[PATCH v2 1/2] x86/mm/KASLR: Fix the size of the direct mapping section

From: Baoquan He
Date: Fri Apr 12 2019 - 02:56:04 EST

Next message: Baoquan He: "[PATCH v2 2/2] x86/mm/KASLR: Fix the size of vmemmap section"
Previous message: Baoquan He: "[PATCH v2 0/2] x86/mm/KASLR: Fix the wrong size of memory sections"
In reply to: Baoquan He: "[PATCH v2 0/2] x86/mm/KASLR: Fix the wrong size of memory sections"
Next in thread: Baoquan He: "Re: [PATCH v2 1/2] x86/mm/KASLR: Fix the size of the direct mapping section"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

kernel_randomize_memory() uses __PHYSICAL_MASK_SHIFT to calculate
the maximum amount of system RAM supported. The size of the direct
mapping section is obtained from the smaller one of the below two
values:

(actual system RAM size + padding size) vs (max system RAM size supported)

This calculation is wrong since commit:
b83ce5ee91471d ("x86/mm/64: Make __PHYSICAL_MASK_SHIFT always 52").

In commit b83ce5ee91471d, __PHYSICAL_MASK_SHIFT was changed to be 52,
regardless of whether it's using 4-level or 5-level page tables.
It will always use 4 PB as the maximum amount of system RAM, even
in 4-level paging mode where it should be 64 TB. Thus the size of
the direct mapping section will always be the sum of the actual
system RAM size plus the padding size.

Even when the amount of system RAM is 64 TB, the following layout will
still be used. Obviously KALSR will be weakened significantly.

|_______actual RAM_______|_padding_|______the rest_______ |
0 64TB 74TB ~120TB

What we want is the following:

|_______actual RAM_______|_________the rest_______________|
0 64TB ~120TB

So the code should use MAX_PHYSMEM_BITS instead. Fix it by replacing
__PHYSICAL_MASK_SHIFT with MAX_PHYSMEM_BITS.

Fixes: b83ce5ee9147 ("x86/mm/64: Make __PHYSICAL_MASK_SHIFT always 52")
Acked-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Reviewed-by: Thomas Garnier <thgarnie@xxxxxxxxxx>
Signed-off-by: Baoquan He <bhe@xxxxxxxxxx>
---
arch/x86/mm/kaslr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index 9a8756517504..387d4ed25d7c 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -94,7 +94,7 @@ void __init kernel_randomize_memory(void)
if (!kaslr_memory_enabled())
return;

- kaslr_regions[0].size_tb = 1 << (__PHYSICAL_MASK_SHIFT - TB_SHIFT);
+ kaslr_regions[0].size_tb = 1 << (MAX_PHYSMEM_BITS - TB_SHIFT);
kaslr_regions[1].size_tb = VMALLOC_SIZE_TB;

/*
--
2.17.2

Next message: Baoquan He: "[PATCH v2 2/2] x86/mm/KASLR: Fix the size of vmemmap section"
Previous message: Baoquan He: "[PATCH v2 0/2] x86/mm/KASLR: Fix the wrong size of memory sections"
In reply to: Baoquan He: "[PATCH v2 0/2] x86/mm/KASLR: Fix the wrong size of memory sections"
Next in thread: Baoquan He: "Re: [PATCH v2 1/2] x86/mm/KASLR: Fix the size of the direct mapping section"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]