From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Garnier <thgarnie@google.com>
Subject: [PATCH v3 27/27] x86/kaslr: Add option to extend KASLR
 range from 1GB to 3GB
Date: Wed, 23 May 2018 12:54:21 -0700
Message-ID: <20180523195421.180248-28-thgarnie@google.com>
References: <20180523195421.180248-1-thgarnie@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org,
 x86@kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
 virtualization@lists.linux-foundation.org, linux-sparse@vger.kernel.org,
 linux-crypto@vger.kernel.org, kernel-hardening@lists.openwall.com,
 xen-devel@lists.xenproject.org
To: Herbert Xu <herbert@gondor.apana.org.au>,
 "David S . Miller" <davem@davemloft.net>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>,
 Josh Poimboeuf <jpoimboe@redhat.com>,
 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 Thomas Garnier <thgarnie@google.com>,
 Philippe Ombredanne <pombredanne@nexb.com>,
 Kate Stewart <kstewart@linuxfoundation.org>,
 Arnaldo Carvalho de Melo <acme@redhat.com>, Yonghong Song <yhs@fb.com>,
 Andrey Ryabinin <aryabinin@virtuozzo.com>,
 Kees Cook <keescook@chromium.org>, Tom Lendacky <thomas.lendacky@amd.com>,
 "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
 Andy Lutomirski <luto@kernel.org>,
 Dominik Brodowski <linux@dominikbrodowski.net>,
 Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>,
 "Rafael J . Wysocki" <rjw@rjwysocki.net>, Len
Return-path: <xen-devel-bounces@lists.xenproject.org>
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
List-Id: linux-crypto.vger.kernel.org

QWRkIGEgbmV3IENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRSBvcHRpb24gdG8gYmVuZWZpdCBm
cm9tIFBJRQpzdXBwb3J0LiBJdCBpbmNyZWFzZXMgdGhlIEtBU0xSIHJhbmdlIGZyb20gMUdCIHRv
IDNHQi4gVGhlIG5ldyByYW5nZQpzdGFycyBhdCAweGZmZmZmZmZmMDAwMDAwMDAganVzdCBhYm92
ZSB0aGUgRUZJIG1lbW9yeSByZWdpb24uIFRoaXMKb3B0aW9uIGlzIG9mZiBieSBkZWZhdWx0LgoK
VGhlIGJvb3QgY29kZSBpcyBhZGFwdGVkIHRvIGNyZWF0ZSB0aGUgYXBwcm9wcmlhdGUgcGFnZSB0
YWJsZSBzcGFubmluZwp0aHJlZSBQVUQgcGFnZXMuCgpUaGUgcmVsb2NhdGlvbiB0YWJsZSB1c2Vz
IDY0LWJpdCBpbnRlZ2VycyBnZW5lcmF0ZWQgd2l0aCB0aGUgdXBkYXRlZApyZWxvY2F0aW9uIHRv
b2wgd2l0aCB0aGUgbGFyZ2UtcmVsb2Mgb3B0aW9uLgoKU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdh
cm5pZXIgPHRoZ2FybmllQGdvb2dsZS5jb20+Ci0tLQogYXJjaC94ODYvS2NvbmZpZyAgICAgICAg
ICAgICAgICAgICAgIHwgMjEgKysrKysrKysrKysrKysrKysrKysrCiBhcmNoL3g4Ni9ib290L2Nv
bXByZXNzZWQvTWFrZWZpbGUgICAgfCAgNSArKysrKwogYXJjaC94ODYvYm9vdC9jb21wcmVzc2Vk
L21pc2MuYyAgICAgIHwgMTAgKysrKysrKysrLQogYXJjaC94ODYvaW5jbHVkZS9hc20vcGFnZV82
NF90eXBlcy5oIHwgIDkgKysrKysrKysrCiBhcmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMgICAgICAg
ICAgICAgfCAxNSArKysrKysrKysrKystLS0KIGFyY2gveDg2L2tlcm5lbC9oZWFkXzY0LlMgICAg
ICAgICAgICB8IDExICsrKysrKysrKystCiA2IGZpbGVzIGNoYW5nZWQsIDY2IGluc2VydGlvbnMo
KyksIDUgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvYXJjaC94ODYvS2NvbmZpZyBiL2FyY2gv
eDg2L0tjb25maWcKaW5kZXggMjZkNWQ0OTQyNzc3Li4zNTk2YTdhNzZmZjAgMTAwNjQ0Ci0tLSBh
L2FyY2gveDg2L0tjb25maWcKKysrIGIvYXJjaC94ODYvS2NvbmZpZwpAQCAtMjIyMyw2ICsyMjIz
LDI3IEBAIGNvbmZpZyBYODZfUElFCiAJc2VsZWN0IERZTkFNSUNfTU9EVUxFX0JBU0UKIAlzZWxl
Y3QgTU9EVUxFX1JFTF9DUkNTIGlmIE1PRFZFUlNJT05TCiAKK2NvbmZpZyBSQU5ET01JWkVfQkFT
RV9MQVJHRQorCWJvb2wgIkluY3JlYXNlIHRoZSByYW5kb21pemF0aW9uIHJhbmdlIG9mIHRoZSBr
ZXJuZWwgaW1hZ2UiCisJZGVwZW5kcyBvbiBYODZfNjQgJiYgUkFORE9NSVpFX0JBU0UKKwlzZWxl
Y3QgWDg2X1BJRQorCXNlbGVjdCBYODZfTU9EVUxFX1BMVFMgaWYgTU9EVUxFUworCWRlZmF1bHQg
bgorCS0tLWhlbHAtLS0KKwkgIEJ1aWxkIHRoZSBrZXJuZWwgYXMgYSBQb3NpdGlvbiBJbmRlcGVu
ZGVudCBFeGVjdXRhYmxlIChQSUUpIGFuZAorCSAgaW5jcmVhc2UgdGhlIGF2YWlsYWJsZSByYW5k
b21pemF0aW9uIHJhbmdlIGZyb20gMUdCIHRvIDNHQi4KKworCSAgVGhpcyBvcHRpb24gaW1wYWN0
cyBwZXJmb3JtYW5jZSBvbiBrZXJuZWwgQ1BVIGludGVuc2l2ZSB3b3JrbG9hZHMgdXAKKwkgIHRv
IDEwJSBkdWUgdG8gUElFIGdlbmVyYXRlZCBjb2RlLiBJbXBhY3Qgb24gdXNlci1tb2RlIHByb2Nl
c3NlcyBhbmQKKwkgIHR5cGljYWwgdXNhZ2Ugd291bGQgYmUgc2lnbmlmaWNhbnRseSBsZXNzICgw
LjUwJSB3aGVuIHlvdSBidWlsZCB0aGUKKwkgIGtlcm5lbCkuCisKKwkgIFRoZSBrZXJuZWwgYW5k
IG1vZHVsZXMgd2lsbCBnZW5lcmF0ZSBzbGlnaHRseSBtb3JlIGFzc2VtYmx5ICgxIHRvIDIlCisJ
ICBpbmNyZWFzZSBvbiB0aGUgLnRleHQgc2VjdGlvbnMpLiBUaGUgdm1saW51eCBiaW5hcnkgd2ls
bCBiZQorCSAgc2lnbmlmaWNhbnRseSBzbWFsbGVyIGR1ZSB0byBsZXNzIHJlbG9jYXRpb25zLgor
CisJICBJZiB1bnN1cmUgc2F5IE4KKwogY29uZmlnIEhPVFBMVUdfQ1BVCiAJYm9vbCAiU3VwcG9y
dCBmb3IgaG90LXBsdWdnYWJsZSBDUFVzIgogCWRlcGVuZHMgb24gU01QCmRpZmYgLS1naXQgYS9h
cmNoL3g4Ni9ib290L2NvbXByZXNzZWQvTWFrZWZpbGUgYi9hcmNoL3g4Ni9ib290L2NvbXByZXNz
ZWQvTWFrZWZpbGUKaW5kZXggZmE0MmY4OTVmZGRlLi44NDk3ZWJkNWUwNzggMTAwNjQ0Ci0tLSBh
L2FyY2gveDg2L2Jvb3QvY29tcHJlc3NlZC9NYWtlZmlsZQorKysgYi9hcmNoL3g4Ni9ib290L2Nv
bXByZXNzZWQvTWFrZWZpbGUKQEAgLTExNiw3ICsxMTYsMTIgQEAgJChvYmopL3ZtbGludXguYmlu
OiB2bWxpbnV4IEZPUkNFCiAKIHRhcmdldHMgKz0gJChwYXRzdWJzdCAkKG9iaikvJSwlLCQodm1s
aW51eC1vYmpzLXkpKSB2bWxpbnV4LmJpbi5hbGwgdm1saW51eC5yZWxvY3MKIAorIyBMYXJnZSBy
YW5kb21pemF0aW9uIHJlcXVpcmUgYmlnZ2VyIHJlbG9jYXRpb24gdGFibGUKK2lmZXEgKCQoQ09O
RklHX1JBTkRPTUlaRV9CQVNFX0xBUkdFKSx5KQorQ01EX1JFTE9DUyA9IGFyY2gveDg2L3Rvb2xz
L3JlbG9jcyAtLWxhcmdlLXJlbG9jCitlbHNlCiBDTURfUkVMT0NTID0gYXJjaC94ODYvdG9vbHMv
cmVsb2NzCitlbmRpZgogcXVpZXRfY21kX3JlbG9jcyA9IFJFTE9DUyAgJEAKICAgICAgIGNtZF9y
ZWxvY3MgPSAkKENNRF9SRUxPQ1MpICQ8ID4gJEA7JChDTURfUkVMT0NTKSAtLWFicy1yZWxvY3Mg
JDwKICQob2JqKS92bWxpbnV4LnJlbG9jczogdm1saW51eCBGT1JDRQpkaWZmIC0tZ2l0IGEvYXJj
aC94ODYvYm9vdC9jb21wcmVzc2VkL21pc2MuYyBiL2FyY2gveDg2L2Jvb3QvY29tcHJlc3NlZC9t
aXNjLmMKaW5kZXggOGRkMWQ1Y2NhZTU4Li4yOGQxN2JkNWJhZDggMTAwNjQ0Ci0tLSBhL2FyY2gv
eDg2L2Jvb3QvY29tcHJlc3NlZC9taXNjLmMKKysrIGIvYXJjaC94ODYvYm9vdC9jb21wcmVzc2Vk
L21pc2MuYwpAQCAtMTcxLDEwICsxNzEsMTggQEAgdm9pZCBfX3B1dGhleCh1bnNpZ25lZCBsb25n
IHZhbHVlKQogfQogCiAjaWYgQ09ORklHX1g4Nl9ORUVEX1JFTE9DUworCisvKiBMYXJnZSByYW5k
b21pemF0aW9uIGdvIGxvd2VyIHRoYW4gLTJHIGFuZCB1c2UgbGFyZ2UgcmVsb2NhdGlvbiB0YWJs
ZSAqLworI2lmZGVmIENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRQordHlwZWRlZiBsb25nIHJl
bF90OworI2Vsc2UKK3R5cGVkZWYgaW50IHJlbF90OworI2VuZGlmCisKIHN0YXRpYyB2b2lkIGhh
bmRsZV9yZWxvY2F0aW9ucyh2b2lkICpvdXRwdXQsIHVuc2lnbmVkIGxvbmcgb3V0cHV0X2xlbiwK
IAkJCSAgICAgICB1bnNpZ25lZCBsb25nIHZpcnRfYWRkcikKIHsKLQlpbnQgKnJlbG9jOworCXJl
bF90ICpyZWxvYzsKIAl1bnNpZ25lZCBsb25nIGRlbHRhLCBtYXAsIHB0cjsKIAl1bnNpZ25lZCBs
b25nIG1pbl9hZGRyID0gKHVuc2lnbmVkIGxvbmcpb3V0cHV0OwogCXVuc2lnbmVkIGxvbmcgbWF4
X2FkZHIgPSBtaW5fYWRkciArIChWT19fX2Jzc19zdGFydCAtIFZPX190ZXh0KTsKZGlmZiAtLWdp
dCBhL2FyY2gveDg2L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaCBiL2FyY2gveDg2L2luY2x1
ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaAppbmRleCAyYzVhOTY2ZGMyMjIuLjg1ZWE2ODE0MjFkMiAx
MDA2NDQKLS0tIGEvYXJjaC94ODYvaW5jbHVkZS9hc20vcGFnZV82NF90eXBlcy5oCisrKyBiL2Fy
Y2gveDg2L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaApAQCAtNDYsNyArNDYsMTEgQEAKICNk
ZWZpbmUgX19QQUdFX09GRlNFVCAgICAgICAgICAgX19QQUdFX09GRlNFVF9CQVNFX0w0CiAjZW5k
aWYgLyogQ09ORklHX0RZTkFNSUNfTUVNT1JZX0xBWU9VVCAqLwogCisjaWZkZWYgQ09ORklHX1JB
TkRPTUlaRV9CQVNFX0xBUkdFCisjZGVmaW5lIF9fU1RBUlRfS0VSTkVMX21hcAlfQUMoMHhmZmZm
ZmZmZjAwMDAwMDAwLCBVTCkKKyNlbHNlCiAjZGVmaW5lIF9fU1RBUlRfS0VSTkVMX21hcAlfQUMo
