Re: [PATCH] arm64: mm: Make randomization works again in some case

From: Catalin Marinas <catalin.marinas@arm.com>
To: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
	linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: mm: Make randomization works again in some case
Date: Fri, 10 Dec 2021 11:56:43 +0000	[thread overview]
Message-ID: <YbNAexytjoQMmRjk@arm.com> (raw)
In-Reply-To: <20211104062747.55206-1-wangkefeng.wang@huawei.com>

On Thu, Nov 04, 2021 at 02:27:47PM +0800, Kefeng Wang wrote:
> After commit 97d6786e0669 ("arm64: mm: account for hotplug memory when
> randomizing the linear region"), the KASLR could not work well in some
> case, eg, without memory hotplug and with va=39/pa=44, that is, linear
> region size < CPU's addressable PA range, the KASLR fails now but could
> work before this commit. Let's calculate pa range by memblock end/start
> without CONFIG_RANDOMIZE_BASE.
> 
> Meanwhile, let's add a warning message if linear region size is too small
> for randomization.
> 
> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
> ---
> Hi Ard, one more question, the parange from mmfr0 register may also too large,
> then even with this patch, the randomization still could not work.
> 
> If we know the max physical memory range(including hotplug memory), could we
> add a way(maybe cmdline) to set max parange, then we could make randomization
> works in more cases, any thought?
> 
>  arch/arm64/mm/init.c | 30 +++++++++++++++++++++---------
>  1 file changed, 21 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
> index a8834434af99..27ec7f2c6fdb 100644
> --- a/arch/arm64/mm/init.c
> +++ b/arch/arm64/mm/init.c
> @@ -284,21 +284,33 @@ void __init arm64_memblock_init(void)
>  
>  	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
>  		extern u16 memstart_offset_seed;
> -		u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
> -		int parange = cpuid_feature_extract_unsigned_field(
> -					mmfr0, ID_AA64MMFR0_PARANGE_SHIFT);
> -		s64 range = linear_region_size -
> -			    BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
> +		s64 range;
> +
> +		if (IS_ENABLED(CONFIG_MEMORY_HOTPLUG)) {
> +			u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
> +			int parange = cpuid_feature_extract_unsigned_field(
> +						mmfr0, ID_AA64MMFR0_PARANGE_SHIFT);
> +			range = linear_region_size -
> +				BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
> +
> +		} else {
> +			range = linear_region_size -
> +				(memblock_end_of_DRAM() - memblock_start_of_DRAM());
> +		}

I'm not a big fan of making this choice depend on memory hotplug. Could
we instead just limit the randomisation to the minimum of va bits and pa
bits? We can keep the warning.

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel