From patchwork Thu Aug 11 01:35:39 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Rafael J. Wysocki" <rafael@kernel.org>
X-Patchwork-Id: 9274399
Return-Path: 
 <kernel-hardening-return-4340-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	27F71600CA for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu, 11 Aug 2016 01:35:55 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14A5D28417
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu, 11 Aug 2016 01:35:55 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 08D282842A; Thu, 11 Aug 2016 01:35:55 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 363A428417
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu, 11 Aug 2016 01:35:53 +0000 (UTC)
Received: (qmail 19916 invoked by uid 550); 11 Aug 2016 01:35:52 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Reply-To: kernel-hardening@lists.openwall.com
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 19898 invoked from network); 11 Aug 2016 01:35:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:from:date:message-id
	:subject:to:cc;
	bh=/j9xjxdB2+xyJ5vTgV6XsLNXg+JqLXqyzHoyPhpQ1vU=;
	b=NMiKZPcT3spCKSRO6LUM4rQiHJYBqZ2iQ9ehUhTcSppFcdR8ne9rqXubA4xl0clUq7
	dUjAP6OYdcaRiZlYaOduJa1/Ygy6o6WpMxMdXS+OdVzzNPm43Lj+n/2UxH9/LWxfcPJm
	Mjuj09drrjwAoAwtuA+AIHDUhXGsq3nvRb2P0P9qolecHty0sUzCPWuPm8Yo0IK+YNP6
	3C+V2NlRNlWE/uxvFbfo8fhzRmbPk0D0gxyXfWa+5JDM7odqX40ZrTeVnTplf5Bt0zdy
	+BLffYVnw9QJgaw1WtVNgGi+//GafIExZlDuQVX5usLFVnTJws/wCXCHsSPS9dEPBada
	dnog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
	:date:message-id:subject:to:cc;
	bh=/j9xjxdB2+xyJ5vTgV6XsLNXg+JqLXqyzHoyPhpQ1vU=;
	b=ey9ba/A2Pxg02yMAHNIlGlo8YVfCQ5CCfyOniYsDdfzXdW5D6AnAS9lmZs1OP4DUtL
	xqvVZPKLOEPSm1l4ntwhWOwRWcpdPn2BfYWBsjd7wNCj8WCd41Ym6LPtQiCrEQZXSQIk
	vZ/PxsZXcCrFfvPLlV3vFHd7oY1nDaUcshkdgnejb5umHooRsu/s7xRRFOkbTeQ3CekO
	3GOOnXU67LQg69970O6maOdTFoYhBj3X8dJIHZG3/VLF2oSCMB5V/NZpDJhnz/tVmv9I
	pMru0A5XV33WvKDTa6zXkcTaVvplVLlzte5SLWhVM4AM6QM7FRCMrzyudB1wYI6bCokn
	OvBg==
X-Gm-Message-State: 
 AEkoouuAj9dU+1XWTHeNXXXBGqWE8Dzk66LdP9eEKIHloKYT9ZhTE9Msz1fA5XOKE8I9BIe4uXf4+e9GwQdKwQ==
X-Received: by 10.194.82.67 with SMTP id g3mr6778075wjy.71.1470879340156;
	Wed, 10 Aug 2016 18:35:40 -0700 (PDT)
MIME-Version: 1.0
Sender: rjwysocki@gmail.com
In-Reply-To: 
 <CAJcbSZGCL90OygKhSsox_xzQ0xmNV=Jv2WnVT8vEV7UcqgKWTw@mail.gmail.com>
References: <2206547.eDj3RJQyE5@vostro.rjw.lan>
	<2010434.TyoHiO9eal@vostro.rjw.lan>
	<alpine.LNX.2.00.1608100948560.22028@cbobk.fhfr.pm>
	<1779906.DOHeuFCiDy@vostro.rjw.lan>
	<alpine.LNX.2.00.1608101517380.22028@cbobk.fhfr.pm>
	<CAJcbSZHGH8G01zXSE6y9A19ZxFYY0bzeqcfHBEAYZcn8ZeX3+g@mail.gmail.com>
	<alpine.LNX.2.00.1608101658070.22028@cbobk.fhfr.pm>
	<20160810163500.GA9424@nazgul.tnic>
	<CAJZ5v0h_N5KvjUZjDDdoXMP3UoMmyYKOrHUpyGH14EYWMbxvPA@mail.gmail.com>
	<CAJZ5v0icnK4jBGkmHb7jJFEcusQyjJGYEG8yhOzMDa_hMQSj_w@mail.gmail.com>
	<alpine.LNX.2.00.1608102358320.22028@cbobk.fhfr.pm>
	<CAJZ5v0iAuDYZhmXqG12ZtEpQ5FEzP9Wp4a=EqApwwCc1VBvbLg@mail.gmail.com>
	<CAJcbSZGCL90OygKhSsox_xzQ0xmNV=Jv2WnVT8vEV7UcqgKWTw@mail.gmail.com>
From: "Rafael J. Wysocki" <rafael@kernel.org>
Date: Thu, 11 Aug 2016 03:35:39 +0200
X-Google-Sender-Auth: RRorHVrLzC1lGxJaNSlrGPy1sEU
Message-ID: 
 <CAJZ5v0hVNh7oA+1MvDbx-GY+nd82Whb4=7AT+e=LicOxs0qzkg@mail.gmail.com>
To: Thomas Garnier <thgarnie@google.com>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>, Jiri Kosina <jikos@kernel.org>,
	Borislav Petkov <bp@suse.de>, "Rafael J. Wysocki" <rjw@rjwysocki.net>,
	Linux PM list <linux-pm@vger.kernel.org>,
	"the arch/x86 maintainers" <x86@kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Yinghai Lu <yinghai@kernel.org>, Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	"H . Peter Anvin" <hpa@zytor.com>, Kees Cook <keescook@chromium.org>,
	Pavel Machek <pavel@ucw.cz>,
	Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: [kernel-hardening] Re: [Resend][PATCH] x86/power/64: Always create
	temporary identity mapping correctly
X-Virus-Scanned: ClamAV using ClamSMTP