MHhmZmZmZmZmZjgwMDAwMDAwLCBVTCkKKyNlbmRpZiAvKiBDT05GSUdfUkFORE9NSVpFX0JBU0Vf
TEFSR0UgKi8KIAogLyogU2VlIERvY3VtZW50YXRpb24veDg2L3g4Nl82NC9tbS50eHQgZm9yIGEg
ZGVzY3JpcHRpb24gb2YgdGhlIG1lbW9yeSBtYXAuICovCiAKQEAgLTY0LDkgKzY4LDE0IEBACiAg
KiA1MTJNaUIgYnkgZGVmYXVsdCwgbGVhdmluZyAxLjVHaUIgZm9yIG1vZHVsZXMgb25jZSB0aGUg
cGFnZSB0YWJsZXMKICAqIGFyZSBmdWxseSBzZXQgdXAuIElmIGtlcm5lbCBBU0xSIGlzIGNvbmZp
Z3VyZWQsIGl0IGNhbiBleHRlbmQgdGhlCiAgKiBrZXJuZWwgcGFnZSB0YWJsZSBtYXBwaW5nLCBy
ZWR1Y2luZyB0aGUgc2l6ZSBvZiB0aGUgbW9kdWxlcyBhcmVhLgorICogT24gUElFLCB3ZSByZWxv
Y2F0ZSB0aGUgYmluYXJ5IDJHIGxvd2VyIHNvIGFkZCB0aGlzIGV4dHJhIHNwYWNlLgogICovCiAj
aWYgZGVmaW5lZChDT05GSUdfUkFORE9NSVpFX0JBU0UpCisjaWZkZWYgQ09ORklHX1JBTkRPTUla
RV9CQVNFX0xBUkdFCisjZGVmaW5lIEtFUk5FTF9JTUFHRV9TSVpFCShfQUMoMywgVUwpICogMTAy
NCAqIDEwMjQgKiAxMDI0KQorI2Vsc2UKICNkZWZpbmUgS0VSTkVMX0lNQUdFX1NJWkUJKDEwMjQg
KiAxMDI0ICogMTAyNCkKKyNlbmRpZgogI2Vsc2UKICNkZWZpbmUgS0VSTkVMX0lNQUdFX1NJWkUJ
KDUxMiAqIDEwMjQgKiAxMDI0KQogI2VuZGlmCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9rZXJuZWwv
aGVhZDY0LmMgYi9hcmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMKaW5kZXggM2ExY2U4MjJlMWMwLi5l
MThjYzIzYjlkOTkgMTAwNjQ0Ci0tLSBhL2FyY2gveDg2L2tlcm5lbC9oZWFkNjQuYworKysgYi9h
cmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMKQEAgLTYzLDYgKzYzLDcgQEAgRVhQT1JUX1NZTUJPTCh2
bWVtbWFwX2Jhc2UpOwogI2VuZGlmCiAKICNkZWZpbmUgX19oZWFkCV9fc2VjdGlvbiguaGVhZC50
ZXh0KQorI2RlZmluZSBwdWRfY291bnQoeCkgICAoKCh4ICsgKFBVRF9TSVpFIC0gMSkpICYgfihQ
VURfU0laRSAtIDEpKSA+PiBQVURfU0hJRlQpCiAKIC8qIFJlcXVpcmVkIGZvciByZWFkX2NyMyB3
aGVuIGJ1aWxkaW5nIGFzIFBJRSAqLwogdW5zaWduZWQgbG9uZyBfX2ZvcmNlX29yZGVyOwpAQCAt
MTE4LDYgKzExOSw4IEBAIHVuc2lnbmVkIGxvbmcgX19oZWFkIF9fc3RhcnR1cF82NCh1bnNpZ25l
ZCBsb25nIHBoeXNhZGRyLAogewogCXVuc2lnbmVkIGxvbmcgbG9hZF9kZWx0YSwgKnA7CiAJdW5z
aWduZWQgbG9uZyBwZ3RhYmxlX2ZsYWdzOworCXVuc2lnbmVkIGxvbmcgbGV2ZWwzX2tlcm5lbF9z
dGFydCwgbGV2ZWwzX2tlcm5lbF9jb3VudDsKKwl1bnNpZ25lZCBsb25nIGxldmVsM19maXhtYXBf
c3RhcnQ7CiAJcGdkdmFsX3QgKnBnZDsKIAlwNGR2YWxfdCAqcDRkOwogCXB1ZHZhbF90ICpwdWQ7
CkBAIC0xNDksNiArMTUyLDExIEBAIHVuc2lnbmVkIGxvbmcgX19oZWFkIF9fc3RhcnR1cF82NCh1
bnNpZ25lZCBsb25nIHBoeXNhZGRyLAogCS8qIEluY2x1ZGUgdGhlIFNNRSBlbmNyeXB0aW9uIG1h
c2sgaW4gdGhlIGZpeHVwIHZhbHVlICovCiAJbG9hZF9kZWx0YSArPSBzbWVfZ2V0X21lX21hc2so
KTsKIAorCS8qIExvb2sgYXQgdGhlIHJhbmRvbWl6YXRpb24gc3ByZWFkIHRvIGFkYXB0IHBhZ2Ug
dGFibGUgdXNlZCAqLworCWxldmVsM19rZXJuZWxfc3RhcnQgPSBwdWRfaW5kZXgoX19TVEFSVF9L
RVJORUxfbWFwKTsKKwlsZXZlbDNfa2VybmVsX2NvdW50ID0gcHVkX2NvdW50KEtFUk5FTF9JTUFH
RV9TSVpFKTsKKwlsZXZlbDNfZml4bWFwX3N0YXJ0ID0gbGV2ZWwzX2tlcm5lbF9zdGFydCArIGxl
dmVsM19rZXJuZWxfY291bnQ7CisKIAkvKiBGaXh1cCB0aGUgcGh5c2ljYWwgYWRkcmVzc2VzIGlu
IHRoZSBwYWdlIHRhYmxlICovCiAKIAlwZ2QgPSBmaXh1cF9wb2ludGVyKCZlYXJseV90b3BfcGd0
LCBwaHlzYWRkcik7CkBAIC0xNjUsOCArMTczLDkgQEAgdW5zaWduZWQgbG9uZyBfX2hlYWQgX19z
dGFydHVwXzY0KHVuc2lnbmVkIGxvbmcgcGh5c2FkZHIsCiAJfQogCiAJcHVkID0gZml4dXBfcG9p
bnRlcigmbGV2ZWwzX2tlcm5lbF9wZ3QsIHBoeXNhZGRyKTsKLQlwdWRbNTEwXSArPSBsb2FkX2Rl
bHRhOwotCXB1ZFs1MTFdICs9IGxvYWRfZGVsdGE7CisJZm9yIChpID0gMDsgaSA8IGxldmVsM19r
ZXJuZWxfY291bnQ7IGkrKykKKwkJcHVkW2xldmVsM19rZXJuZWxfc3RhcnQgKyBpXSArPSBsb2Fk
X2RlbHRhOworCXB1ZFtsZXZlbDNfZml4bWFwX3N0YXJ0XSArPSBsb2FkX2RlbHRhOwogCiAJcG1k
ID0gZml4dXBfcG9pbnRlcihsZXZlbDJfZml4bWFwX3BndCwgcGh5c2FkZHIpOwogCXBtZFs1MDZd
ICs9IGxvYWRfZGVsdGE7CkBAIC0yMjQsNyArMjMzLDcgQEAgdW5zaWduZWQgbG9uZyBfX2hlYWQg
X19zdGFydHVwXzY0KHVuc2lnbmVkIGxvbmcgcGh5c2FkZHIsCiAJICovCiAKIAlwbWQgPSBmaXh1
cF9wb2ludGVyKGxldmVsMl9rZXJuZWxfcGd0LCBwaHlzYWRkcik7Ci0JZm9yIChpID0gMDsgaSA8
IFBUUlNfUEVSX1BNRDsgaSsrKSB7CisJZm9yIChpID0gMDsgaSA8IFBUUlNfUEVSX1BNRCAqIGxl
dmVsM19rZXJuZWxfY291bnQ7IGkrKykgewogCQlpZiAocG1kW2ldICYgX1BBR0VfUFJFU0VOVCkK
IAkJCXBtZFtpXSArPSBsb2FkX2RlbHRhOwogCX0KZGlmZiAtLWdpdCBhL2FyY2gveDg2L2tlcm5l
bC9oZWFkXzY0LlMgYi9hcmNoL3g4Ni9rZXJuZWwvaGVhZF82NC5TCmluZGV4IGY0NGIyNTliMjZk
My4uNTAzNDNiOWJhNWRhIDEwMDY0NAotLS0gYS9hcmNoL3g4Ni9rZXJuZWwvaGVhZF82NC5TCisr
KyBiL2FyY2gveDg2L2tlcm5lbC9oZWFkXzY0LlMKQEAgLTQxLDEyICs0MSwxNiBAQAogCiAjZGVm
aW5lIGw0X2luZGV4KHgpCSgoKHgpID4+IDM5KSAmIDUxMSkKICNkZWZpbmUgcHVkX2luZGV4KHgp
CSgoKHgpID4+IFBVRF9TSElGVCkgJiAoUFRSU19QRVJfUFVELTEpKQorI2RlZmluZSBwdWRfY291
bnQoeCkgICAoKCh4ICsgKFBVRF9TSVpFIC0gMSkpICYgfihQVURfU0laRSAtIDEpKSA+PiBQVURf
U0hJRlQpCiAKIEw0X1BBR0VfT0ZGU0VUID0gbDRfaW5kZXgoX19QQUdFX09GRlNFVF9CQVNFX0w0
KQogTDRfU1RBUlRfS0VSTkVMID0gbDRfaW5kZXgoX19TVEFSVF9LRVJORUxfbWFwKQogCiBMM19T
VEFSVF9LRVJORUwgPSBwdWRfaW5kZXgoX19TVEFSVF9LRVJORUxfbWFwKQogCisvKiBBZGFwdCBw
YWdlIHRhYmxlIEwzIHNwYWNlIGJhc2VkIG9uIHJhbmdlIG9mIHJhbmRvbWl6YXRpb24gKi8KK0wz
X0tFUk5FTF9FTlRSWV9DT1VOVCA9IHB1ZF9jb3VudChLRVJORUxfSU1BR0VfU0laRSkKKwogCS50
ZXh0CiAJX19IRUFECiAJLmNvZGU2NApAQCAtNDQxLDcgKzQ0NSwxMiBAQCBORVhUX1BBR0UobGV2
ZWw0X2tlcm5lbF9wZ3QpCiBORVhUX1BBR0UobGV2ZWwzX2tlcm5lbF9wZ3QpCiAJLmZpbGwJTDNf
U1RBUlRfS0VSTkVMLDgsMAogCS8qICgyXjQ4LSgyKjEwMjQqMTAyNCoxMDI0KS0oKDJeMzkpKjUx
MSkpLygyXjMwKSA9IDUxMCAqLwotCS5xdWFkCWxldmVsMl9rZXJuZWxfcGd0IC0gX19TVEFSVF9L
RVJORUxfbWFwICsgX0tFUk5QR19UQUJMRV9OT0VOQworCWkgPSAwCisJLnJlcHQJTDNfS0VSTkVM
X0VOVFJZX0NPVU5UCisJLnF1YWQJbGV2ZWwyX2tlcm5lbF9wZ3QgLSBfX1NUQVJUX0tFUk5FTF9t
YXAgKyBfS0VSTlBHX1RBQkxFX05PRU5DIFwKKwkJKyBQQUdFX1NJWkUqaQorCWkgPSBpICsgMQor
CS5lbmRyCiAJLnF1YWQJbGV2ZWwyX2ZpeG1hcF9wZ3QgLSBfX1NUQVJUX0tFUk5FTF9tYXAgKyBf
UEFHRV9UQUJMRV9OT0VOQwogCiBORVhUX1BBR0UobGV2ZWwyX2tlcm5lbF9wZ3QpCi0tIAoyLjE3
LjAuNDQxLmdiNDZmZTYwZTFkLWdvb2cKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54
ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL21haWxtYW4vbGlzdGlu
Zm8veGVuLWRldmVs

