From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751104AbdEPBM0 (ORCPT ); Mon, 15 May 2017 21:12:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40706 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750753AbdEPBMZ (ORCPT ); Mon, 15 May 2017 21:12:25 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5541380F6D Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=bhe@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 5541380F6D Date: Tue, 16 May 2017 09:12:16 +0800 From: Baoquan He To: Dou Liyang Cc: tglx@linutronix.de, keescook@chromium.org, mingo@kernel.org, m.mizuma@jp.fujitsu.com, linux-kernel@vger.kernel.org, dyoung@redhat.com, dan.j.williams@intel.com, hpa@zytor.com, x86@kernel.org Subject: Re: [PATCH v5 2/3] KASLR: Handle memory limit specified by memmap and mem option Message-ID: <20170516011216.GA29117@x1> References: <1494654390-23861-1-git-send-email-bhe@redhat.com> <1494654390-23861-3-git-send-email-bhe@redhat.com> <8eea9863-aaec-254b-1ca0-7b12b43a2477@cn.fujitsu.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8eea9863-aaec-254b-1ca0-7b12b43a2477@cn.fujitsu.com> User-Agent: Mutt/1.7.0 (2016-08-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 16 May 2017 01:12:24 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/16/17 at 08:56am, Dou Liyang wrote: > Hi Baoquan, > > At 05/13/2017 01:46 PM, Baoquan He wrote: > > Option mem= will limit the max address a system can use and any memory > > region above the limit will be removed. > > > > Furthermore, memmap=nn[KMG] which has no offset specified has the same > > behaviour as mem=. > > > > KASLR needs to consider this when choosing the random position for > > decompressing the kernel. Do it now. > > > > Signed-off-by: Baoquan He > > Tested-by: Masayoshi Mizuma > > --- > > arch/x86/boot/compressed/kaslr.c | 68 +++++++++++++++++++++++++++++----------- > > 1 file changed, 50 insertions(+), 18 deletions(-) > > > > diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c > > index 106e13b..e0eba12 100644 > > --- a/arch/x86/boot/compressed/kaslr.c > > +++ b/arch/x86/boot/compressed/kaslr.c > > @@ -88,6 +88,10 @@ struct mem_vector { > > static bool memmap_too_large; > > > > > > +/* Store memory limit specified by "mem=nn[KMG]" or "memmap=nn[KMG]" */ > > +unsigned long long mem_limit = ULLONG_MAX; > > + > > + > > enum mem_avoid_index { > > MEM_AVOID_ZO_RANGE = 0, > > MEM_AVOID_INITRD, > > @@ -138,16 +142,23 @@ parse_memmap(char *p, unsigned long long *start, unsigned long long *size) > > return -EINVAL; > > > > switch (*p) { > > - case '@': > > - /* Skip this region, usable */ > > - *start = 0; > > - *size = 0; > > - return 0; > > case '#': > > case '$': > > case '!': > > *start = memparse(p + 1, &p); > > return 0; > > + case '@': > > + /* memmap=nn@ss specifies usable region, should be skipped */ > > + *size = 0; > > + /* Fall through */ > > + default: > > + /* > > + * If w/o offset, only size specified, memmap=nn[KMG] has the > > + * same behaviour as mem=nn[KMG]. It limits the max address > > + * system can use. Region above the limit should be avoided. > > + */ > > + *start = 0; > > + return 0; > > } > > > > return -EINVAL; > > @@ -173,9 +184,14 @@ static void mem_avoid_memmap(char *str) > > if (rc < 0) > > break; > > str = k; > > - /* A usable region that should not be skipped */ > > - if (size == 0) > > + > > + if (start == 0) { > > + /* Store the specified memory limit if size > 0 */ > > + if (size > 0) > > + mem_limit = size; > > Baoquan, > > I am not sure about setting the value of mem_limit to mem_size directly. > > If the command line has both the "memmap" and "mem", such as > ... mem=2G memmap=4G ... > > ...in that code, the mem_limit may be 4G not 2G. No, could you tell why you want to add both "memmap=nnKMG" and "mem=" at the same time? As you sid, what if I add "mem=4G mem=2G mem=1G"? > > In my opinion, How about following: > > mem_limit = mem_limit > mem_size ? mem_size : mem_limit; > > > + > > continue; > > + } > > > > mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].start = start; > > mem_avoid[MEM_AVOID_MEMMAP_BEGIN + i].size = size; > > @@ -187,19 +203,15 @@ static void mem_avoid_memmap(char *str) > > memmap_too_large = true; > > } > > > > - > > -/* > > - * handle_mem_memmap will also cover 'mem=' issue in next patch. Will remove > > - * this note later. > > - */ > > static int handle_mem_memmap(void) > > { > > char *args = (char *)get_cmd_line_ptr(); > > size_t len = strlen((char *)args); > > char *tmp_cmdline; > > char *param, *val; > > + u64 mem_size; > > > > - if (!strstr(args, "memmap=")) > > + if (!strstr(args, "memmap=") && !strstr(args, "mem=")) > > return 0; > > > > tmp_cmdline = malloc(len + 1); > > @@ -222,8 +234,20 @@ static int handle_mem_memmap(void) > > return -1; > > } > > > > - if (!strcmp(param, "memmap")) > > + if (!strcmp(param, "memmap")) { > > mem_avoid_memmap(val); > > + } else if (!strcmp(param, "mem")) { > > + char *p = val; > > + > > + if (!strcmp(p, "nopentium")) > > + continue; > > + mem_size = memparse(p, &p); > > + if (mem_size == 0) { > > + free(tmp_cmdline); > > + return -EINVAL; > > + } > > + mem_limit = mem_size; > > The same as above. > > Thanks, > Liyang. > > > + } > > } > > > > free(tmp_cmdline); > > @@ -460,7 +484,8 @@ static void process_e820_entry(struct boot_e820_entry *entry, > > { > > struct mem_vector region, overlap; > > struct slot_area slot_area; > > - unsigned long start_orig; > > + unsigned long start_orig, end; > > + struct boot_e820_entry cur_entry; > > > > /* Skip non-RAM entries. */ > > if (entry->type != E820_TYPE_RAM) > > @@ -474,8 +499,15 @@ static void process_e820_entry(struct boot_e820_entry *entry, > > if (entry->addr + entry->size < minimum) > > return; > > > > - region.start = entry->addr; > > - region.size = entry->size; > > + /* Ignore entries above memory limit */ > > + end = min(entry->size + entry->addr, mem_limit); > > + if (entry->addr >= end) > > + return; > > + cur_entry.addr = entry->addr; > > + cur_entry.size = end - entry->addr; > > + > > + region.start = cur_entry.addr; > > + region.size = cur_entry.size; > > > > /* Give up if slot area array is full. */ > > while (slot_area_index < MAX_SLOT_AREA) { > > @@ -489,7 +521,7 @@ static void process_e820_entry(struct boot_e820_entry *entry, > > region.start = ALIGN(region.start, CONFIG_PHYSICAL_ALIGN); > > > > /* Did we raise the address above this e820 region? */ > > - if (region.start > entry->addr + entry->size) > > + if (region.start > cur_entry.addr + cur_entry.size) > > return; > > > > /* Reduce size by any delta from the original address. */ > > > >