSdosR1KrnUKUcc+Q7wTqajFQKUIe8CqVrBgLkukoFC9hqhMA Xfauk3f84K6yr5QZ/9HpIUpQZkP8t6Hga5b6YpcbiODZXj/pf75qxOjCbN9hY/m2X/BB U3pBNFXBbMf0NDwwZv7p3Ax4xzV9pcKIjbcd06lbCamvmMnQU+KLGixPK/7m7gTqFBWz kaPdsZ1/mUoqBepiX5D8hBtLpPnchrya1LrOa8AV0LrJHcT6nPpFUFhbjElP9TUqS9le cy22fDCffkGqqvZTNh4b9usfKECYJKtevU5sx8apw/LWBNe/jkkQusJL4ERjr8MB2YMO rVgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=p6PAfNiU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k17si7212584oiw.238.2019.12.06.08.58.29; Fri, 06 Dec 2019 08:58:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=p6PAfNiU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726673AbfLFQ5h (ORCPT + 99 others); Fri, 6 Dec 2019 11:57:37 -0500 Received: from mail-qv1-f68.google.com ([209.85.219.68]:46539 "EHLO mail-qv1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726516AbfLFQ5d (ORCPT ); Fri, 6 Dec 2019 11:57:33 -0500 Received: by mail-qv1-f68.google.com with SMTP id t9so123818qvh.13 for ; Fri, 06 Dec 2019 08:57:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=aMaYQ6yXmhlltBmW/p8k1pc2abuhRB+m4YdSEAS0CnE=; b=p6PAfNiUak7ezH//qp3sezHJUuSE04xW8l/oktB2V6F+m4FvO5mpbkRQJFyMICskz2 bQpKsFPmk0PQWscJXcwDDe/BxwwIEFt51ZmZteFVbxuLZ/Lc8ZUwocnABvAYq20DyZVe 2htXekEf5XfSZC9XPFK3KYk4sJLHq76PPlMv3f3u3XPB4+AVH9MGxZvhxw0dqolVhaSi P0ON2snbBgYZz1HNhNdM0hWTXHGFW9OqIOA1+v/uwBM4/denoHF7TbbQtmpHUT4adViB LVJyxVgLq1vYpV3ivqfJjFcaJXUfuwO/CkxFo2e2A0IaEofz1UilSnuaEi3wvQ7mu1xo rJIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=aMaYQ6yXmhlltBmW/p8k1pc2abuhRB+m4YdSEAS0CnE=; b=tHEVa/odgrk7CLcmrLm+LH6tD6djxnFkD90phmP6a41fDw1I3A6G+30kz335JgR+rI fvTlWfHyRHxLBZQBmDwD54WhrQIoeQBzhq0ULVkl4vSRksQJSeG/ZjTV8Bsqc2ErXesb tMvOaJlG4SjCdEAgFJSourRjKve48bLQIbxje+9awygFr0XAllDgVjxNNbgJc1GPhyh9 qZ6RrWCFQ5fORAFFmtddW+VjyAFq56jh8EgQ+Py2tVGh+Iub9h2J3bAWZsLq/4Bzh0j+ mmp67zHshtEZES91eVJEEzdBuHFl6GrQXu/FZMVQHHq6D0/D27jCh8L/zovsriGMlZBo eV2A== X-Gm-Message-State: APjAAAWJSld4DmfVdkK4xPgfzRRkixSvaPJoDqK2PrdUXOmnzStvOz89 q2/Nglu23et92+LlRpHqgQ== X-Received: by 2002:a05:6214:4e:: with SMTP id c14mr7735020qvr.112.1575651451783; Fri, 06 Dec 2019 08:57:31 -0800 (PST) Received: from gabell.bos.redhat.com (nat-pool-bos-t.redhat.com. [66.187.233.206]) by smtp.gmail.com with ESMTPSA id y28sm6531373qtk.65.2019.12.06.08.57.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Dec 2019 08:57:31 -0800 (PST) From: Masayoshi Mizuma To: Borislav Petkov , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, Baoquan He Cc: Masayoshi Mizuma , Masayoshi Mizuma , linux-kernel@vger.kernel.org Subject: [PATCH v6 4/4] x86/mm/KASLR: Adjust the padding size for the direct mapping. Date: Fri, 6 Dec 2019 11:57:07 -0500 Message-Id: <20191206165707.20806-5-msys.mizuma@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191206165707.20806-1-msys.mizuma@gmail.com> References: <20191206165707.20806-1-msys.mizuma@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Masayoshi Mizuma The system sometimes crashes while memory hot-adding on KASLR enabled system. The crash happens because the regions pointed by kaslr_regions[].base are overwritten by the hot-added memory. It happens because of the padding size for kaslr_regions[].base isn't enough for the system whose physical memory layout has huge space for memory hotplug. kaslr_regions[].base points "actual installed memory size + padding" or higher address. So, if the "actual + padding" is lower address than the maximum memory address, which means the memory address reachable by memory hot-add, kaslr_regions[].base is destroyed by the overwritten. address ^ |------- maximum