On Thu, Aug 11, 2016 at 3:17 AM, Thomas Garnier <thgarnie@google.com> wrote:
> On Wed, Aug 10, 2016 at 5:35 PM, Rafael J. Wysocki <rafael@kernel.org> wrote:
>> On Wed, Aug 10, 2016 at 11:59 PM, Jiri Kosina <jikos@kernel.org> wrote:
>>> On Wed, 10 Aug 2016, Rafael J. Wysocki wrote:
>>>
>>>> So I used your .config to generate one for my test machine and with
>>>> that I can reproduce.
>>>
>>> Was that the config I've sent, or did Boris provide one as well? Which one
>>> are you able to reproduce with please?
>>
>> It's the Boris' one.
>>
>> Moreover, I have found the options that make the difference: unsetting
>> CONFIG_PROVE_LOCKING and CONFIG_DEBUG_LOCK_ALLOC (which also will
>> unset CONFIG_LOCKDEP AFAICS) in it makes hibernation work again with
>> CONFIG_RANDOMIZE_MEMORY set and with the $subject patch applied.
>>
>> Unbelievable, but that's what I'm seeing.
>
> Nice find!
>
>>
>> Now, that leads to a few questions:
>>
>> - How does lockdep change the picture so it matters for hibernation?
>> - Why is hibernation the only piece that's affected?
>> - Why is RANDOMIZE_MEMORY necessary to make this breakage show up?
>>
>> Thomas, any ideas?
>
> No idea so far. I will investigate though.
>
> We had an unrelated issue with CONFIG_DEBUG_PAGEALLOC on early boot. I
> don't think it was related because it was on early boot and with
> certain e820 memory layout (and PUD randomization that I disabled on
> the previous patch test). The fix is on tip:
> http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fb754f958f8e46202c1efd7f66d5b3db1208117d

Well, I don't think this is related.

In the meantime, I went back to my original .config and verified that
setting CONFIG_DEBUG_LOCK_ALLOC in it caused hibernation to fail (with
CONFIG_RANDOMIZE_MEMORY set and with the $subject patch applied), so
this really matters somehow.

Besides, now that I have a reproducer, I can check various other
things and for example this change (sorry for broken whitespace):


makes hibernation work for me again in the above configuration.  To
me, this means that the $subject patch works as expected and the
problem really is related to the vaddr value being too big.

Thanks,
Rafael

Index: linux-pm/arch/x86/mm/kaslr.c
===================================================================
--- linux-pm.orig/arch/x86/mm/kaslr.c
+++ linux-pm/arch/x86/mm/kaslr.c
@@ -122,7 +122,7 @@ void __init kernel_randomize_memory(void
         prandom_bytes_state(&rand_state, &rand, sizeof(rand));
         entropy = (rand % (entropy + 1)) & PUD_MASK;
         vaddr += entropy;
-        *kaslr_regions[i].base = vaddr;
+        *kaslr_regions[i].base += PUD_SIZE;

         /*
          * Jump the region and add a minimum padding based on