Re: [PATCH v2 2/3] x86/mm/KASLR: Calculate the actual size of vmemmap region

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@kernel.org>
To: Baoquan He <bhe@redhat.com>
Cc: tglx@linutronix.de, hpa@zytor.com, thgarnie@google.com,
	kirill.shutemov@linux.intel.com, x86@kernel.org,
	linux-kernel@vger.kernel.org,
	Peter Zijlstra <a.p.zijlstra@chello.nl>,
	Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH v2 2/3] x86/mm/KASLR: Calculate the actual size of vmemmap region
Date: Wed, 12 Sep 2018 12:01:35 +0200	[thread overview]
Message-ID: <20180912100135.GB3333@gmail.com> (raw)
In-Reply-To: <20180912094118.GD1740@192.168.1.3>


* Baoquan He <bhe@redhat.com> wrote:

> > BTW., isn't that 'vaddr_end for KASLR' entry position inaccurate? In the typical case it could 
> > very well be that by chance all 3 areas end up being randomized into the first 64 TB region, 
> > right?
> 
> Hmm, I think it means the whole space where KASLR can be allowed to
> randomize. [vaddr_start, vaddr_end] is a scope, KASLR algorithm can
> only move memory regions inside this area. It doesn't mean the final
> result of KASLR, or any typical case of them.
> 
> vaddr_start = pgtable_l5_enabled() ? __PAGE_OFFSET_BASE_L5 : __PAGE_OFFSET_BASE_L4;
> vaddr_end = CPU_ENTRY_AREA_BASE;

Ok.

> > > With this superfluous address space as well as changing the starting address
> > > of each memory region to be PUD level, namely 1 GB aligned, we can have
> > > thousands of candidate position to locate those three memory regions.
> > 
> > Would be nice provide the number of bits randomized, maximum, from which the number of GBs of 
> > physical RAM has to be subtracted.
> > 
> > Because 'thousands' of randomization targets is *excessively* poor randomization - caused by 
> > the ridiculously high rounding to 1GB. It would be _very_ nice to extend randomization to at 
> > least 2MB boundaries instead. (If the half cacheline of PTE entries possibly 'wasted' is an 
> > issue we could increase that to 128 MB, but should start with 2MB first.)
> > 
> > That would instantly multiply the randomization selection by 512 ...
> 
> This may involve critical code changes. E.g in below commit, when we
> copy page table, we just need go deep into PUD level since PAGE_OFFSET
> is PUD_SIZE aligned, now if 2M aligned, we need deep into PMD level. I
> can only think of this about this issue. Surely, I can do more
> investigation and see what need be done to achieve the goal.

Yeah, would be nice to do, it would also test the robustness of all this code.
Obviously done after the cleanups, fixes and simpler changes.

It would be a _really_ nice feature adding about 9 bits of absolute randomization and 3x9 bits 
of relative randomization between the ranges.

> Sure, will do according to your suggestion.

Thanks!!

	Ingo

next prev parent reply	other threads:[~2018-09-12 10:01 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-09 12:49 [PATCH v2 1/3] x86/mm/KASLR: Fix the wrong calculation of kalsr region initial size Baoquan He
2018-09-09 12:49 ` [PATCH v2 2/3] x86/mm/KASLR: Calculate the actual size of vmemmap region Baoquan He
2018-09-10  6:11   ` Ingo Molnar
2018-09-11  7:30     ` Baoquan He
2018-09-11  7:59       ` Ingo Molnar
2018-09-11  8:18         ` Baoquan He
2018-09-11  9:28           ` Ingo Molnar
2018-09-11 12:08             ` Baoquan He
2018-09-12  3:18               ` Baoquan He
2018-09-12  6:31                 ` Ingo Molnar
2018-09-12  9:41                   ` Baoquan He
2018-09-12 10:01                     ` Ingo Molnar [this message]
2018-09-21  2:10                   ` Baoquan He
2018-09-09 12:49 ` [PATCH v2 3/3] mm: Add build time sanity chcek for struct page size Baoquan He
2018-09-10 13:41   ` kbuild test robot
2018-09-11  7:47     ` Baoquan He
2018-09-10  6:18 ` [PATCH v2 1/3] x86/mm/KASLR: Fix the wrong calculation of kalsr region initial size Ingo Molnar
2018-09-11  7:22   ` Baoquan He

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180912100135.GB3333@gmail.com \
    --to=mingo@kernel.org \
    --cc=a.p.zijlstra@chello.nl \
    --cc=bhe@redhat.com \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).