From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752521AbdGEIGd (ORCPT ); Wed, 5 Jul 2017 04:06:33 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35986 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752493AbdGEIGX (ORCPT ); Wed, 5 Jul 2017 04:06:23 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E6787C04B924 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=bhe@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E6787C04B924 From: Baoquan He To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, tglx@linutronix.de, hpa@zytor.com, mingo@kernel.org, keescook@chromium.org, izumi.taku@jp.fujitsu.com, thgarnie@google.com, fanc.fnst@cn.fujitsu.com, matt@codeblueprint.co.uk, Baoquan He Subject: [PATCH v3 0/2] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions Date: Wed, 5 Jul 2017 16:06:12 +0800 Message-Id: <1499241974-7938-1-git-send-email-bhe@redhat.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 05 Jul 2017 08:06:23 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Our customer reported that Kernel text may be located on non-mirror region (movable zone) when both address range mirroring feature and KASLR are enabled. The functions of address range mirroring feature are as follows. - The physical memory region whose descriptors in EFI memory map have EFI_MEMORY_MORE_RELIABLE attribute (bit: 16) are mirrored - The function arranges such mirror region into normal zone and other region into movable zone in order to locate kernel code and data on mirror region So we need restrict kernel to be located inside mirror regions if it is existed. The method is very simple. If efi is enabled, just iterate all efi memory map and pick mirror region to process for adding candidate of slot. If efi disabled or no mirror region existed, still process e820 memory map. This won't bring much efficiency loss, at worst we just go through all efi memory maps and found no mirror. Changelog: v2->v3: Put process_efi_entry invocation inside the #ifdef CONFIG_EFI according to tglx's suggestion. Since the efi related code is meaningful only if CONFIG_EFI=y. v1->v2: Removed debug code. Taku suggested that we should put kernel to mirrored region always whether or not "kernelcore=mirror" is specified since kernel text is important and mirrored region is reliable. Change code according to kbuild report and Chao Fan's comment. Test: Chao helped testing the v1 (RFC patchset) 100 times. And he said in the 100 times, 50 times are with this patchset applied, 50 times are without it. The test result showed the v1 patchset works very well. Baoquan He (2): x86/boot/KASLR: Adapt process_e820_entry for any type of memory entry x86/boot/KASLR: Restrict kernel to be randomized in mirror regions arch/x86/boot/compressed/kaslr.c | 108 +++++++++++++++++++++++++++++---------- 1 file changed, 82 insertions(+), 26 deletions(-) -- 2.5.5