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Garnier <thgarnie@google.com>
Subject: [PATCH v3 27/27] x86/kaslr: Add option to extend KASLR
 range from 1GB to 3GB
Date: Wed, 23 May 2018 12:54:21 -0700
Message-ID: <20180523195421.180248-28-thgarnie@google.com>
References: <20180523195421.180248-1-thgarnie@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xenproject.org>
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
To: Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>, Josh Poimboeuf <jpoimboe@redhat.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Thomas Garnier <thgarnie@google.com>, Philippe Ombredanne <pombredanne@nexb.com>, Kate Stewart <kstewart@linuxfoundation.org>, Arnaldo Carvalho de Melo <acme@redhat.com>, Yonghong Song <yhs@fb.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Kees Cook <keescook@chromium.org>, Tom Lendacky <thomas.lendacky@amd.com>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Dominik Brodowski <linux@dominikbrodowski.net>, Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>, "Rafael J . Wysocki" <rjw@rjwysocki.net>Len
Cc: linux-arch@vger.kernel.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, x86@kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-sparse@vger.kernel.org, linux-crypto@vger.kernel.org, kernel-hardening@lists.openwall.com, xen-devel@lists.xenproject.org
List-Id: linux-sparse@vger.kernel.org

QWRkIGEgbmV3IENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRSBvcHRpb24gdG8gYmVuZWZpdCBm
cm9tIFBJRQpzdXBwb3J0LiBJdCBpbmNyZWFzZXMgdGhlIEtBU0xSIHJhbmdlIGZyb20gMUdCIHRv
IDNHQi4gVGhlIG5ldyByYW5nZQpzdGFycyBhdCAweGZmZmZmZmZmMDAwMDAwMDAganVzdCBhYm92
ZSB0aGUgRUZJIG1lbW9yeSByZWdpb24uIFRoaXMKb3B0aW9uIGlzIG9mZiBieSBkZWZhdWx0LgoK
VGhlIGJvb3QgY29kZSBpcyBhZGFwdGVkIHRvIGNyZWF0ZSB0aGUgYXBwcm9wcmlhdGUgcGFnZSB0
YWJsZSBzcGFubmluZwp0aHJlZSBQVUQgcGFnZXMuCgpUaGUgcmVsb2NhdGlvbiB0YWJsZSB1c2Vz
IDY0LWJpdCBpbnRlZ2VycyBnZW5lcmF0ZWQgd2l0aCB0aGUgdXBkYXRlZApyZWxvY2F0aW9uIHRv
b2wgd2l0aCB0aGUgbGFyZ2UtcmVsb2Mgb3B0aW9uLgoKU2lnbmVkLW9mZi1ieTogVGhvbWFzIEdh
cm5pZXIgPHRoZ2FybmllQGdvb2dsZS5jb20+Ci0tLQogYXJjaC94ODYvS2NvbmZpZyAgICAgICAg
ICAgICAgICAgICAgIHwgMjEgKysrKysrKysrKysrKysrKysrKysrCiBhcmNoL3g4Ni9ib290L2Nv
bXByZXNzZWQvTWFrZWZpbGUgICAgfCAgNSArKysrKwogYXJjaC94ODYvYm9vdC9jb21wcmVzc2Vk
L21pc2MuYyAgICAgIHwgMTAgKysrKysrKysrLQogYXJjaC94ODYvaW5jbHVkZS9hc20vcGFnZV82
NF90eXBlcy5oIHwgIDkgKysrKysrKysrCiBhcmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMgICAgICAg
ICAgICAgfCAxNSArKysrKysrKysrKystLS0KIGFyY2gveDg2L2tlcm5lbC9oZWFkXzY0LlMgICAg
ICAgICAgICB8IDExICsrKysrKysrKystCiA2IGZpbGVzIGNoYW5nZWQsIDY2IGluc2VydGlvbnMo
KyksIDUgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvYXJjaC94ODYvS2NvbmZpZyBiL2FyY2gv
eDg2L0tjb25maWcKaW5kZXggMjZkNWQ0OTQyNzc3Li4zNTk2YTdhNzZmZjAgMTAwNjQ0Ci0tLSBh
L2FyY2gveDg2L0tjb25maWcKKysrIGIvYXJjaC94ODYvS2NvbmZpZwpAQCAtMjIyMyw2ICsyMjIz
LDI3IEBAIGNvbmZpZyBYODZfUElFCiAJc2VsZWN0IERZTkFNSUNfTU9EVUxFX0JBU0UKIAlzZWxl
Y3QgTU9EVUxFX1JFTF9DUkNTIGlmIE1PRFZFUlNJT05TCiAKK2NvbmZpZyBSQU5ET01JWkVfQkFT
RV9MQVJHRQorCWJvb2wgIkluY3JlYXNlIHRoZSByYW5kb21pemF0aW9uIHJhbmdlIG9mIHRoZSBr
ZXJuZWwgaW1hZ2UiCisJZGVwZW5kcyBvbiBYODZfNjQgJiYgUkFORE9NSVpFX0JBU0UKKwlzZWxl
Y3QgWDg2X1BJRQorCXNlbGVjdCBYODZfTU9EVUxFX1BMVFMgaWYgTU9EVUxFUworCWRlZmF1bHQg
bgorCS0tLWhlbHAtLS0KKwkgIEJ1aWxkIHRoZSBrZXJuZWwgYXMgYSBQb3NpdGlvbiBJbmRlcGVu
ZGVudCBFeGVjdXRhYmxlIChQSUUpIGFuZAorCSAgaW5jcmVhc2UgdGhlIGF2YWlsYWJsZSByYW5k
b21pemF0aW9uIHJhbmdlIGZyb20gMUdCIHRvIDNHQi4KKworCSAgVGhpcyBvcHRpb24gaW1wYWN0
cyBwZXJmb3JtYW5jZSBvbiBrZXJuZWwgQ1BVIGludGVuc2l2ZSB3b3JrbG9hZHMgdXAKKwkgIHRv
IDEwJSBkdWUgdG8gUElFIGdlbmVyYXRlZCBjb2RlLiBJbXBhY3Qgb24gdXNlci1tb2RlIHByb2Nl
c3NlcyBhbmQKKwkgIHR5cGljYWwgdXNhZ2Ugd291bGQgYmUgc2lnbmlmaWNhbnRseSBsZXNzICgw
LjUwJSB3aGVuIHlvdSBidWlsZCB0aGUKKwkgIGtlcm5lbCkuCisKKwkgIFRoZSBrZXJuZWwgYW5k
IG1vZHVsZXMgd2lsbCBnZW5lcmF0ZSBzbGlnaHRseSBtb3JlIGFzc2VtYmx5ICgxIHRvIDIlCisJ
ICBpbmNyZWFzZSBvbiB0aGUgLnRleHQgc2VjdGlvbnMpLiBUaGUgdm1saW51eCBiaW5hcnkgd2ls
bCBiZQorCSAgc2lnbmlmaWNhbnRseSBzbWFsbGVyIGR1ZSB0byBsZXNzIHJlbG9jYXRpb25zLgor
