From: Vivek Goyal <vgoyal@redhat.com>
To: Baoquan He <bhe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
LKML <linux-kernel@vger.kernel.org>,
Andi Kleen <ak@linux.intel.com>, Ingo Molnar <mingo@redhat.com>,
Thomas Deutschmann <whissi@whissi.de>,
Dave Young <dyoung@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
WANG Chao <chaowang@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH 1/4] kaslr: check user's config too when handle relocations
Date: Wed, 10 Sep 2014 11:04:32 -0400 [thread overview]
Message-ID: <20140910150432.GA7898@redhat.com> (raw)
In-Reply-To: <20140910145334.GB1887@dhcp-17-102.nay.redhat.com>
On Wed, Sep 10, 2014 at 10:53:34PM +0800, Baoquan He wrote:
> On 09/10/14 at 10:30am, Vivek Goyal wrote:
> > On Wed, Sep 10, 2014 at 03:21:15PM +0800, Baoquan He wrote:
>
>
> > > In fact, I think below checking will be clearer and works too.
> > >
> > >
> > > static void handle_relocations(void *output, unsigned long output_len)
> > > {
> > >
> > > ...
> > >
> > > #if CONFIG_X86_64
> > >
> > > or
> > >
> > > #if CONFIG_RANDOMIZE_BASE
> > > #ifdef CONFIG_HIBERNATION
> > > if (!cmdline_find_option_bool("kaslr")) {
> > > debug_putstr("No relocation needed... ");
> > > return;
> > > }
> > > #else
> > > if (cmdline_find_option_bool("nokaslr")) {
> > > debug_putstr("No relocation needed... ");
> > > return;
> > > }
> > > #endif
> >
> > >
> > > if (max_addr > CONFIG_RANDOMIZE_BASE_MAX_OFFSET) {
> > > debug_putstr("Random addr is not allowed. No relocation
> > > needed... \n");
> > > return;
> >
> > Hi Bao,
> >
> > I dont think that this is required or this is correct. kaslr will not
> > choose a physical location which is beyond CONFIG_RANDOMIZE_BASE_MAX_OFFSET,
> > So not sure what will this do.
> >
> > Just the other check of output_orig == output should fix issue for us.
> >
> > If one is not passing nokaslr in case of kexec, and kernel is loaded
> > high (say 64G), I think kaslr will automatically move kernel below 1G
> > and handle_relocations() should succeed.
>
> No, if kernel is loaded high (say 64G), the random kernel location
> choosing won't happen. Since in process_e820_entry() it only accepts the
> memory region which is above output, plus the
> CONFIG_RANDOMIZE_BASE_MAX_OFFSET checking, any kenrel loaded high above
> 1G will not get a new random kernel location. So it's safe in this case.
Ok, if kaslr does not move kernel in this case, that is also fine. Your
other patch will detect this condition and not perform any relocations.
That means kexec should work as it is without passing nokaslr.
>
> >
> > In case of kdump we will have to pass nokaslr, as we don't want kernel
> > to move as it could stomp over other things we have loaded.
>
> For kdump and kexec nokaslr is unnecessary. As you know we always
> call add_buffer with buf_end as 1, this will cause kernel loaded at the
> top of available memory. E.g on my pc with 16G memory, kexec kernel will
> be put nearby 16G, so no random location choosing happen as I said in
> above. For kdump, if reserved memory is at 500M~700M, then kernel will
> be put nearby 700M, the random location choosing also never happen.
>
> In fact, for some cases I need change kexec-tools user app code, to make
> kernel be put from down to top.
I think we can't rely on where exactly in memory kexec-tools places the
kernel. For kdump case we will have to pass nokaslr to make sure that
kaslr does not move kernel.
Thanks
Vivek
next prev parent reply other threads:[~2014-09-10 15:04 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-05 14:08 [PATCH 0/4] fix the compatibility between kaslr and kexe Baoquan He
2014-09-05 14:08 ` [PATCH 1/4] kaslr: check user's config too when handle relocations Baoquan He
2014-09-05 17:11 ` Kees Cook
2014-09-05 22:37 ` Baoquan He
2014-09-09 6:24 ` Baoquan He
2014-09-09 15:53 ` Kees Cook
2014-09-09 19:28 ` Vivek Goyal
2014-09-09 21:13 ` Kees Cook
2014-09-10 7:21 ` Baoquan He
2014-09-10 14:30 ` Vivek Goyal
2014-09-10 14:41 ` Kees Cook
2014-09-10 15:05 ` Vivek Goyal
2014-09-10 15:27 ` Baoquan He
2014-09-10 15:38 ` Vivek Goyal
2014-09-11 9:31 ` Baoquan He
2014-09-11 16:18 ` Kees Cook
2014-09-10 14:53 ` Baoquan He
2014-09-10 15:04 ` Vivek Goyal [this message]
2014-09-10 15:13 ` Baoquan He
2014-09-10 6:10 ` Baoquan He
2014-09-10 13:20 ` Vivek Goyal
2014-09-05 14:08 ` [PATCH 2/4] kaslr: check if the random addr is available Baoquan He
2014-09-05 17:16 ` Kees Cook
2014-09-05 22:16 ` Baoquan He
2014-09-09 19:41 ` Vivek Goyal
2014-09-10 13:55 ` Baoquan He
2014-09-05 14:08 ` [PATCH 3/4] kaslr setup_data handling Baoquan He
2014-09-05 17:32 ` Kees Cook
2014-09-05 22:27 ` Baoquan He
2014-09-09 19:45 ` Vivek Goyal
2014-09-09 19:49 ` H. Peter Anvin
2014-09-09 21:10 ` Kees Cook
2014-09-05 14:08 ` [PATCH 4/4] export the kernel image size KERNEL_IMAGE_SIZE Baoquan He
2014-09-05 17:00 ` Kees Cook
2014-09-09 19:47 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140910150432.GA7898@redhat.com \
--to=vgoyal@redhat.com \
--cc=ak@linux.intel.com \
--cc=bhe@redhat.com \
--cc=chaowang@redhat.com \
--cc=dyoung@redhat.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=whissi@whissi.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox