From: Baoquan He <bhe@redhat.com>
To: mingo@kernel.org, tglx@linutronix.de, hpa@zytor.com
Cc: linux-kernel@vger.kernel.org, kirill.shutemov@linux.intel.com,
x86@kernel.org, thgarnie@google.com, corbet@lwn.net,
linux-doc@vger.kernel.org, peterz@infradead.org
Subject: Re: [PATCH v2 3/3] x86/doc/kaslr.txt: Create a separate part of document abourt KASLR at the end of file
Date: Fri, 21 Sep 2018 13:23:27 +0800 [thread overview]
Message-ID: <20180921052327.GA32486@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20180921032157.GT2555@MiWiFi-R3L-srv>
On 09/21/18 at 11:21am, Baoquan He wrote:
> Take the original content as the first part to only list static mm layout
> tables in non-KASLR case. Then add KASLR document at the end.
>
> Signed-off-by: Baoquan He <bhe@redhat.com>
> ---
> Documentation/x86/x86_64/mm.txt | 62 +++++++++++++++++++++++++++++++++++------
> 1 file changed, 54 insertions(+), 8 deletions(-)
>
> diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt
> index fc1da95e629d..58187614c7ca 100644
> --- a/Documentation/x86/x86_64/mm.txt
> +++ b/Documentation/x86/x86_64/mm.txt
> @@ -1,4 +1,6 @@
>
> +MM layout in non-KASLR case:
> +
> Virtual memory map with 4 level page tables:
>
> 0000000000000000 - 00007fffffffffff (=47 bits, 128 TB) user space, different per mm
> @@ -12,7 +14,6 @@ ffffea0000000000 - ffffeaffffffffff (=40 bits, 1 TB) virtual memory map (vmemmap
> ffffeb0000000000 - ffffebffffffffff (=40 bits, 1 TB) unused hole
> ffffec0000000000 - fffffbffffffffff (=44 bits, 16 TB) kasan shadow memory
> fffffc0000000000 - fffffdffffffffff (=41 bits, 2 TB) unused hole
> - vaddr_end for KASLR
> fffffe0000000000 - fffffe7fffffffff (=39 bits, 512 GB) cpu_entry_area mapping
> fffffe8000000000 - fffffeffffffffff (=39 bits, 512 GB) LDT remap for PTI
> ffffff0000000000 - ffffff7fffffffff (=39 bits, 512 GB) %esp fixup stacks
> @@ -38,7 +39,6 @@ ffd4000000000000 - ffd5ffffffffffff (=49 bits, 512 TB) virtual memory map (vmemm
> ffd6000000000000 - ffdeffffffffffff (~51 bits, 2304 TB) unused hole
> ffdf000000000000 - fffffdffffffffff (~53 bits, ~8 PB) kasan shadow memory
> fffffc0000000000 - fffffdffffffffff (=41 bits, 2 TB) unused hole
> - vaddr_end for KASLR
> fffffe0000000000 - fffffe7fffffffff (=39 bits, 512 GB) cpu_entry_area mapping
> fffffe8000000000 - fffffeffffffffff (=39 bits, 512 GB) unused hole
> ffffff0000000000 - ffffff7fffffffff (=39 bits, 512 GB) %esp fixup stacks
> @@ -70,10 +70,56 @@ memory window (this size is arbitrary, it can be raised later if needed).
> The mappings are not part of any other kernel PGD and are only available
> during EFI runtime calls.
>
> -Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all
> -physical memory, vmalloc/ioremap space and virtual memory map are randomized.
> -Their order is preserved but their base will be offset early at boot time.
> +KASLR
> +=========================================================================
> +
> +Kernel Adress Space Layout Randomization (KASLR) consists of two parts
> +which work together to enhance the security of the Linux kernel:
> +
> + - Kernel text KASLR
> + - Memory region KASLR
> +
> +Kernel text KASLR
> +-----------------
> +The physical address and virtual address of kernel text itself are
> +randomized to a different position separately. The physical address of
> +the kernel can be anywhere under 64TB, while the virtual address of the
~~~ in 4-level paging mode
> +kernel is restricted between [0xffffffff80000000, ffffffffbfffffff],
> +the 1GB space.
> +
> +ffffffff80000000 - ffffffffbfffffff (1 GB) kernel text mapping, from phys 0
> +ffffffffc0000000 - fffffffffeffffff (1520 MB) module mapping space
1 GB too, will repost.
> +
> +Note: The kernel text KASLR uses 1 GB space to randomize the position of
> +kernel image, and it's defalutly enabled. If KASLR config option
> +CONFIG_RANDOMIZE_BASE is not enabled, the space for kernel image will be
> +shrink to 512 MB, increase the size of modules area to 1.5 GB.
> +
> +Memory region KASLR
> +-------------------
> +If CONFIG_RANDOMIZE_MEMORY is enabled, the below three memory regions
> +are randomized. Their order is preserved but their base will be offset
> +early at boot time.
> +
> + - direct mapping region
> + - vmalloc region
> + - vmemmap region
> +
> +The KASLR address range must not overlap with anything except the KASAN
> +shadow area, which is correct as KASAN disables KASLR.
> +
> +So from the original starting address of the direct mapping region for physical
> +RAM to the starting address of the cpu_entry_area mapping region, namely
> +[0xffff880000000000 - 0xfffffdffffffffff], the scope of 118 TB in all is
> +the virtual address space where memory region KASLR can be allowed to move
> +those memory regions around. After KASLR manipulation is done, their layout
> +looks like:
>
> -Be very careful vs. KASLR when changing anything here. The KASLR address
> -range must not overlap with anything except the KASAN shadow area, which is
> -correct as KASAN disables KASLR.
> +Name Starting address Size Aligned
> +-----------------------------------------------------------------------------------------------
> +direct mapping page_offset_base [actual size of system RAM + 10 TB padding] 1 GB
> +*guard hole random random 1 GB
> +vmalloc vmalloc_base 32 TB 1 GB
> +*guard hole random random 1 GB
> +vmemmap vmemmap_base 1 TB 1 GB
> +*guard hole random random 1 GB
> --
> 2.13.6
>
next prev parent reply other threads:[~2018-09-21 5:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-21 2:05 [PATCH 0/3] x86/mm/doc: Clean up mm.txt Baoquan He
2018-09-21 2:05 ` [PATCH 1/3] x86/KASLR: Update document about KERNEL_IMAGE_SIZE Baoquan He
2018-09-21 2:05 ` [PATCH 2/3] x86/mm/doc: Clean up the memory region layout descriptions Baoquan He
2018-09-21 2:05 ` [PATCH 3/3] x86/doc/kaslr.txt: Create a separate part of document abourt KASLR at the end of file Baoquan He
2018-09-21 3:19 ` Baoquan He
2018-09-21 3:21 ` [PATCH v2 " Baoquan He
2018-09-21 5:23 ` Baoquan He [this message]
2018-09-21 5:29 ` [PATCH v3 " Baoquan He
2018-09-27 0:02 ` [PATCH 0/3] x86/mm/doc: Clean up mm.txt Baoquan He
-- strict thread matches above, loose matches on Subject: below --
2018-09-26 23:58 [PATCH v2 " Baoquan He
2018-09-26 23:58 ` [PATCH v2 3/3] x86/doc/kaslr.txt: Create a separate part of document abourt KASLR at the end of file Baoquan He
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180921052327.GA32486@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=corbet@lwn.net \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).