All of lore.kernel.org
 help / color / mirror / Atom feed
From: Baoquan He <bhe@redhat.com>
To: mingo@kernel.org, tglx@linutronix.de, hpa@zytor.com
Cc: linux-kernel@vger.kernel.org, kirill.shutemov@linux.intel.com,
	x86@kernel.org, thgarnie@google.com, corbet@lwn.net,
	linux-doc@vger.kernel.org, peterz@infradead.org
Subject: Re: [PATCH v2 3/3] x86/doc/kaslr.txt: Create a separate part of document abourt KASLR at the end of file
Date: Fri, 21 Sep 2018 13:23:27 +0800	[thread overview]
Message-ID: <20180921052327.GA32486@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20180921032157.GT2555@MiWiFi-R3L-srv>

On 09/21/18 at 11:21am, Baoquan He wrote:
> Take the original content as the first part to only list static mm layout
> tables in non-KASLR case. Then add KASLR document at the end.
> 
> Signed-off-by: Baoquan He <bhe@redhat.com>
> ---
>  Documentation/x86/x86_64/mm.txt | 62 +++++++++++++++++++++++++++++++++++------
>  1 file changed, 54 insertions(+), 8 deletions(-)
> 
> diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt
> index fc1da95e629d..58187614c7ca 100644
> --- a/Documentation/x86/x86_64/mm.txt
> +++ b/Documentation/x86/x86_64/mm.txt
> @@ -1,4 +1,6 @@
>  
> +MM layout in non-KASLR case:
> +
>  Virtual memory map with 4 level page tables:
>  
>  0000000000000000 - 00007fffffffffff (=47 bits, 128 TB) user space, different per mm
> @@ -12,7 +14,6 @@ ffffea0000000000 - ffffeaffffffffff (=40 bits, 1 TB) virtual memory map (vmemmap
>  ffffeb0000000000 - ffffebffffffffff (=40 bits, 1 TB) unused hole
>  ffffec0000000000 - fffffbffffffffff (=44 bits, 16 TB) kasan shadow memory
>  fffffc0000000000 - fffffdffffffffff (=41 bits, 2 TB) unused hole
> -				    vaddr_end for KASLR
>  fffffe0000000000 - fffffe7fffffffff (=39 bits, 512 GB) cpu_entry_area mapping
>  fffffe8000000000 - fffffeffffffffff (=39 bits, 512 GB) LDT remap for PTI
>  ffffff0000000000 - ffffff7fffffffff (=39 bits, 512 GB) %esp fixup stacks
> @@ -38,7 +39,6 @@ ffd4000000000000 - ffd5ffffffffffff (=49 bits, 512 TB) virtual memory map (vmemm
>  ffd6000000000000 - ffdeffffffffffff (~51 bits, 2304 TB) unused hole
>  ffdf000000000000 - fffffdffffffffff (~53 bits, ~8 PB) kasan shadow memory
>  fffffc0000000000 - fffffdffffffffff (=41 bits, 2 TB) unused hole
> -				    vaddr_end for KASLR
>  fffffe0000000000 - fffffe7fffffffff (=39 bits, 512 GB) cpu_entry_area mapping
>  fffffe8000000000 - fffffeffffffffff (=39 bits, 512 GB) unused hole
>  ffffff0000000000 - ffffff7fffffffff (=39 bits, 512 GB) %esp fixup stacks
> @@ -70,10 +70,56 @@ memory window (this size is arbitrary, it can be raised later if needed).
>  The mappings are not part of any other kernel PGD and are only available
>  during EFI runtime calls.
>  
> -Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all
> -physical memory, vmalloc/ioremap space and virtual memory map are randomized.
> -Their order is preserved but their base will be offset early at boot time.
> +KASLR
> +=========================================================================
> +
> +Kernel Adress Space Layout Randomization (KASLR) consists of two parts
> +which work together to enhance the security of the Linux kernel:
> +
> + - Kernel text KASLR
> + - Memory region KASLR
> +
> +Kernel text KASLR
> +-----------------
> +The physical address and virtual address of kernel text itself are
> +randomized to a different position separately. The physical address of
> +the kernel can be anywhere under 64TB, while the virtual address of the
				    ~~~ in 4-level paging mode
> +kernel is restricted between [0xffffffff80000000, ffffffffbfffffff],
> +the 1GB space.
> +
> +ffffffff80000000 - ffffffffbfffffff (1 GB)  kernel text mapping, from phys 0
> +ffffffffc0000000 - fffffffffeffffff (1520 MB) module mapping space
					1 GB too, will repost.
> +
> +Note: The kernel text KASLR uses 1 GB space to randomize the position of
> +kernel image, and it's defalutly enabled. If KASLR config option
> +CONFIG_RANDOMIZE_BASE is not enabled, the space for kernel image will be
> +shrink to 512 MB, increase the size of modules area to 1.5 GB.
> +
> +Memory region KASLR
> +-------------------
> +If CONFIG_RANDOMIZE_MEMORY is enabled, the below three memory regions
> +are randomized. Their order is preserved but their base will be offset
> +early at boot time.
> +
> +   - direct mapping region
> +   - vmalloc region
> +   - vmemmap region
> +
> +The KASLR address range must not overlap with anything except the KASAN
> +shadow area, which is correct as KASAN disables KASLR.
> +
> +So from the original starting address of the direct mapping region for physical
> +RAM to the starting address of the cpu_entry_area mapping region, namely
> +[0xffff880000000000 - 0xfffffdffffffffff], the scope of 118 TB in all is
> +the virtual address space where memory region KASLR can be allowed to move
> +those memory regions around. After KASLR manipulation is done, their layout
> +looks like:
>  
> -Be very careful vs. KASLR when changing anything here. The KASLR address
> -range must not overlap with anything except the KASAN shadow area, which is
> -correct as KASAN disables KASLR.
> +Name            Starting address        Size                                         Aligned
> +-----------------------------------------------------------------------------------------------
> +direct mapping  page_offset_base        [actual size of system RAM + 10 TB padding]  1 GB
> +*guard hole     random                  random                                       1 GB
> +vmalloc         vmalloc_base            32 TB                                        1 GB
> +*guard hole     random                  random                                       1 GB
> +vmemmap         vmemmap_base            1 TB                                         1 GB
> +*guard hole     random                  random                                       1 GB
> -- 
> 2.13.6
> 