CisJICBJZiB1bnN1cmUgc2F5IE4KKwogY29uZmlnIEhPVFBMVUdfQ1BVCiAJYm9vbCAiU3VwcG9y
dCBmb3IgaG90LXBsdWdnYWJsZSBDUFVzIgogCWRlcGVuZHMgb24gU01QCmRpZmYgLS1naXQgYS9h
cmNoL3g4Ni9ib290L2NvbXByZXNzZWQvTWFrZWZpbGUgYi9hcmNoL3g4Ni9ib290L2NvbXByZXNz
ZWQvTWFrZWZpbGUKaW5kZXggZmE0MmY4OTVmZGRlLi44NDk3ZWJkNWUwNzggMTAwNjQ0Ci0tLSBh
L2FyY2gveDg2L2Jvb3QvY29tcHJlc3NlZC9NYWtlZmlsZQorKysgYi9hcmNoL3g4Ni9ib290L2Nv
bXByZXNzZWQvTWFrZWZpbGUKQEAgLTExNiw3ICsxMTYsMTIgQEAgJChvYmopL3ZtbGludXguYmlu
OiB2bWxpbnV4IEZPUkNFCiAKIHRhcmdldHMgKz0gJChwYXRzdWJzdCAkKG9iaikvJSwlLCQodm1s
aW51eC1vYmpzLXkpKSB2bWxpbnV4LmJpbi5hbGwgdm1saW51eC5yZWxvY3MKIAorIyBMYXJnZSBy
YW5kb21pemF0aW9uIHJlcXVpcmUgYmlnZ2VyIHJlbG9jYXRpb24gdGFibGUKK2lmZXEgKCQoQ09O
RklHX1JBTkRPTUlaRV9CQVNFX0xBUkdFKSx5KQorQ01EX1JFTE9DUyA9IGFyY2gveDg2L3Rvb2xz
L3JlbG9jcyAtLWxhcmdlLXJlbG9jCitlbHNlCiBDTURfUkVMT0NTID0gYXJjaC94ODYvdG9vbHMv
cmVsb2NzCitlbmRpZgogcXVpZXRfY21kX3JlbG9jcyA9IFJFTE9DUyAgJEAKICAgICAgIGNtZF9y
ZWxvY3MgPSAkKENNRF9SRUxPQ1MpICQ8ID4gJEA7JChDTURfUkVMT0NTKSAtLWFicy1yZWxvY3Mg
JDwKICQob2JqKS92bWxpbnV4LnJlbG9jczogdm1saW51eCBGT1JDRQpkaWZmIC0tZ2l0IGEvYXJj
aC94ODYvYm9vdC9jb21wcmVzc2VkL21pc2MuYyBiL2FyY2gveDg2L2Jvb3QvY29tcHJlc3NlZC9t
aXNjLmMKaW5kZXggOGRkMWQ1Y2NhZTU4Li4yOGQxN2JkNWJhZDggMTAwNjQ0Ci0tLSBhL2FyY2gv
eDg2L2Jvb3QvY29tcHJlc3NlZC9taXNjLmMKKysrIGIvYXJjaC94ODYvYm9vdC9jb21wcmVzc2Vk
L21pc2MuYwpAQCAtMTcxLDEwICsxNzEsMTggQEAgdm9pZCBfX3B1dGhleCh1bnNpZ25lZCBsb25n
IHZhbHVlKQogfQogCiAjaWYgQ09ORklHX1g4Nl9ORUVEX1JFTE9DUworCisvKiBMYXJnZSByYW5k
b21pemF0aW9uIGdvIGxvd2VyIHRoYW4gLTJHIGFuZCB1c2UgbGFyZ2UgcmVsb2NhdGlvbiB0YWJs
ZSAqLworI2lmZGVmIENPTkZJR19SQU5ET01JWkVfQkFTRV9MQVJHRQordHlwZWRlZiBsb25nIHJl
bF90OworI2Vsc2UKK3R5cGVkZWYgaW50IHJlbF90OworI2VuZGlmCisKIHN0YXRpYyB2b2lkIGhh
bmRsZV9yZWxvY2F0aW9ucyh2b2lkICpvdXRwdXQsIHVuc2lnbmVkIGxvbmcgb3V0cHV0X2xlbiwK
IAkJCSAgICAgICB1bnNpZ25lZCBsb25nIHZpcnRfYWRkcikKIHsKLQlpbnQgKnJlbG9jOworCXJl
bF90ICpyZWxvYzsKIAl1bnNpZ25lZCBsb25nIGRlbHRhLCBtYXAsIHB0cjsKIAl1bnNpZ25lZCBs
b25nIG1pbl9hZGRyID0gKHVuc2lnbmVkIGxvbmcpb3V0cHV0OwogCXVuc2lnbmVkIGxvbmcgbWF4
X2FkZHIgPSBtaW5fYWRkciArIChWT19fX2Jzc19zdGFydCAtIFZPX190ZXh0KTsKZGlmZiAtLWdp
dCBhL2FyY2gveDg2L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaCBiL2FyY2gveDg2L2luY2x1
ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaAppbmRleCAyYzVhOTY2ZGMyMjIuLjg1ZWE2ODE0MjFkMiAx
MDA2NDQKLS0tIGEvYXJjaC94ODYvaW5jbHVkZS9hc20vcGFnZV82NF90eXBlcy5oCisrKyBiL2Fy
Y2gveDg2L2luY2x1ZGUvYXNtL3BhZ2VfNjRfdHlwZXMuaApAQCAtNDYsNyArNDYsMTEgQEAKICNk
ZWZpbmUgX19QQUdFX09GRlNFVCAgICAgICAgICAgX19QQUdFX09GRlNFVF9CQVNFX0w0CiAjZW5k
aWYgLyogQ09ORklHX0RZTkFNSUNfTUVNT1JZX0xBWU9VVCAqLwogCisjaWZkZWYgQ09ORklHX1JB
TkRPTUlaRV9CQVNFX0xBUkdFCisjZGVmaW5lIF9fU1RBUlRfS0VSTkVMX21hcAlfQUMoMHhmZmZm
ZmZmZjAwMDAwMDAwLCBVTCkKKyNlbHNlCiAjZGVmaW5lIF9fU1RBUlRfS0VSTkVMX21hcAlfQUMo
MHhmZmZmZmZmZjgwMDAwMDAwLCBVTCkKKyNlbmRpZiAvKiBDT05GSUdfUkFORE9NSVpFX0JBU0Vf
TEFSR0UgKi8KIAogLyogU2VlIERvY3VtZW50YXRpb24veDg2L3g4Nl82NC9tbS50eHQgZm9yIGEg
ZGVzY3JpcHRpb24gb2YgdGhlIG1lbW9yeSBtYXAuICovCiAKQEAgLTY0LDkgKzY4LDE0IEBACiAg
KiA1MTJNaUIgYnkgZGVmYXVsdCwgbGVhdmluZyAxLjVHaUIgZm9yIG1vZHVsZXMgb25jZSB0aGUg
cGFnZSB0YWJsZXMKICAqIGFyZSBmdWxseSBzZXQgdXAuIElmIGtlcm5lbCBBU0xSIGlzIGNvbmZp
Z3VyZWQsIGl0IGNhbiBleHRlbmQgdGhlCiAgKiBrZXJuZWwgcGFnZSB0YWJsZSBtYXBwaW5nLCBy
ZWR1Y2luZyB0aGUgc2l6ZSBvZiB0aGUgbW9kdWxlcyBhcmVhLgorICogT24gUElFLCB3ZSByZWxv
Y2F0ZSB0aGUgYmluYXJ5IDJHIGxvd2VyIHNvIGFkZCB0aGlzIGV4dHJhIHNwYWNlLgogICovCiAj
aWYgZGVmaW5lZChDT05GSUdfUkFORE9NSVpFX0JBU0UpCisjaWZkZWYgQ09ORklHX1JBTkRPTUla
RV9CQVNFX0xBUkdFCisjZGVmaW5lIEtFUk5FTF9JTUFHRV9TSVpFCShfQUMoMywgVUwpICogMTAy
NCAqIDEwMjQgKiAxMDI0KQorI2Vsc2UKICNkZWZpbmUgS0VSTkVMX0lNQUdFX1NJWkUJKDEwMjQg
KiAxMDI0ICogMTAyNCkKKyNlbmRpZgogI2Vsc2UKICNkZWZpbmUgS0VSTkVMX0lNQUdFX1NJWkUJ
KDUxMiAqIDEwMjQgKiAxMDI0KQogI2VuZGlmCmRpZmYgLS1naXQgYS9hcmNoL3g4Ni9rZXJuZWwv
aGVhZDY0LmMgYi9hcmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMKaW5kZXggM2ExY2U4MjJlMWMwLi5l
MThjYzIzYjlkOTkgMTAwNjQ0Ci0tLSBhL2FyY2gveDg2L2tlcm5lbC9oZWFkNjQuYworKysgYi9h
cmNoL3g4Ni9rZXJuZWwvaGVhZDY0LmMKQEAgLTYzLDYgKzYzLDcgQEAgRVhQT1JUX1NZTUJPTCh2
bWVtbWFwX2Jhc2UpOwogI2VuZGlmCiAKICNkZWZpbmUgX19oZWFkCV9fc2VjdGlvbiguaGVhZC50