memory address (Hotplug) | ^ |------- kaslr_regions[0].base | Hotadd-able region | ^ | | | padding | | V V |------- actual memory address (Installed on boot) | Fix it by getting the maximum memory address from SRAT and store the value in boot_param, then set the padding size while KASLR initializing if the default padding size isn't enough. Acked-by: Baoquan He Signed-off-by: Masayoshi Mizuma --- arch/x86/mm/kaslr.c | 63 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 15 deletions(-) diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index dc6182eecefa..b3f2f468d20f 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -70,15 +70,58 @@ static inline bool kaslr_memory_enabled(void) return kaslr_enabled() && !IS_ENABLED(CONFIG_KASAN); } +/* + * Even though a huge virtual address space is reserved for the direct + * mapping of physical memory, e.g in 4-level paging mode, it's 64TB, + * rare system can own enough physical memory to use it up, most are + * even less than 1TB. So with KASLR enabled, we adapt the size of + * direct mapping area to the size of actual physical memory plus the + * configured padding CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING. + * The left part will be taken out to join memory randomization. + * + * And in case CONFIG_MEMORY_HOTPLUG is enabled and boot_params.max_addr + * has a physical memory address, that means the system memory can be + * expanded by memory hot-add to boot_params.max_addr. Set the size + * of direct mapping area to boot_params.max_addr so that we can avoid + * overwriting the hot-added memory. + */ +static inline unsigned long calc_direct_mapping_size(void) +{ + unsigned long size_tb, memory_tb; + + memory_tb = DIV_ROUND_UP(max_pfn << PAGE_SHIFT, 1UL << TB_SHIFT) + + CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING; + +#ifdef CONFIG_MEMORY_HOTPLUG + if (boot_params.max_addr) { + unsigned long maximum_tb; + + maximum_tb = DIV_ROUND_UP(boot_params.max_addr, + 1UL << TB_SHIFT); + + if (maximum_tb > memory_tb) + memory_tb = maximum_tb; + } +#endif + size_tb = 1 << (MAX_PHYSMEM_BITS - TB_SHIFT); + + /* + * Adapt physical memory region size based on available memory + */ + if (memory_tb < size_tb) + size_tb = memory_tb; + + return size_tb; +} + /* Initialize base and padding for each memory region randomized with KASLR */ void __init kernel_randomize_memory(void) { - size_t i; - unsigned long vaddr_start, vaddr; - unsigned long rand, memory_tb; - struct rnd_state rand_state; + unsigned long vaddr_start, vaddr, rand; unsigned long remain_entropy; unsigned long vmemmap_size; + struct rnd_state rand_state; + size_t i; vaddr_start = pgtable_l5_enabled() ? __PAGE_OFFSET_BASE_L5 : __PAGE_OFFSET_BASE_L4; vaddr = vaddr_start; @@ -95,20 +138,10 @@ void __init kernel_randomize_memory(void) if (!kaslr_memory_enabled()) return; - kaslr_regions[0].size_tb = 1 << (MAX_PHYSMEM_BITS - TB_SHIFT); + kaslr_regions[0].size_tb = calc_direct_mapping_size(); kaslr_regions[1].size_tb = VMALLOC_SIZE_TB; - /* - * Update Physical memory mapping to available and - * add padding if needed (especially for memory hotplug support). - */ BUG_ON(kaslr_regions[0].base != &page_offset_base); - memory_tb = DIV_ROUND_UP(max_pfn << PAGE_SHIFT, 1UL << TB_SHIFT) + - CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING; - - /* Adapt phyiscal memory region size based on available memory */ - if (memory_tb < kaslr_regions[0].size_tb) - kaslr_regions[0].size_tb = memory_tb; /* * Calculate the vmemmap region size in TBs, aligned to a TB -- 2.20.1