  reply	other threads:[~2018-09-21  5:23 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-21  2:05 [PATCH 0/3] x86/mm/doc: Clean up mm.txt Baoquan He
2018-09-21  2:05 ` [PATCH 1/3] x86/KASLR: Update document about KERNEL_IMAGE_SIZE Baoquan He
2018-09-21  2:05 ` [PATCH 2/3] x86/mm/doc: Clean up the memory region layout descriptions Baoquan He
2018-09-21  2:05 ` [PATCH 3/3] x86/doc/kaslr.txt: Create a separate part of document abourt KASLR at the end of file Baoquan He
2018-09-21  3:19   ` Baoquan He
2018-09-21  3:21   ` [PATCH v2 " Baoquan He
2018-09-21  5:23     ` Baoquan He [this message]
2018-09-21  5:29     ` [PATCH v3 " Baoquan He
2018-09-27  0:02 ` [PATCH 0/3] x86/mm/doc: Clean up mm.txt Baoquan He
2018-09-26 23:58 [PATCH v2 " Baoquan He
2018-09-26 23:58 ` [PATCH v2 3/3] x86/doc/kaslr.txt: Create a separate part of document abourt KASLR at the end of file Baoquan He

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180921052327.GA32486@MiWiFi-R3L-srv \
    --to=bhe@redhat.com \
    --cc=corbet@lwn.net \
    --cc=hpa@zytor.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.