ZXh0KQorI2RlZmluZSBwdWRfY291bnQoeCkgICAoKCh4ICsgKFBVRF9TSVpFIC0gMSkpICYgfihQ
VURfU0laRSAtIDEpKSA+PiBQVURfU0hJRlQpCiAKIC8qIFJlcXVpcmVkIGZvciByZWFkX2NyMyB3
aGVuIGJ1aWxkaW5nIGFzIFBJRSAqLwogdW5zaWduZWQgbG9uZyBfX2ZvcmNlX29yZGVyOwpAQCAt
MTE4LDYgKzExOSw4IEBAIHVuc2lnbmVkIGxvbmcgX19oZWFkIF9fc3RhcnR1cF82NCh1bnNpZ25l
ZCBsb25nIHBoeXNhZGRyLAogewogCXVuc2lnbmVkIGxvbmcgbG9hZF9kZWx0YSwgKnA7CiAJdW5z
aWduZWQgbG9uZyBwZ3RhYmxlX2ZsYWdzOworCXVuc2lnbmVkIGxvbmcgbGV2ZWwzX2tlcm5lbF9z
dGFydCwgbGV2ZWwzX2tlcm5lbF9jb3VudDsKKwl1bnNpZ25lZCBsb25nIGxldmVsM19maXhtYXBf
c3RhcnQ7CiAJcGdkdmFsX3QgKnBnZDsKIAlwNGR2YWxfdCAqcDRkOwogCXB1ZHZhbF90ICpwdWQ7
CkBAIC0xNDksNiArMTUyLDExIEBAIHVuc2lnbmVkIGxvbmcgX19oZWFkIF9fc3RhcnR1cF82NCh1
bnNpZ25lZCBsb25nIHBoeXNhZGRyLAogCS8qIEluY2x1ZGUgdGhlIFNNRSBlbmNyeXB0aW9uIG1h
c2sgaW4gdGhlIGZpeHVwIHZhbHVlICovCiAJbG9hZF9kZWx0YSArPSBzbWVfZ2V0X21lX21hc2so
KTsKIAorCS8qIExvb2sgYXQgdGhlIHJhbmRvbWl6YXRpb24gc3ByZWFkIHRvIGFkYXB0IHBhZ2Ug
dGFibGUgdXNlZCAqLworCWxldmVsM19rZXJuZWxfc3RhcnQgPSBwdWRfaW5kZXgoX19TVEFSVF9L
RVJORUxfbWFwKTsKKwlsZXZlbDNfa2VybmVsX2NvdW50ID0gcHVkX2NvdW50KEtFUk5FTF9JTUFH
RV9TSVpFKTsKKwlsZXZlbDNfZml4bWFwX3N0YXJ0ID0gbGV2ZWwzX2tlcm5lbF9zdGFydCArIGxl
dmVsM19rZXJuZWxfY291bnQ7CisKIAkvKiBGaXh1cCB0aGUgcGh5c2ljYWwgYWRkcmVzc2VzIGlu
IHRoZSBwYWdlIHRhYmxlICovCiAKIAlwZ2QgPSBmaXh1cF9wb2ludGVyKCZlYXJseV90b3BfcGd0
LCBwaHlzYWRkcik7CkBAIC0xNjUsOCArMTczLDkgQEAgdW5zaWduZWQgbG9uZyBfX2hlYWQgX19z
dGFydHVwXzY0KHVuc2lnbmVkIGxvbmcgcGh5c2FkZHIsCiAJfQogCiAJcHVkID0gZml4dXBfcG9p
bnRlcigmbGV2ZWwzX2tlcm5lbF9wZ3QsIHBoeXNhZGRyKTsKLQlwdWRbNTEwXSArPSBsb2FkX2Rl
bHRhOwotCXB1ZFs1MTFdICs9IGxvYWRfZGVsdGE7CisJZm9yIChpID0gMDsgaSA8IGxldmVsM19r
ZXJuZWxfY291bnQ7IGkrKykKKwkJcHVkW2xldmVsM19rZXJuZWxfc3RhcnQgKyBpXSArPSBsb2Fk
X2RlbHRhOworCXB1ZFtsZXZlbDNfZml4bWFwX3N0YXJ0XSArPSBsb2FkX2RlbHRhOwogCiAJcG1k
ID0gZml4dXBfcG9pbnRlcihsZXZlbDJfZml4bWFwX3BndCwgcGh5c2FkZHIpOwogCXBtZFs1MDZd
ICs9IGxvYWRfZGVsdGE7CkBAIC0yMjQsNyArMjMzLDcgQEAgdW5zaWduZWQgbG9uZyBfX2hlYWQg
X19zdGFydHVwXzY0KHVuc2lnbmVkIGxvbmcgcGh5c2FkZHIsCiAJICovCiAKIAlwbWQgPSBmaXh1
cF9wb2ludGVyKGxldmVsMl9rZXJuZWxfcGd0LCBwaHlzYWRkcik7Ci0JZm9yIChpID0gMDsgaSA8
IFBUUlNfUEVSX1BNRDsgaSsrKSB7CisJZm9yIChpID0gMDsgaSA8IFBUUlNfUEVSX1BNRCAqIGxl
dmVsM19rZXJuZWxfY291bnQ7IGkrKykgewogCQlpZiAocG1kW2ldICYgX1BBR0VfUFJFU0VOVCkK
IAkJCXBtZFtpXSArPSBsb2FkX2RlbHRhOwogCX0KZGlmZiAtLWdpdCBhL2FyY2gveDg2L2tlcm5l
bC9oZWFkXzY0LlMgYi9hcmNoL3g4Ni9rZXJuZWwvaGVhZF82NC5TCmluZGV4IGY0NGIyNTliMjZk
My4uNTAzNDNiOWJhNWRhIDEwMDY0NAotLS0gYS9hcmNoL3g4Ni9rZXJuZWwvaGVhZF82NC5TCisr
KyBiL2FyY2gveDg2L2tlcm5lbC9oZWFkXzY0LlMKQEAgLTQxLDEyICs0MSwxNiBAQAogCiAjZGVm
aW5lIGw0X2luZGV4KHgpCSgoKHgpID4+IDM5KSAmIDUxMSkKICNkZWZpbmUgcHVkX2luZGV4KHgp
CSgoKHgpID4+IFBVRF9TSElGVCkgJiAoUFRSU19QRVJfUFVELTEpKQorI2RlZmluZSBwdWRfY291
bnQoeCkgICAoKCh4ICsgKFBVRF9TSVpFIC0gMSkpICYgfihQVURfU0laRSAtIDEpKSA+PiBQVURf
U0hJRlQpCiAKIEw0X1BBR0VfT0ZGU0VUID0gbDRfaW5kZXgoX19QQUdFX09GRlNFVF9CQVNFX0w0
KQogTDRfU1RBUlRfS0VSTkVMID0gbDRfaW5kZXgoX19TVEFSVF9LRVJORUxfbWFwKQogCiBMM19T
VEFSVF9LRVJORUwgPSBwdWRfaW5kZXgoX19TVEFSVF9LRVJORUxfbWFwKQogCisvKiBBZGFwdCBw
YWdlIHRhYmxlIEwzIHNwYWNlIGJhc2VkIG9uIHJhbmdlIG9mIHJhbmRvbWl6YXRpb24gKi8KK0wz
X0tFUk5FTF9FTlRSWV9DT1VOVCA9IHB1ZF9jb3VudChLRVJORUxfSU1BR0VfU0laRSkKKwogCS50
ZXh0CiAJX19IRUFECiAJLmNvZGU2NApAQCAtNDQxLDcgKzQ0NSwxMiBAQCBORVhUX1BBR0UobGV2
ZWw0X2tlcm5lbF9wZ3QpCiBORVhUX1BBR0UobGV2ZWwzX2tlcm5lbF9wZ3QpCiAJLmZpbGwJTDNf
U1RBUlRfS0VSTkVMLDgsMAogCS8qICgyXjQ4LSgyKjEwMjQqMTAyNCoxMDI0KS0oKDJeMzkpKjUx
MSkpLygyXjMwKSA9IDUxMCAqLwotCS5xdWFkCWxldmVsMl9rZXJuZWxfcGd0IC0gX19TVEFSVF9L
RVJORUxfbWFwICsgX0tFUk5QR19UQUJMRV9OT0VOQworCWkgPSAwCisJLnJlcHQJTDNfS0VSTkVM
X0VOVFJZX0NPVU5UCisJLnF1YWQJbGV2ZWwyX2tlcm5lbF9wZ3QgLSBfX1NUQVJUX0tFUk5FTF9t
YXAgKyBfS0VSTlBHX1RBQkxFX05PRU5DIFwKKwkJKyBQQUdFX1NJWkUqaQorCWkgPSBpICsgMQor
CS5lbmRyCiAJLnF1YWQJbGV2ZWwyX2ZpeG1hcF9wZ3QgLSBfX1NUQVJUX0tFUk5FTF9tYXAgKyBf
UEFHRV9UQUJMRV9OT0VOQwogCiBORVhUX1BBR0UobGV2ZWwyX2tlcm5lbF9wZ3QpCi0tIAoyLjE3
LjAuNDQxLmdiNDZmZTYwZTFkLWdvb2cKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54
ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnByb2plY3Qub3JnL21haWxtYW4vbGlzdGlu
Zm8veGVuLWRldmVs

