From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Garnier <thgarnie@google.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
Kees Cook <keescook@chromium.org>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave@sr71.net>, Chen Yucong <slaoub@gmail.com>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Andrew Morton <akpm@linux-foundation.org>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Anna-Maria Gleixner <anna-maria@linutronix.de>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Michael Ellerman <mpe@ellerman.id.au>,
Juergen Gross <jgross@suse.com>,
Richard Weinberger <richard@nod.at>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: [kernel-hardening] Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location
Date: Sat, 7 Jan 2017 08:45:37 +0100 [thread overview]
Message-ID: <20170107074537.GB13565@gmail.com> (raw)
In-Reply-To: <CALCETrXgabhubUXMiTP5AgSASMkkzG+bYFaSoPt52QBZLm-PVg@mail.gmail.com>
* Andy Lutomirski <luto@kernel.org> wrote:
> > I looked back at the fixmap, and I can see a way it could be done (using
> > NR_CPUS) like the other fixmap ranges. It would limit the number of cpus to
> > 512 (there is 2M memory left on fixmap on the default configuration). That's
> > if we never add any other fixmap on x64. I don't know if it is an acceptable
> > number and if the fixmap region could be increased. (128 if we do your kvm
> > trick, of course).
>
> IIRC we need 4096 CPUs.
On 64-bit the limit is 8192 CPUs, and the SGI guys are relying on that up to the
tune of 6144 cores already, and I'd say the 64-bit CPU count is likely to go up
further with 5-level paging.
On 32-bit the reasonable CPU limit is the number that the Intel 32-bit cluster
computing nodes use. The latest public numbers are I think 36 'tiles' with each
tile being a 2-CPU SMT core - i.e. a limit of 72 CPUs has to be maintained.
(They'll obviously go to 64-bit as well so this problem will go away in a hardware
generation or two.)
So I'd say 128 CPUs on 32-bit should be a reasonable practical limit going
forward. Right now our 32-bit limit is 512 CPUs IIRC, but I don't think any real
hardware in production is reaching that.
> P.S. Let's do the move to the fixmap, read/write as a separate patch. That will
> make bisecting much easier.
Absolutely, but this has to be within the same series, as the interim fixmap-only
step is less secure in some circumstances: we are moving the writable GDT from a
previously randomized location to a fixed location.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Garnier <thgarnie@google.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
Kees Cook <keescook@chromium.org>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave@sr71.net>, Chen Yucong <slaoub@gmail.com>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Andrew Morton <akpm@linux-foundation.org>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Anna-Maria Gleixner <anna-maria@linutronix.de>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Michael Ellerman <mpe@ellerman.id.au>,
Juergen Gross <jgross@suse.com>,
Richard Weinberger <richard@nod.at>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [RFC] x86/mm/KASLR: Remap GDTs at fixed location
Date: Sat, 7 Jan 2017 08:45:37 +0100 [thread overview]
Message-ID: <20170107074537.GB13565@gmail.com> (raw)
In-Reply-To: <CALCETrXgabhubUXMiTP5AgSASMkkzG+bYFaSoPt52QBZLm-PVg@mail.gmail.com>
* Andy Lutomirski <luto@kernel.org> wrote:
> > I looked back at the fixmap, and I can see a way it could be done (using
> > NR_CPUS) like the other fixmap ranges. It would limit the number of cpus to
> > 512 (there is 2M memory left on fixmap on the default configuration). That's
> > if we never add any other fixmap on x64. I don't know if it is an acceptable
> > number and if the fixmap region could be increased. (128 if we do your kvm
> > trick, of course).
>
> IIRC we need 4096 CPUs.
On 64-bit the limit is 8192 CPUs, and the SGI guys are relying on that up to the
tune of 6144 cores already, and I'd say the 64-bit CPU count is likely to go up
further with 5-level paging.
On 32-bit the reasonable CPU limit is the number that the Intel 32-bit cluster
computing nodes use. The latest public numbers are I think 36 'tiles' with each
tile being a 2-CPU SMT core - i.e. a limit of 72 CPUs has to be maintained.
(They'll obviously go to 64-bit as well so this problem will go away in a hardware
generation or two.)
So I'd say 128 CPUs on 32-bit should be a reasonable practical limit going
forward. Right now our 32-bit limit is 512 CPUs IIRC, but I don't think any real
hardware in production is reaching that.
> P.S. Let's do the move to the fixmap, read/write as a separate patch. That will
> make bisecting much easier.
Absolutely, but this has to be within the same series, as the interim fixmap-only
step is less secure in some circumstances: we are moving the writable GDT from a
previously randomized location to a fixed location.
