From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 14A11C3DA7F for ; Thu, 15 Aug 2024 16:11:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A4D666B0160; Thu, 15 Aug 2024 12:11:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9FCA86B0161; Thu, 15 Aug 2024 12:11:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8EB686B0162; Thu, 15 Aug 2024 12:11:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 71DFB6B0160 for ; Thu, 15 Aug 2024 12:11:38 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 10E86121757 for ; Thu, 15 Aug 2024 16:11:25 +0000 (UTC) X-FDA: 82454969730.19.B9C94AB Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf25.hostedemail.com (Postfix) with ESMTP id D095DA0012 for ; Thu, 15 Aug 2024 16:11:19 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kb1Fu4G9; spf=pass (imf25.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1723738208; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uXmCDYNDaKpMs1mD+eBvVZHUbeutzB2UPYyfci6pYTs=; b=esOCnXNJ95qxjHsm/p97zLKNqWIT+1VW29ZPW3cd0ccco2Ph8k/GDOCH0AjIyrYi6M8Z+8 zip9V3d/VpXCKjcHEJXP45X5laFpYg41L1amBxgx7DWieuRY9UiJ0zLmWAMYD09VL+HoSO HYq9GgmyLD1gtw88BJXABB32Eo26PyU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1723738208; a=rsa-sha256; cv=none; b=uMQAXUJU5bkly5aSGpFkk4g4EB/h4gqAEalLS8hau7BZqc5rv1Sbd501oXjP7R5QFA1fBy frKZ40auwR/NvaVjMAuZJanTl3svz43kBZf5I8n8KWFuVGy3Jsh+papJeWlUgxDShb8y58 ACXaL8HltQZgkVPpF8OND3HE+vSuTJE= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kb1Fu4G9; spf=pass (imf25.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 95A28CE1CE7; Thu, 15 Aug 2024 16:11:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A8EC0C32786; Thu, 15 Aug 2024 16:11:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1723738274; bh=EwQBFH3Odji7F4BMgxRMe8whlfBJWuNj02UrxJV4gSU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=kb1Fu4G9Vz/cLudLOAORH4ek54ZXjCIcTjJ3VZa51OlSwVs7zK7+Az6l2NZs9LXUa L/5J3nVLJiS8p8Ok4mIDDqXAYMCQIV05klFSQJg8UW8MVgTQfKekWiMLoIEhleIbCm oX1lNUCFS5CfNDdbQmTO1uq9GXl4um5tzJF1ucqGqouz6G6Q4iFIyUddfpPsPZ/s9D gZn7cokWSAsZk511Iak+3PUUh/2rf3lpcaZcJTooYsZgWVz9jnoXjOOFytVggJNSzn 2Or8LNNLb7mRMevwoljGRK2mVj/qvxu4+kBvm6zl0yjgs8/k3uJQyWHvHwj93G3p1m Z5vst+/FqO+8Q== Date: Thu, 15 Aug 2024 09:11:14 -0700 From: Kees Cook To: Thomas Gleixner Cc: Alistair Popple , x86@kernel.org, Dan Williams , dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, max8rr8@gmail.com, linux-kernel@vger.kernel.org, jhubbard@nvidia.com, Andrew Morton , David Hildenbrand , Oscar Salvador , linux-mm@kvack.org Subject: Re: x86/kaslr: Expose and use the end of the physical memory address space Message-ID: <202408150911.25D8591@keescook> References: <87seve4e37.fsf@nvdebian.thelocal> <66b59314b3d4_c1448294d3@dwillia2-xfh.jf.intel.com.notmuch> <87zfpks23v.ffs@tglx> <87o75y428z.fsf@nvdebian.thelocal> <87ikw6rrau.ffs@tglx> <87frr9swmw.ffs@tglx> <87bk1x42vk.fsf@nvdebian.thelocal> <87sev8rfyx.ffs@tglx> <87le10p3ak.ffs@tglx> <87ed6soy3z.