linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Baoquan He <bhe@redhat.com>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Vivek Goyal <vgoyal@redhat.com>,
	Kees Cook <keescook@chromium.org>,
	linux-kernel@vger.kernel.org, tglx@linutronix.de,
	mingo@redhat.com, x86@kernel.org, ak@linux.intel.com,
	ebiederm@xmission.com, kexec@lists.infradead.org,
	whissi@whissi.de, kumagai-atsushi@mxc.nes.nec.co.jp,
	stable@vger.kernel.org
Subject: Re: [resend Patch v3 1/2] kaslr: check if kernel location is changed
Date: Sat, 11 Oct 2014 20:38:05 +0800	[thread overview]
Message-ID: <20141011123805.GC11560@dhcp-16-116.nay.redhat.com> (raw)
In-Reply-To: <543907B5.7060001@zytor.com>

On 10/11/14 at 03:34am, H. Peter Anvin wrote:
> On 10/10/2014 08:14 PM, Baoquan He wrote:
> >On 10/08/14 at 03:27pm, Vivek Goyal wrote:
> >>On Wed, Oct 08, 2014 at 08:09:59AM -0700, H. Peter Anvin wrote:
> >
> >>>Sorry... this makes no sense.
> >>>
> >>>For x86-64, there is no direct connection between the physical and
> >>>virtual address spaces that the kernel runs in...
> >>
> >>I am sorry I did not understand this one. I thought that initial
> >>relocatable kernel implementaion did not have any direct connection
> >>between virtual and physical address. One could load kernel anywhere
> >>and kernel virtual address will not change and we will just adjust
> >>page tables to map virtual address to right physical address.
> >>
> >>Now handle_relocation() stuff seems to introduce a close coupling
> >>between physical and virtual address. So if kernel shifts by 16MB
> >>in physical address space, then it will shift by equal amount
> >>in virtual address space. So there seems to be a direct connection
> >>between virtual and physical address space in this case.
> >
> >Yeah, it's exactly as Vivek said.
> >
> >Before kaslr was introduced, x86_64 kernel can be put anywhere, and
> >always _text is 0xffffffff81000000. Meanwhile phys_base contains the
> >offset between the compiled addr (namely 0x1000000) and kernel loaded
> >addr. After kaslr implementation was added, as long as kernel loaded
> >addr is different 0x1000000, it will call handle_relocations(). The
> >offset now is added onto each symbols including _text and phys_base
> >becomes 0.
> >
> >It's clearly showing that by checking /proc/kallsyms and value of
> >phys_base.
> >
> 
> This really shouldn't have happened this way on x86-64.  It has to
> happen this way on i386, but I worry that this may be a serious
> misdesign in kaslr on x86-64.  I'm also wondering if there is any
> other fallout of this?

Yes, this shouldn't happen this way on x86_64. With this patch, those
are fixed as expected. If kernel location is not chosen randomly, we
should not do the relocations handling. If and only if kaslr is enabled
and it relocated the kernel randomly as expected, we do the relocations
handling.

I think this patch really makes sense and it's simple and won't impact
i386 and other implementations.

Thanks
Baoquan


  reply	other threads:[~2014-10-11 12:38 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-30  7:08 [resend Patch v3 1/2] kaslr: check if kernel location is changed Baoquan He
2014-09-30  7:08 ` [resend Patch v3 2/2] export the kernel image size KERNEL_IMAGE_SIZE Baoquan He
2015-02-02  7:32   ` Baoquan He
2015-02-09 20:18     ` Kees Cook
2014-09-30 21:21 ` [resend Patch v3 1/2] kaslr: check if kernel location is changed H. Peter Anvin
2014-10-01 13:52   ` Vivek Goyal
2014-10-08 15:09     ` H. Peter Anvin
2014-10-08 19:27       ` Vivek Goyal
2014-10-11  3:14         ` Baoquan He
2014-10-11 10:34           ` H. Peter Anvin
2014-10-11 12:38             ` Baoquan He [this message]
2014-10-11 12:44               ` Baoquan He
2014-10-13 12:52             ` Vivek Goyal
2014-10-13 15:19               ` Vivek Goyal
2014-10-13 15:43                 ` H. Peter Anvin
2014-10-13 17:22                   ` Vivek Goyal
2014-10-14 12:49                     ` Vivek Goyal
2014-10-15  3:37                       ` Baoquan He
2014-10-15 20:22                         ` Vivek Goyal
2014-10-15 20:32                         ` H. Peter Anvin
2014-10-15 23:55                           ` Baoquan He
2014-10-15 23:58                             ` Baoquan He
2014-10-28  5:04                         ` Baoquan He
2014-10-08 14:40   ` Baoquan He
2015-01-09  2:09 ` Baoquan He

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141011123805.GC11560@dhcp-16-116.nay.redhat.com \
    --to=bhe@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=ebiederm@xmission.com \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=kexec@lists.infradead.org \
    --cc=kumagai-atsushi@mxc.nes.nec.co.jp \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=vgoyal@redhat.com \
    --cc=whissi@whissi.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).