linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Baoquan He <bhe@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: x86@kernel.org, keescook@chromium.org, matt@codeblueprint.co.uk,
	tglx@linutronix.de, mingo@kernel.org, hpa@zytor.com,
	izumi.taku@jp.fujitsu.com, fanc.fnst@cn.fujitsu.com,
	thgarnie@google.com, Baoquan He <bhe@redhat.com>
Subject: [PATCH v4 0/4] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions
Date: Sun,  9 Jul 2017 20:37:38 +0800	[thread overview]
Message-ID: <1499603862-11516-1-git-send-email-bhe@redhat.com> (raw)

Our customer reported that Kernel text may be located on non-mirror
region (movable zone) when both address range mirroring feature and
KASLR are enabled.

The functions of address range mirroring feature are as follows.
- The physical memory region whose descriptors in EFI memory map have
  EFI_MEMORY_MORE_RELIABLE attribute (bit: 16) are mirrored
- The function arranges such mirror region into normal zone and other region
  into movable zone in order to locate kernel code and data on mirror region

So we need restrict kernel to be located inside mirror regions if it
is existed.

The method is very simple. If efi is enabled, just iterate all efi
memory map and pick mirror region to process for adding candidate
of slot. If efi disabled or no mirror region existed, still process
e820 memory map. This won't bring much efficiency loss, at worst we
just go through all efi memory maps and found no mirror.

Changelog:
v3->v4:
  Rearrange the old patch 1/2 to make it be done in three steps for
  easier review addcording to Kees's suggestion.

v2->v3:
  Put process_efi_entry invocation inside the #ifdef CONFIG_EFI according
  to tglx's suggestion. Since the efi related code is meaningful only if
  CONFIG_EFI=y.

v1->v2:
  Removed debug code.

  Taku suggested that we should put kernel to mirrored region always
  whether or not "kernelcore=mirror" is specified since kernel text is
  important and mirrored region is reliable.

  Change code according to kbuild report and Chao Fan's comment.

Baoquan He (4):
  x86/boot/KASLR: Wrap e820 entries walking code into new function
    process_e820_entries()
  x86/boot/KASLR: Switch to pass struct mem_vector to
    process_e820_entry()
  x86/boot/KASLR: Rename process_e820_entry() into process_mem_region()
  x86/boot/KASLR: Restrict kernel to be randomized in mirror regions

 arch/x86/boot/compressed/kaslr.c | 117 ++++++++++++++++++++++++++++++---------
 1 file changed, 90 insertions(+), 27 deletions(-)

-- 
2.5.5

             reply	other threads:[~2017-07-09 12:37 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-09 12:37 Baoquan He [this message]
2017-07-09 12:37 ` [PATCH v4 1/4] x86/boot/KASLR: Wrap e820 entries walking code into new function process_e820_entries() Baoquan He
2017-07-09 14:00   ` Kees Cook
2017-07-18 10:45   ` [tip:x86/boot] " tip-bot for Baoquan He
2017-07-09 12:37 ` [PATCH v4 2/4] x86/boot/KASLR: Switch to pass struct mem_vector to process_e820_entry() Baoquan He
2017-07-09 14:02   ` Kees Cook
2017-07-18 10:45   ` [tip:x86/boot] " tip-bot for Baoquan He
2017-07-09 12:37 ` [PATCH v4 3/4] x86/boot/KASLR: Rename process_e820_entry() into process_mem_region() Baoquan He
2017-07-09 14:02   ` Kees Cook
2017-07-18 10:45   ` [tip:x86/boot] " tip-bot for Baoquan He
2017-07-09 12:37 ` [PATCH v4 4/4] x86/boot/KASLR: Restrict kernel to be randomized in mirror regions Baoquan He
2017-07-09 14:11   ` Kees Cook
2017-07-09 14:28     ` Baoquan He
2017-07-10  1:47     ` Baoquan He
2017-07-10  2:48       ` Chao Fan
2017-07-10  7:50     ` Baoquan He

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1499603862-11516-1-git-send-email-bhe@redhat.com \
    --to=bhe@redhat.com \
    --cc=fanc.fnst@cn.fujitsu.com \
    --cc=hpa@zytor.com \
    --cc=izumi.taku@jp.fujitsu.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matt@codeblueprint.co.uk \
    --cc=mingo@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).