From: Baoquan He <bhe@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: mingo@redhat.com, keescook@chromium.org, thgarnie@google.com,
dyoung@redhat.com, xlpang@redhat.com,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
x86@kernel.org, Yinghai Lu <yinghai@kernel.org>,
Borislav Petkov <bp@suse.de>, Dave Jiang <dave.jiang@intel.com>
Subject: Re: [PATCH 2/2] x86/KASLR: Use old ident map page table if physical randomization failed
Date: Wed, 26 Apr 2017 18:49:23 +0800 [thread overview]
Message-ID: <20170426104923.GD2794@x1> (raw)
In-Reply-To: <1493203160-20148-3-git-send-email-bhe@redhat.com>
On 04/26/17 at 06:39pm, Baoquan He wrote:
> Dave found when kdump kernel will reset to bios immediately if kaslr
^~ this 'when' is redundent, sorry
> is enabled and physical randomization failed to faind a new position
> for kernel. But nokaslr works in this case.
>
> The reason is kaslr will install a new page table for ident mapping,
> while it missed to consider building ident mapping for original area
> of kernel if kaslr failed on physical randomization.
>
> In fact bootloaders including kexec/kdump have built ident mapping
> for original place of kernel. We can only install new ident mapping
> page table when physical kaslr succeeds. Otherwise we just keep the
> old page table unchanged just like nokaslr does.
>
> Signed-off-by: Baoquan He <bhe@redhat.com>
> Signed-off-by: Dave Young <dyoung@redhat.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: x86@kernel.org
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Yinghai Lu <yinghai@kernel.org>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Dave Jiang <dave.jiang@intel.com>
> Cc: Thomas Garnier <thgarnie@google.com>
> ---
> arch/x86/boot/compressed/kaslr.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
> index e5eb0c3..7a8b443 100644
> --- a/arch/x86/boot/compressed/kaslr.c
> +++ b/arch/x86/boot/compressed/kaslr.c
> @@ -650,10 +650,16 @@ void choose_random_location(unsigned long input,
> add_identity_map(random_addr, output_size);
> *output = random_addr;
> }
> +
> + /*
> + * This actually loads the identity pagetable on x86_64.
> + * And this should only be done only if a new position
> + * is found. Otherwise we should keep the old page table
> + * to make it be like nokaslr case.
> + */
> + finalize_identity_maps();
> }
>
> - /* This actually loads the identity pagetable on x86_64. */
> - finalize_identity_maps();
>
> /* Pick random virtual address starting from LOAD_PHYSICAL_ADDR. */
> if (IS_ENABLED(CONFIG_X86_64))
> --
> 2.5.5
>
next prev parent reply other threads:[~2017-04-26 10:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-26 10:39 [PATCH 0/2] kaslr related bug fix Baoquan He
[not found] ` <1493203160-20148-1-git-send-email-bhe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-26 10:39 ` [PATCH 1/2] x86/efi: Correct ident mapping of efi old_map when kalsr enabled Baoquan He
2017-04-26 10:39 ` Baoquan He
[not found] ` <1493203160-20148-2-git-send-email-bhe-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-04-26 10:43 ` Baoquan He
2017-04-26 10:43 ` Baoquan He
2017-04-26 14:49 ` Thomas Garnier
2017-04-26 14:49 ` Thomas Garnier
[not found] ` <CAJcbSZHjQ2_MrvtdaSq8Nic+GWQGCbX_LvN7zEWcdk631=iYGQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-04-27 10:31 ` Baoquan He
2017-04-27 10:31 ` Baoquan He
2017-04-27 10:47 ` Baoquan He
2017-04-27 10:47 ` Baoquan He
2017-04-26 10:39 ` [PATCH 2/2] x86/KASLR: Use old ident map page table if physical randomization failed Baoquan He
2017-04-26 10:49 ` Baoquan He [this message]
2017-04-26 19:12 ` Kees Cook
2017-04-27 7:18 ` Baoquan He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170426104923.GD2794@x1 \
--to=bhe@redhat.com \
--cc=bp@suse.de \
--cc=dave.jiang@intel.com \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=x86@kernel.org \
--cc=xlpang@redhat.com \
--cc=yinghai@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.