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Garnier <thgarnie@google.com>
Subject: [PATCH v3 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB
Date: Wed, 23 May 2018 12:54:21 -0700
Message-Id: <20180523195421.180248-28-thgarnie@google.com>
In-Reply-To: <20180523195421.180248-1-thgarnie@google.com>
References: <20180523195421.180248-1-thgarnie@google.com>
To: Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>, Peter Zijlstra <peterz@infradead.org>, Josh Poimboeuf <jpoimboe@redhat.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Thomas Garnier <thgarnie@google.com>, Philippe Ombredanne <pombredanne@nexb.com>, Kate Stewart <kstewart@linuxfoundation.org>, Arnaldo Carvalho de Melo <acme@redhat.com>, Yonghong Song <yhs@fb.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Kees Cook <keescook@chromium.org>, Tom Lendacky <thomas.lendacky@amd.com>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Dominik Brodowski <linux@dominikbrodowski.net>, Borislav Petkov <bp@alien8.de>, Borislav Petkov <bp@suse.de>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>, Juergen Gross <jgross@suse.com>, Alok Kataria <akataria@vmware.com>, Steven Rostedt <rostedt@goodmis.org>, Jan Kiszka <jan.kiszka@siemens.com>, Tejun Heo <tj@kernel.org>, Christoph Lameter <cl@linux.com>, Dennis Zhou <dennisszhou@gmail.com>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Alexey Dobriyan <adobriyan@gmail.com>, Masami Hiramatsu <mhiramat@kernel.org>, Cao jin <caoj.fnst@cn.fujitsu.com>, Francis Deslauriers <francis.deslauriers@efficios.com>, "Paul E . McKenney" <paulmck@linux.vnet.ibm.com>, Nicolas Pitre <nicolas.pitre@linaro.org>, Andrew Morton <akpm@linux-foundation.org>, Randy Dunlap <rdunlap@infradead.org>, "Luis R . Rodriguez" <mcgrof@kernel.org>, Arnd Bergmann <arnd@arndb.de>, Christopher Li <sparse@chrisli.org>, Jason Baron <jbaron@akamai.com>, Mika Westerberg <mika.westerberg@linux.intel.com>, Lukas Wunner <lukas@wunner.de>, Dou Liyang <douly.fnst@cn.fujitsu.com>, Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>, Petr Mladek <pmladek@suse.com>, Masahiro Yamada <yamada.masahiro@socionext.com>, Ingo Molnar <mingo@kernel.org>, Nicholas Piggin <npiggin@gmail.com>, "H . J . Lu" <hjl.tools@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>, Joerg Roedel <joro@8bytes.org>, David Woodhouse <dwmw@amazon.co.uk>, Dave Hansen <dave.hansen@linux.intel.com>, Rik van Riel <riel@redhat.com>, Jia Zhang <qianyue.zj@alibaba-inc.com>, Ricardo Neri <ricardo.neri-calderon@linux.intel.com>, Jonathan Corbet <corbet@lwn.net>, Jan Beulich <JBeulich@suse.com>, Matthias Kaehlcke <mka@chromium.org>, Baoquan He <bhe@redhat.com>, =?UTF-8?q?Jan=20H=20=2E=20Sch=C3=B6nherr?= <jschoenh@amazon.de>, Daniel Micay <danielmicay@gmail.com>
Cc: x86@kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, virtualization@lists.linux-foundation.org, xen-devel@lists.xenproject.org, linux-arch@vger.kernel.org, linux-sparse@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, kernel-hardening@lists.openwall.com
List-ID: <kernel-hardening.lists.openwall.com>