Thanks,
Ingo
next prev parent reply other threads:[~2017-01-07 7:45 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-04 22:16 [kernel-hardening] [RFC] x86/mm/KASLR: Remap GDTs at fixed location Thomas Garnier
2017-01-04 22:16 ` Thomas Garnier
2017-01-05 8:11 ` [kernel-hardening] " Ingo Molnar
2017-01-05 8:11 ` Ingo Molnar
2017-01-05 15:08 ` [kernel-hardening] " Arjan van de Ven
2017-01-05 15:08 ` Arjan van de Ven
2017-01-05 16:40 ` [kernel-hardening] " Thomas Garnier
2017-01-05 16:40 ` Thomas Garnier
2017-01-05 18:56 ` [kernel-hardening] " Arjan van de Ven
2017-01-05 18:56 ` Arjan van de Ven
2017-01-05 19:00 ` [kernel-hardening] " Thomas Garnier
2017-01-05 19:00 ` Thomas Garnier
2017-01-06 17:44 ` [kernel-hardening] " Borislav Petkov
2017-01-06 17:44 ` Borislav Petkov
2017-01-06 18:04 ` [kernel-hardening] " Thomas Garnier
2017-01-06 18:04 ` Thomas Garnier
2017-01-05 16:39 ` [kernel-hardening] " Thomas Garnier
2017-01-05 16:39 ` Thomas Garnier
2017-01-06 6:34 ` [kernel-hardening] " Ingo Molnar
2017-01-06 6:34 ` Ingo Molnar
2017-01-05 17:51 ` [kernel-hardening] " Andy Lutomirski
2017-01-05 17:51 ` Andy Lutomirski
2017-01-05 17:54 ` [kernel-hardening] " Thomas Garnier
2017-01-05 17:54 ` Thomas Garnier
2017-01-05 18:01 ` [kernel-hardening] " Andy Lutomirski
2017-01-05 18:01 ` Andy Lutomirski
2017-01-05 18:35 ` [kernel-hardening] " Thomas Garnier
2017-01-05 18:35 ` Thomas Garnier
2017-01-05 18:58 ` [kernel-hardening] " Arjan van de Ven
2017-01-05 18:58 ` Arjan van de Ven
2017-01-05 19:03 ` [kernel-hardening] " Thomas Garnier
2017-01-05 19:03 ` Thomas Garnier
2017-01-05 20:18 ` [kernel-hardening] " Andy Lutomirski
2017-01-05 20:18 ` Andy Lutomirski
2017-01-05 21:08 ` [kernel-hardening] " Thomas Garnier
2017-01-05 21:08 ` Thomas Garnier
2017-01-05 21:19 ` [kernel-hardening] " Andy Lutomirski
2017-01-05 21:19 ` Andy Lutomirski
2017-01-05 21:58 ` [kernel-hardening] " Thomas Garnier
2017-01-05 21:58 ` Thomas Garnier
2017-01-06 6:49 ` [kernel-hardening] " Ingo Molnar
2017-01-06 6:49 ` Ingo Molnar
2017-01-06 18:03 ` [kernel-hardening] " Thomas Garnier
2017-01-06 18:03 ` Thomas Garnier
2017-01-06 21:59 ` [kernel-hardening] " Andy Lutomirski
2017-01-06 21:59 ` Andy Lutomirski
2017-01-06 22:54 ` [kernel-hardening] " Thomas Garnier
2017-01-06 22:54 ` Thomas Garnier
2017-01-06 23:39 ` [kernel-hardening] " Andy Lutomirski
2017-01-06 23:39 ` Andy Lutomirski
2017-01-07 7:45 ` Ingo Molnar [this message]
2017-01-07 7:45 ` Ingo Molnar
2017-01-07 15:58 ` [kernel-hardening] " Andy Lutomirski
2017-01-07 15:58 ` Andy Lutomirski
2017-01-07 7:35 ` [kernel-hardening] " Ingo Molnar
2017-01-07 7:35 ` Ingo Molnar
2017-01-07 16:02 ` [kernel-hardening] " Andy Lutomirski
2017-01-07 16:02 ` Andy Lutomirski
2017-01-09 22:32 ` [kernel-hardening] " Thomas Garnier
2017-01-09 22:32 ` Thomas Garnier
2017-01-10 10:27 ` [kernel-hardening] " Ingo Molnar
2017-01-10 10:27 ` Ingo Molnar
2017-01-10 17:13 ` [kernel-hardening] " Thomas Garnier
2017-01-10 17:13 ` Thomas Garnier
2017-01-05 23:05 ` [kernel-hardening] " Linus Torvalds
2017-01-05 23:05 ` Linus Torvalds
2017-01-05 23:16 ` [kernel-hardening] " Thomas Garnier
2017-01-05 23:16 ` Thomas Garnier
2017-01-06 2:34 ` [kernel-hardening] " Andy Lutomirski
2017-01-06 2:34 ` Andy Lutomirski
2017-01-06 18:02 ` [kernel-hardening] " Thomas Garnier
2017-01-06 18:02 ` Thomas Garnier
2017-01-06 21:53 ` [kernel-hardening] " Andy Lutomirski
2017-01-06 21:53 ` Andy Lutomirski
2017-01-07 7:46 ` [kernel-hardening] " Ingo Molnar
2017-01-07 7:46 ` Ingo Molnar
2017-01-06 6:45 ` [kernel-hardening] " Ingo Molnar
2017-01-06 6:45 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170107074537.GB13565@gmail.com \
--to=mingo@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=anna-maria@linutronix.de \
--cc=arjan@linux.intel.com \
--cc=bigeasy@linutronix.de \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=dave@sr71.net \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=paul.gortmaker@windriver.com \
--cc=richard@nod.at \
--cc=slaoub@gmail.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=x86@kernel.org \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.