Re: [PATCH v3 2/4] kaslr: calculate the memory region in immovable node

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chao Fan <fanc.fnst@cn.fujitsu.com>
To: Kees Cook <keescook@chromium.org>
Cc: Baoquan He <bhe@redhat.com>, LKML <linux-kernel@vger.kernel.org>,
	X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, <yasu.isimatu@gmail.com>,
	<indou.takao@jp.fujitsu.com>, <caoj.fnst@cn.fujitsu.com>,
	Dou Liyang <douly.fnst@cn.fujitsu.com>
Subject: Re: [PATCH v3 2/4] kaslr: calculate the memory region in immovable node
Date: Thu, 7 Dec 2017 09:09:36 +0800	[thread overview]
Message-ID: <20171207010935.GC28884@localhost.localdomain> (raw)
In-Reply-To: <CAGXu5jKEV4m4R=MVMyE5zA3Svm1k7W0=jo=tJmOeqX=W2gUobw@mail.gmail.com>

On Wed, Dec 06, 2017 at 04:11:04PM -0800, Kees Cook wrote:
>On Wed, Dec 6, 2017 at 2:02 AM, Chao Fan <fanc.fnst@cn.fujitsu.com> wrote:
>> On Wed, Dec 06, 2017 at 05:28:00PM +0800, Baoquan He wrote:
>>>On 12/05/17 at 11:40am, Kees Cook wrote:
>>>> On Tue, Dec 5, 2017 at 12:51 AM, Chao Fan <fanc.fnst@cn.fujitsu.com> wrote:
>>>> > If there is no immovable memory region specified, go on the old code.
>>>> > There are several conditons:
>>>> > 1. CONFIG_MEMORY_HOTPLUG is not specified to y.
>>>> > 2. immovable_mem= is not specified.
>>>> >
>>>> > Otherwise, calculate the intersecting between memmap entry and
>>>> > immovable memory.
>>>>
>>>> Instead of copy/pasting code between process_efi_entries() and
>>>> process_e820_entries(), I'd rather that process_mem_region() is
>>>> modified to deal with immovable regions.
>>>
>>>If put it into process_mem_region(), one level of loop is added. How
>>
>> Yes, one new loop will add ahead of the while() in process_mem_region
>> then the code may look like:
>>
>> @@ -509,6 +555,24 @@ static void process_mem_region(struct mem_vector *entry,
>>         region.start = cur_entry.start;
>>         region.size = cur_entry.size;
>>
>> +#ifdef CONFIG_MEMORY_HOTPLUG
>> +next:
>> +       if (num_immovable_mem > 0) {
>> +               unsigned long long start, reg_end;
>> +
>> +               if (!mem_overlaps(&entry, &immovable_mem[i]))
>> +                       goto out;
>> +
>> +               start = immovable_mem[i].start;
>> +               end = start + immovable_mem[i].size;
>> +
>> +               region.start = clamp(cur_entry.start, start, end);
>> +               reg_end = clamp(cur_entry.start + cur_entry.size, start, end);
>> +
>> +               region.size = region_end - region.start;
>> +       }
>> +#endif
>> +
>>         /* Give up if slot area array is full. */
>>         while (slot_area_index < MAX_SLOT_AREA) {
>>                 start_orig = region.start;
>> @@ -522,7 +586,7 @@ static void process_mem_region(struct mem_vector *entry,
>>
>>                 /* Did we raise the address above the passed in memory entry? */
>>                 if (region.start > cur_entry.start + cur_entry.size)
>> -                       return;
>> +                       goto out;
>>
>>                 /* Reduce size by any delta from the original address. */
>>                 region.size -= region.start - start_orig;
>> @@ -534,12 +598,12 @@ static void process_mem_region(struct mem_vector *entry,
>>
>>                 /* Return if region can't contain decompressed kernel */
>>                 if (region.size < image_size)
>> -                       return;
>> +                       goto out;
>>
>>                 /* If nothing overlaps, store the region and return. */
>>                 if (!mem_avoid_overlap(&region, &overlap)) {
>>                         store_slot_info(&region, image_size);
>> -                       return;
>> +                       goto out;
>>                 }
>>
>>                 /* Store beginning of region if holds at least image_size. */
>>                 @@ -553,12 +617,20 @@ static void process_mem_region(struct mem_vector *entry,
>>
>>                 /* Return if overlap extends to or past end of region. */
>>                 if (overlap.start + overlap.size >= region.start + region.size)
>> -                       return;
>> +                       goto out;
>>
>>                 /* Clip off the overlapping region and start over. */
>>                 region.size -= overlap.start - region.start + overlap.size;
>>                 region.start = overlap.start + overlap.size;
>>         }
>> +
>> +out:
>> +#ifdef CONFIG_MEMORY_HOTPLUG
>> +       i++;
>> +       if (i < num_immovable_mem)
>> +               goto next;
>> +#endif
>> +       return;
>>  }
>>
>>>about changing it like below. If no immovable_mem, just process the
>>>region in process_immovable_mem(). This we don't need to touch
>>>process_mem_region().
>>
>> Yes, Baoquan's method will make all change be in one function.
>> Kees, how do you think, which is better?
>
>I prefer Baoquan's approach, though I don't like the function names.
>:) Perhaps rename process_mem_region() to slots_count() (to match
>slots_fetch_random()) and rename process_immovable_mem() to
>process_mem_region().

Thanks for your review, I will change and send the new version.

Thanks,
Chao Fan

>
>-Kees
>
>-- 
>Kees Cook
>Pixel Security
>
>

next prev parent reply	other threads:[~2017-12-07  1:10 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-05  8:51 [PATCH v3 0/4] kaslr: add new parameter immovable_mem=nn[KMG]@ss[KMG] to make memory hotplug work well with kaslr Chao Fan
2017-12-05  8:51 ` [PATCH v3 1/4] kaslr: add immovable_mem=nn[KMG]@ss[KMG] to specify extracting memory Chao Fan
2017-12-05 19:42   ` Kees Cook
2017-12-06  1:13     ` Chao Fan
2017-12-06  9:35   ` Baoquan He
2017-12-07  2:53     ` Chao Fan
2017-12-07  3:09       ` Baoquan He
2017-12-07  3:56         ` Chao Fan
2017-12-07  4:16           ` Dou Liyang
2017-12-07  4:58             ` Baoquan He
2017-12-07  5:31               ` Chao Fan
2017-12-05  8:51 ` [PATCH v3 2/4] kaslr: calculate the memory region in immovable node Chao Fan
2017-12-05 19:40   ` Kees Cook
2017-12-06  9:28     ` Baoquan He
2017-12-06 10:02       ` Chao Fan
2017-12-07  0:11         ` Kees Cook
2017-12-07  1:09           ` Chao Fan [this message]
2017-12-05  8:51 ` [PATCH v3 3/4] kaslr: disable memory mirror feature when movable_node specified Chao Fan
2017-12-05  8:52 ` [PATCH v3 4/4] document: change the document for immovable_mem Chao Fan
2017-12-05 17:36   ` Randy Dunlap
2017-12-06  1:16     ` Chao Fan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171207010935.GC28884@localhost.localdomain \
    --to=fanc.fnst@cn.fujitsu.com \
    --cc=bhe@redhat.com \
    --cc=caoj.fnst@cn.fujitsu.com \
    --cc=douly.fnst@cn.fujitsu.com \
    --cc=hpa@zytor.com \
    --cc=indou.takao@jp.fujitsu.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=yasu.isimatu@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.