Re: [PATCH v3 0/2] x86/mm/KASLR: Change the granularity of randomization to PUD size in 5-level

From: Baoquan He
Date: Wed Apr 03 2019 - 22:18:42 EST

Next message: Baoquan He: "Re: [PATCH v3 0/3] Add restrictions for kexec/kdump jumping between 5-level and 4-level kernel"
Previous message: YueHaibing: "Re: [PATCH] iov_iter: Fix build error without CONFIG_CRYPTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PING

Is there any comment for this patchset, or could we consider to merge
them?

On 03/08/19 at 10:56am, Baoquan He wrote:
> This is v3 post, v2 post is here:
> http://lkml.kernel.org/r/20190228003522.9957-1-bhe@xxxxxxxxxx
> v1 can be found here:
> http://lkml.kernel.org/r/20190224132231.4878-1-bhe@xxxxxxxxxx
>
> Background:
> ***
> Earlier, during a series of KASLR patch reviewing, Ingo got the current
> memory region KASLR only has granularity of randomization in PUD size in
> 4-level paging mode, and P4D size in 5-level paging mode, He suggested
> me to try to change both of them to be PMD size at granularity:
>
> http://lkml.kernel.org/r/20180912100135.GB3333@xxxxxxxxx
>
> Later, I changed code to support PMD level of randomization for both
> 4-level and 5-level.
>
> https://github.com/baoquan-he/linux/commits/mm-kaslr-2m-aligned
>
> The test passed on my KVM guest with 1 GB RAM, but failed when I
> increased the RAM to 4 GB, and failed either on larger RAM.
>
> After analyzing, it's because that 1 GB page mapping need be mapped at 1
> GB aligned physical address for intel CPU. The 2 MB level of randomization
> will break it and cause error. Please check below table in intel IA32 manual.
>
> Table 4-15. Format of an IA-32e Page-Directory-Pointer-Table Entry (PDPTE) that Maps a 1-GByte Page
>
> So PMD level of randomization for mm KASLR is not doable.
>
> However, during investigation and testing above code, it turns out that the
> current code is misleading to build identity mapping for the real mode
> trampoline in case KASLR enabled. From code, only a small area (which is
> smaller than 1 MB) need be identity mapped. Please check below patch which
> is from above mm-kaslr-2m-aligned patch series. it only builds up 2 MB
> identity maping for real mode trampoline, and test passed on machines
> with 32 GB RAM of 4-level and on KVM guest of 5-level.
>
> https://github.com/baoquan-he/linux/commit/e120e67fbf9a5aa818d20084d8dea5b4a27ecf97
>
> Result:
> Make a patchset to:
> 1)change code to only build 1 GB of area for real mode trampoline,
> namely only copy one PUD entry where physical address 0 resides;
>
> 2)improve the randomization granularity of 5-level from P4D size to PUD size.
>
> Changelog:
> v2->v3:
> Improve patch 1/2 according to Kirill's comments:
> *) Adjust code change of 1/2;
> *) Add code comment to explain the two kinds of mapping thing for
> real mode;
>
> v1->v2:
> Improve patch according to Kirill's suggestions:
> *)Add more information to code comment for better understanding;
> *)Improve code to save one low memory page in 4-level;
>
> Baoquan He (2):
> x86/mm/KASLR: Only build one PUD entry of area for real mode
> trampoline
> x86/mm/KASLR: Change the granularity of randomization to PUD size in
> 5-level
>
> arch/x86/mm/kaslr.c | 98 ++++++++++++++++++++-------------------------
> 1 file changed, 43 insertions(+), 55 deletions(-)
>
> --
> 2.17.2
>

Next message: Baoquan He: "Re: [PATCH v3 0/3] Add restrictions for kexec/kdump jumping between 5-level and 4-level kernel"
Previous message: YueHaibing: "Re: [PATCH] iov_iter: Fix build error without CONFIG_CRYPTO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]