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ed6soy3z.ffs@tglx> X-Stat-Signature: i7fc1rk71kq5expp3yjbbeaijzsngxo5 X-Rspamd-Queue-Id: D095DA0012 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1723738279-3837 X-HE-Meta: U2FsdGVkX1/F8F7mgE72be519N0ZffEgL+sevVsPpDMIVAWRDMuO5YWSBuPzZ5BifgxSHd0h+PYX+8U5mh9b6acSlWZHYYUM+tLqDROhtCvwPMirvOqS0K72LEuE7KD4GDNGYassDNxBggWsrEmgMUIV7cV5U23gJohhgQNKTx28jjFTY9b7EFEnYHqWnAiFd4Ds4u3V/jAF3BrgAqhmlo6zW3xklPgA5amih3k8ihbEXhoS1tsukf3Zf+KZ+pgOd16gsA40/gizm2dbtWgXeuIoM2UKHhdm8vKAH4DXRLpa2WQ7MZnY18j8VSyNIdnyCEw8nzocdJHGUZwhbqHNS6Y6VrdFKtSpea2qSGinZCBIaLkO1O3PEESV2dNty/vCjPyObufg1grbXVIbOw80QutlxOKS3CR+zCfiYlkVrHP6879R1yc8lIpz6LojNMobinSoUyhTaKA7prDgK/ma+tyZbIFhvFhqDE9kYC9mQwT6k/ZHhSbvMtK43jlnRxXe9DHNZKZBg27KG0ndFZfGz9IcmYISnLE+yBJ6D0f83smkuUays+zaQOnUuOXFWSG8xllm7IRqMlhg4+H45znt71E6TSFqVBRDEDWchjz9we2gmmw55Uj3kqjyZmMMiQxCxhSAlPSaug8E8BqOgCKaRZkEuIcsiB7bPLIieecSEU1XwyRYU8Qe6p3hR5YREhAMtFlaqHO9x2aL2l0tcM1W0JeHN8fDY2DA9SERRiEBBRBibZJUFkIskGBTz+opmsdsVtxgy1kwWFcbdcoO6XLlk/TWrPN3sXF+xsQgoeyOoziAleMBbsR6b71isjVsjPX+Y56nA+EuP5AaLDFmmnwvMrK97nHH1XG+ZApac3Q0YO1a+J4VgpPrR5wRy6fssR6ztN0QKDJ4LJwNv9HVyAjeBaQIGTSJhS378kmdA26MTPx+s36ZdheXDKpYI0/YI73pF649CcTiK/psETr8pgv Yj0jqewl 8EShVJKBOhpMEoF0WzncLB5aSYyRMyLRkYWWK9qZGI37VXCiQQHKyurvETEXCbaRc4sRjn3FFwwPZY8H5aVFAvS0PqDEZr+AgeHex5h53zczG33zHoMruiCH5+kI9TIOFp+P5cEXC3BOzfOTgHgp9lN6RBjB9RAcithaDqw8hU7GE+8nIkmp5Pw/KGNowTDtiXKRxWA4YlsfRuZAFm5T988oVqAMmJRy1n6AnvFHNYRNWWdV8vmoUuJmlHgmFYqjguRJ4aimc78CVy1Ax0FLLd3ylpopVeTY08lUHsqhZnKZ+O9XFWjVXPl7lxv81KZrjsYBAvlGg0ieaP9ucUlp/caAz3P+tEgHhLgdo X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Aug 14, 2024 at 12:29:36AM +0200, Thomas Gleixner wrote: > iounmap() on x86 occasionally fails to unmap because the provided valid > ioremap address is not below high_memory. It turned out that this > happens due to KASLR. > > KASLR uses the full address space between PAGE_OFFSET and vaddr_end to > randomize the starting points of the direct map, vmalloc and vmemmap > regions. It thereby limits the size of the direct map by using the > installed memory size plus an extra configurable margin for hot-plug > memory. This limitation is done to gain more randomization space > because otherwise only the holes between the direct map, vmalloc, > vmemmap and vaddr_end would be usable for randomizing. > > The limited direct map size is not exposed to the rest of the kernel, so > the memory hot-plug and resource management related code paths still > operate under the assumption that the available address space can be > determined with MAX_PHYSMEM_BITS. > > request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 > downwards. That means the first allocation happens past the end of the > direct map and if unlucky this address is in the vmalloc space, which > causes high_memory to become greater than VMALLOC_START and consequently > causes iounmap() to fail for valid ioremap addresses. > > MAX_PHYSMEM_BITS cannot be changed for that because the randomization > does not align with address bit boundaries and there are other places > which actually require to know the maximum number of address bits. All > remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found > to be correct. > > Cure this by exposing the end of the direct map via PHYSMEM_END and use > that for the memory hot-plug and resource management related places > instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END > maps to a variable which is initialized by the KASLR initialization and > otherwise it is based on MAX_PHYSMEM_BITS as before. > > To prevent future hickups add a check into add_pages() to catch callers > trying to add memory above PHYSMEM_END. > > Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") > Reported-by: Max Ramanouski > Reported-by: Alistair Popple > Signed-off-by: Thomas Gleixner Nice fix; thanks! Reviewed-by: Kees Cook -- Kees Cook