From patchwork Wed Jun 22 00:47:06 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9191615
Return-Path: 
 <kernel-hardening-return-3584-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	30E106075A for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 22 Jun 2016 00:48:27 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 20C512837F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 22 Jun 2016 00:48:27 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 152CB2838C; Wed, 22 Jun 2016 00:48:27 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 40C9F2837F
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Wed, 22 Jun 2016 00:48:26 +0000 (UTC)
Received: (qmail 24357 invoked by uid 550); 22 Jun 2016 00:47:35 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Reply-To: kernel-hardening@lists.openwall.com
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 24154 invoked from network); 22 Jun 2016 00:47:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=chromium.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Ibh3LiEKav2GkS46ATpK0Toq7b3a0nfIt3oE85wdiwg=;
	b=aaNF7h3QMU9YZXHjVS349i6YPa1RmRBmK33P80O7zFkvvrq+wRVZguV3NR7enKeExF
	6Fp9s7fvHJpJXz13ZjdldUs+lZdI4wTICOM3NBC/yPjkJ8nw+3uvBNGi7nbAF/Z33OEq
	xXjeOuSMcCZK3g7tBBrlSYRv66+5dcxsjC018=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Ibh3LiEKav2GkS46ATpK0Toq7b3a0nfIt3oE85wdiwg=;
	b=FBN0cC1SFRfisLShphlIeg/M4loW95M0m0+uJHLzzdnvwJAEFBcGRNZKYmtVRvy0oe
	GN1wY0WelEkmWW7G7PczaY5iaT6vEDlHZYFkRJ7aKMXM19QZ7FPWlN4OOc5TAG1AmpbH
	EFzHywS17cqjMUduNi63yB7CqkyszYbURfFxZvZr1bvp1H0t1/o/Xu1fdGD1Pes1YLCX
	D0EY2azfslBl9VSxwvI98tahMmtOCKczn0eFdJ7E7TQBFmNF5QNvd4JcABFmLoP3Ucbh
	R99KqPD6xVQICMx8smioy+GHg5mWTdFh6Ah97kR6TpebX83p8OB1O0LMq26lIscTsbUP
	+qBQ==
X-Gm-Message-State: 
 ALyK8tI2Iv4PtBiwSSmGwS+Lx9VbFPL+KWy92li4MhNuoFczauhauI4yiTkvz88a1D8uH0Rc
X-Received: by 10.67.3.105 with SMTP id bv9mr14346150pad.29.1466556438783;
	Tue, 21 Jun 2016 17:47:18 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Kees Cook <keescook@chromium.org>, Thomas Garnier <thgarnie@google.com>,
	Andy Lutomirski <luto@kernel.org>, x86@kernel.org,
	Borislav Petkov <bp@suse.de>, Baoquan He <bhe@redhat.com>,
	Yinghai Lu <yinghai@kernel.org>, Juergen Gross <jgross@suse.com>,
	Matt Fleming <matt@codeblueprint.co.uk>, Toshi Kani <toshi.kani@hpe.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Dan Williams <dan.j.williams@intel.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Xiao Guangrong <guangrong.xiao@linux.intel.com>,
	Martin Schwidefsky <schwidefsky@de.ibm.com>,
	"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
	Alexander Kuleshov <kuleshovmail@gmail.com>,
	Alexander Popov <alpopov@ptsecurity.com>, Dave Young <dyoung@redhat.com>,
	Joerg Roedel <jroedel@suse.de>, Lv Zheng <lv.zheng@intel.com>,
	Mark Salter <msalter@redhat.com>, Dmitry Vyukov <dvyukov@google.com>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Christian Borntraeger <borntraeger@de.ibm.com>,
	Jan Beulich <JBeulich@suse.com>, linux-kernel@vger.kernel.org,
	Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
	kernel-hardening@lists.openwall.com
Date: Tue, 21 Jun 2016 17:47:06 -0700
Message-Id: <1466556426-32664-10-git-send-email-keescook@chromium.org>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1466556426-32664-1-git-send-email-keescook@chromium.org>
References: <1466556426-32664-1-git-send-email-keescook@chromium.org>
Subject: [kernel-hardening] [PATCH v7 9/9] x86/mm: Memory hotplug support
	for KASLR memory randomization (x86_64)
X-Virus-Scanned: ClamAV using ClamSMTP

From: Thomas Garnier <thgarnie@google.com>

Add a new option (CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING) to define
the padding used for the physical memory mapping section when KASLR
memory is enabled. It ensures there is enough virtual address space when
CONFIG_MEMORY_HOTPLUG is used. The default value is 10 terabytes. If
CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the
entropy available.

Signed-off-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/Kconfig    | 15 +++++++++++++++
 arch/x86/mm/kaslr.c |  7 ++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index adab3fef3bb4..214b3fadbc11 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2010,6 +2010,21 @@ config RANDOMIZE_MEMORY
 
 	   If unsure, say N.
 
+config RANDOMIZE_MEMORY_PHYSICAL_PADDING
+	hex "Physical memory mapping padding" if EXPERT
+	depends on RANDOMIZE_MEMORY
+	default "0xa" if MEMORY_HOTPLUG
+	default "0x0"
+	range 0x1 0x40 if MEMORY_HOTPLUG
+	range 0x0 0x40
+	---help---
+	   Define the padding in terabytes added to the existing physical
+	   memory size during kernel memory randomization. It is useful
+	   for memory hotplug support but reduces the entropy available for
+	   address randomization.
+
+	   If unsure, leave at the default value.
+
 config HOTPLUG_CPU
 	bool "Support for hot-pluggable CPUs"
 	depends on SMP
diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index 4f91dc273062..3e9875f7fdda 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -114,8 +114,13 @@ void __init kernel_randomize_memory(void)
 	if (!kaslr_memory_enabled())
 		return;
 
+	/*
+	 * Update Physical memory mapping to available and
+	 * add padding if needed (especially for memory hotplug support).
+	 */
 	BUG_ON(kaslr_regions[0].base != &page_offset_base);
-	memory_tb = ((max_pfn << PAGE_SHIFT) >> TB_SHIFT);
+	memory_tb = ((max_pfn << PAGE_SHIFT) >> TB_SHIFT) +
+		CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING;
 
 	/* Adapt phyiscal memory region size based on available memory */
 	if (memory_tb < kaslr_regions[0].size_tb)