[PATCH 0/2] x86/mm/KASLR: Change the granularity of randomization to PUD size in 5-level

From: Baoquan He
Date: Sun Feb 24 2019 - 08:22:42 EST

Next message: Baoquan He: "[PATCH 1/2] x86/mm/KASLR: Only build one PUD entry of area for real mode trampoline"
Previous message: Sergei Trofimovich: "Re: 5.0.0-rc6+: Oops at boot: RIP: 0010:__memmove+0x81/0x1a0 / vt_do_kdgkb_ioctl+0x34d/0x440 (race at reenter?)"
Next in thread: Baoquan He: "[PATCH 1/2] x86/mm/KASLR: Only build one PUD entry of area for real mode trampoline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Background:
***
Earlier, during a series of KASLR patch reviewing, Ingo got the current
memory region KASLR only has granularity of randomization in PUD size in
4-level paging mode, and P4D size in 5-level paging mode, He suggested
me to try to change both of them to be PMD size at granularity:

http://lkml.kernel.org/r/20180912100135.GB3333@xxxxxxxxx

Later, I changed code to support PMD level of randomization for both
4-level and 5-level.

https://github.com/baoquan-he/linux/commits/mm-kaslr-2m-aligned

The test passed on my KVM guest with 1 GB RAM, but failed when I
increased the RAM to 4 GB, and failed either on larger RAM.

After analyzing, it's because that 1 GB page mapping need be mapped at 1
GB aligned physical address for intel CPU. The 2 MB level of randomization
will break it and cause error. Please check below table in intel IA32 manual.

Table 4-15. Format of an IA-32e Page-Directory-Pointer-Table Entry (PDPTE) that Maps a 1-GByte Page

So PMD level of randomization for mm KASLR is not doable.

However, during investigation and testing above code, it turns out that the
current code is misleading to build identity mapping for the real mode
trampoline in case KASLR enabled. From code, only a small area (which is
smaller than 1 MB) need be identity mapped. Please check below patch which
is from above mm-kaslr-2m-aligned patch series. it only builds up 2 MB
identity maping for real mode trampoline, and test passed on machines
with 32 GB RAM of 4-level and on KVM guest of 5-level.

https://github.com/baoquan-he/linux/commit/e120e67fbf9a5aa818d20084d8dea5b4a27ecf97

Result:
Make a patchset to:
1)change code to only build 1 GB of area for real mode trampoline,
namely only copy one PUD entry where physical address 0 resides;

2)improve the randomization granularity of 5-level from P4D size to PUD size.

Baoquan He (2):
x86/mm/KASLR: Only build one PUD entry of area for real mode
trampoline
x86/mm/KASLR: Change the granularity of randomization to PUD size in
5-level

arch/x86/mm/kaslr.c | 82 +++++++++++++++++----------------------------
1 file changed, 30 insertions(+), 52 deletions(-)

--
2.17.2

Next message: Baoquan He: "[PATCH 1/2] x86/mm/KASLR: Only build one PUD entry of area for real mode trampoline"
Previous message: Sergei Trofimovich: "Re: 5.0.0-rc6+: Oops at boot: RIP: 0010:__memmove+0x81/0x1a0 / vt_do_kdgkb_ioctl+0x34d/0x440 (race at reenter?)"
Next in thread: Baoquan He: "[PATCH 1/2] x86/mm/KASLR: Only build one PUD entry of area for real mode trampoline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]