[PATCH] arm64: mm: Make randomization works again in some case

Catalin Marinas catalin.marinas at arm.com
Fri Dec 10 03:56:43 PST 2021 

On Thu, Nov 04, 2021 at 02:27:47PM +0800, Kefeng Wang wrote:
> After commit 97d6786e0669 ("arm64: mm: account for hotplug memory when
> randomizing the linear region"), the KASLR could not work well in some
> case, eg, without memory hotplug and with va=39/pa=44, that is, linear
> region size < CPU's addressable PA range, the KASLR fails now but could
> work before this commit. Let's calculate pa range by memblock end/start
> without CONFIG_RANDOMIZE_BASE.
> 
> Meanwhile, let's add a warning message if linear region size is too small
> for randomization.
> 
> Signed-off-by: Kefeng Wang <wangkefeng.wang at huawei.com>
> ---
> Hi Ard, one more question, the parange from mmfr0 register may also too large,
> then even with this patch, the randomization still could not work.
> 
> If we know the max physical memory range(including hotplug memory), could we
> add a way(maybe cmdline) to set max parange, then we could make randomization
> works in more cases, any thought?
> 
>  arch/arm64/mm/init.c | 30 +++++++++++++++++++++---------
>  1 file changed, 21 insertions(+), 9 deletions(-)
> 
> diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
> index a8834434af99..27ec7f2c6fdb 100644
> --- a/arch/arm64/mm/init.c
> +++ b/arch/arm64/mm/init.c
> @@ -284,21 +284,33 @@ void __init arm64_memblock_init(void)
>  
>  	if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
>  		extern u16 memstart_offset_seed;
> -		u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
> -		int parange = cpuid_feature_extract_unsigned_field(
> -					mmfr0, ID_AA64MMFR0_PARANGE_SHIFT);
> -		s64 range = linear_region_size -
> -			    BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
> +		s64 range;
> +
> +		if (IS_ENABLED(CONFIG_MEMORY_HOTPLUG)) {
> +			u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
> +			int parange = cpuid_feature_extract_unsigned_field(
> +						mmfr0, ID_AA64MMFR0_PARANGE_SHIFT);
> +			range = linear_region_size -
> +				BIT(id_aa64mmfr0_parange_to_phys_shift(parange));
> +
> +		} else {
> +			range = linear_region_size -
> +				(memblock_end_of_DRAM() - memblock_start_of_DRAM());
> +		}

I'm not a big fan of making this choice depend on memory hotplug. Could
we instead just limit the randomisation to the minimum of va bits and pa
bits? We can keep the warning.

-- 
Catalin

More information about the linux-arm-kernel mailing list