Add a new CONFIG_RANDOMIZE_BASE_LARGE option to benefit from PIE
support. It increases the KASLR range from 1GB to 3GB. The new range
stars at 0xffffffff00000000 just above the EFI memory region. This
option is off by default.

The boot code is adapted to create the appropriate page table spanning
three PUD pages.

The relocation table uses 64-bit integers generated with the updated
relocation tool with the large-reloc option.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
---
 arch/x86/Kconfig                     | 21 +++++++++++++++++++++
 arch/x86/boot/compressed/Makefile    |  5 +++++
 arch/x86/boot/compressed/misc.c      | 10 +++++++++-
 arch/x86/include/asm/page_64_types.h |  9 +++++++++
 arch/x86/kernel/head64.c             | 15 ++++++++++++---
 arch/x86/kernel/head_64.S            | 11 ++++++++++-
 6 files changed, 66 insertions(+), 5 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 26d5d4942777..3596a7a76ff0 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2223,6 +2223,27 @@ config X86_PIE
 	select DYNAMIC_MODULE_BASE
 	select MODULE_REL_CRCS if MODVERSIONS
 
+config RANDOMIZE_BASE_LARGE
+	bool "Increase the randomization range of the kernel image"
+	depends on X86_64 && RANDOMIZE_BASE
+	select X86_PIE
+	select X86_MODULE_PLTS if MODULES
+	default n
+	---help---
+	  Build the kernel as a Position Independent Executable (PIE) and
+	  increase the available randomization range from 1GB to 3GB.
+
+	  This option impacts performance on kernel CPU intensive workloads up
+	  to 10% due to PIE generated code. Impact on user-mode processes and
+	  typical usage would be significantly less (0.50% when you build the
+	  kernel).
+
+	  The kernel and modules will generate slightly more assembly (1 to 2%
+	  increase on the .text sections). The vmlinux binary will be
+	  significantly smaller due to less relocations.
+
+	  If unsure say N
+
 config HOTPLUG_CPU
 	bool "Support for hot-pluggable CPUs"
 	depends on SMP
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index fa42f895fdde..8497ebd5e078 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -116,7 +116,12 @@ $(obj)/vmlinux.bin: vmlinux FORCE
 
 targets += $(patsubst $(obj)/%,%,$(vmlinux-objs-y)) vmlinux.bin.all vmlinux.relocs
 
+# Large randomization require bigger relocation table
+ifeq ($(CONFIG_RANDOMIZE_BASE_LARGE),y)
+CMD_RELOCS = arch/x86/tools/relocs --large-reloc
+else
 CMD_RELOCS = arch/x86/tools/relocs
+endif
 quiet_cmd_relocs = RELOCS  $@
       cmd_relocs = $(CMD_RELOCS) $< > $@;$(CMD_RELOCS) --abs-relocs $<
 $(obj)/vmlinux.relocs: vmlinux FORCE
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 8dd1d5ccae58..28d17bd5bad8 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -171,10 +171,18 @@ void __puthex(unsigned long value)
 }
 
 #if CONFIG_X86_NEED_RELOCS
+
+/* Large randomization go lower than -2G and use large relocation table */
+#ifdef CONFIG_RANDOMIZE_BASE_LARGE
+typedef long rel_t;
+#else
+typedef int rel_t;
+#endif
+
 static void handle_relocations(void *output, unsigned long output_len,
 			       unsigned long virt_addr)
 {
-	int *reloc;
+	rel_t *reloc;
 	unsigned long delta, map, ptr;
 	unsigned long min_addr = (unsigned long)output;
 	unsigned long max_addr = min_addr + (VO___bss_start - VO__text);
diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 2c5a966dc222..85ea681421d2 100644
--- a/arch/x86/include/asm/page_64_types.h
+++ b/arch/x86/include/asm/page_64_types.h
@@ -46,7 +46,11 @@
 #define __PAGE_OFFSET           __PAGE_OFFSET_BASE_L4
 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */
 
+#ifdef CONFIG_RANDOMIZE_BASE_LARGE
+#define __START_KERNEL_map	_AC(0xffffffff00000000, UL)
+#else
 #define __START_KERNEL_map	_AC(0xffffffff80000000, UL)
+#endif /* CONFIG_RANDOMIZE_BASE_LARGE */
 
 /* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */
 
@@ -64,9 +68,14 @@
  * 512MiB by default, leaving 1.5GiB for modules once the page tables
  * are fully set up. If kernel ASLR is configured, it can extend the
  * kernel page table mapping, reducing the size of the modules area.
+ * On PIE, we relocate the binary 2G lower so add this extra space.
  */
 #if defined(CONFIG_RANDOMIZE_BASE)
+#ifdef CONFIG_RANDOMIZE_BASE_LARGE
+#define KERNEL_IMAGE_SIZE	(_AC(3, UL) * 1024 * 1024 * 1024)
+#else
 #define KERNEL_IMAGE_SIZE	(1024 * 1024 * 1024)
+#endif
 #else
 #define KERNEL_IMAGE_SIZE	(512 * 1024 * 1024)
 #endif
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 3a1ce822e1c0..e18cc23b9d99 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -63,6 +63,7 @@ EXPORT_SYMBOL(vmemmap_base);
 #endif
 
 #define __head	__section(.head.text)
+#define pud_count(x)   (((x + (PUD_SIZE - 1)) & ~(PUD_SIZE - 1)) >> PUD_SHIFT)
 
 /* Required for read_cr3 when building as PIE */
 unsigned long __force_order;
@@ -118,6 +119,8 @@ unsigned long __head __startup_64(unsigned long physaddr,
 {
 	unsigned long load_delta, *p;
 	unsigned long pgtable_flags;
+	unsigned long level3_kernel_start, level3_kernel_count;
+	unsigned long level3_fixmap_start;
 	pgdval_t *pgd;
 	p4dval_t *p4d;
 	pudval_t *pud;
@@ -149,6 +152,11 @@ unsigned long __head __startup_64(unsigned long physaddr,
 	/* Include the SME encryption mask in the fixup value */
 	load_delta += sme_get_me_mask();
 
+	/* Look at the randomization spread to adapt page table used */
+	level3_kernel_start = pud_index(__START_KERNEL_map);
+	level3_kernel_count = pud_count(KERNEL_IMAGE_SIZE);
+	level3_fixmap_start = level3_kernel_start + level3_kernel_count;
+
 	/* Fixup the physical addresses in the page table */
 
 	pgd = fixup_pointer(&early_top_pgt, physaddr);
@@ -165,8 +173,9 @@ unsigned long __head __startup_64(unsigned long physaddr,
 	}
 
 	pud = fixup_pointer(&level3_kernel_pgt, physaddr);
-	pud[510] += load_delta;
-	pud[511] += load_delta;
+	for (i = 0; i < level3_kernel_count; i++)
+		pud[level3_kernel_start + i] += load_delta;
+	pud[level3_fixmap_start] += load_delta;
 
 	pmd = fixup_pointer(level2_fixmap_pgt, physaddr);
 	pmd[506] += load_delta;
@@ -224,7 +233,7 @@ unsigned long __head __startup_64(unsigned long physaddr,
 	 */
 
 	pmd = fixup_pointer(level2_kernel_pgt, physaddr);
-	for (i = 0; i < PTRS_PER_PMD; i++) {
+	for (i = 0; i < PTRS_PER_PMD * level3_kernel_count; i++) {
 		if (pmd[i] & _PAGE_PRESENT)
 			pmd[i] += load_delta;
 	}
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index f44b259b26d3..50343b9ba5da 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -41,12 +41,16 @@
 
 #define l4_index(x)	(((x) >> 39) & 511)
 #define pud_index(x)	(((x) >> PUD_SHIFT) & (PTRS_PER_PUD-1))
+#define pud_count(x)   (((x + (PUD_SIZE - 1)) & ~(PUD_SIZE - 1)) >> PUD_SHIFT)
 
 L4_PAGE_OFFSET = l4_index(__PAGE_OFFSET_BASE_L4)
 L4_START_KERNEL = l4_index(__START_KERNEL_map)
 
 L3_START_KERNEL = pud_index(__START_KERNEL_map)
 
+/* Adapt page table L3 space based on range of randomization */
+L3_KERNEL_ENTRY_COUNT = pud_count(KERNEL_IMAGE_SIZE)
+
 	.text
 	__HEAD
 	.code64
@@ -441,7 +445,12 @@ NEXT_PAGE(level4_kernel_pgt)
 NEXT_PAGE(level3_kernel_pgt)
 	.fill	L3_START_KERNEL,8,0
 	/* (2^48-(2*1024*1024*1024)-((2^39)*511))/(2^30) = 510 */
-	.quad	level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC
+	i = 0
+	.rept	L3_KERNEL_ENTRY_COUNT
+	.quad	level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC \
+		+ PAGE_SIZE*i
+	i = i + 1
+	.endr
 	.quad	level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC
 
 NEXT_PAGE(level2_kernel_pgt)
-- 
2.17.0.441.gb46fe60e1d-goog