LKML Archive on
help / color / mirror / Atom feed
From: Baoquan He <>
To: Ingo Molnar <>
Subject: Re: [PATCH 0/2] x86/boot/KASLR: Skip specified number of 1GB huge pages when do physical randomization
Date: Fri, 18 May 2018 15:43:59 +0800	[thread overview]
Message-ID: <20180518074359.GR24627@MiWiFi-R3L-srv> (raw)
In-Reply-To: <>

On 05/18/18 at 09:00am, Ingo Molnar wrote:
> * Baoquan He <> wrote:
> > This is a regression bug fix. Luiz's team reported that 1GB huge page
> > allocation will get one less 1GB page randomly when KASLR is enabled. On
> > their KVM guest with 4GB RAM, which only has one good 1GB huge page,
> > they found the 1GB huge page allocation sometime failed with below
> > kernel option adding.
> > 
> >   default_hugepagesz=1G hugepagesz=1G hugepages=1
> > 
> > This is because kernel may be randomized into those good 1GB huge pages.
> > 
> > I ever thought to solve this by specifying available memory regions
> > which kernel KASLR can be randomized into to avoid those good 1GB huge
> > pages. Chao's patches can be used to fix it:
> >
> > 
> > Later, Ingo suggested avoiding them in boot KASLR code.
> >
> Yes, but these patches don't appear to implement what I suggested:
> > So there's apparently a mis-design here:
> >
> > - KASLR needs to be done very early on during bootup: - it's not realistic to 
> >   expect KASLR to be done with a booted up kernel, because pointers to various 
> >   KASLR-ed objects are already widely spread out in memory.
> >
> > - But for some unfathomable reason the memory hotplug attribute of memory
> >   regions is not part of the regular memory map but part of late-init ACPI data
> >   structures.
> >
> > The right solution would be _not_ to fudge the KASLR location, but to provide 
> > the memory hotplug information to early code, preferably via the primary memory 
> > map. KASLR can then make use of it and avoid those regions, just like it avoids 
> > other memory regions already.
> >
> > In addition to that hardware makers (including virtualized hardware) should also 
> > fix their systems to provide memory hotplug information to early code.
> So my question: why don't we pass in the information that these are hotplug pages 
> that should not be KASLR randomized into?
> If that attribute of memory regions was present then KASLR could simply skip the 
> hotplug regions!

OK, I realized my saying above is misled because I didn't explain the
background clearly. Let me add it:

Previously, FJ reported the movable_node issue that KASLR will put
kernel into movable_node. That cause those movable_nodes can't be hot
plugged any more. So finally we plannned to solve it by adding a new
kernel parameter :


We want customer to specify memory regions which KASLR can make use to
randomize kernel into. Outside of the specified regions, we need avoid
to put kernel into those regions even though they are also available
RAM. As for movable_node issue, we can add immovable regions into

During this hotplug issue reviewing, Luiz's team reported this 1GB hugepages
regression bug, I reproduced the bug and found out the root cause, then
realized that I can utilize kaslr_boot_mem=nn[KMG]@ss[KMG] parameter to
fix it too. E.g the KVM guest with 4GB RAM, we have a good 1GB huge
page, then we can add "kaslr_boot_mem=1G@0, kaslr_boot_mem=3G@2G" to
kernel command-line, then the good 1GB region [1G, 2G) won't be taken
into account for kernel physical randomization.

Later, you pointed out that 'kaslr_boot_mem=' way need user to specify
memory region manually, it's not good, suggested to solve them by
getting information and solving them in KASLR boot code. So they are two
issues now, for the movable_node issue, we need get hotplug information
from SRAT table and then avoid them; for this 1GB hugepage issue, we
need get information from kernel command-line, then avoid them.

This patch is for the hugepage issue only. Since FJ reported the hotplug
issue and they assigned engineers to work on it, I would like to wait
for them to post according to your suggestion.

I will add this to cover letter of v2 post.


  reply	other threads:[~2018-05-18  7:44 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-16 10:05 [PATCH 0/2] x86/boot/KASLR: Skip specified number of 1GB huge pages when do physical randomization Baoquan He
2018-05-16 10:05 ` [PATCH 1/2] x86/boot/KASLR: Add two functions for 1GB huge pages handling Baoquan He
2018-05-17  3:27   ` Chao Fan
2018-05-17  4:03     ` Baoquan He
2018-05-17  5:53       ` Chao Fan
2018-05-17  6:13         ` Baoquan He
2018-05-17  5:12   ` damian
2018-05-17  5:38     ` Baoquan He
2018-06-21 15:01   ` Ingo Molnar
2018-06-22 12:14     ` Baoquan He
2018-06-24  7:13       ` Ingo Molnar
2018-05-16 10:05 ` [PATCH 2/2] x86/boot/KASLR: Skip specified number of 1GB huge pages when do physical randomization Baoquan He
2018-05-18  7:00 ` [PATCH 0/2] " Ingo Molnar
2018-05-18  7:43   ` Baoquan He [this message]
2018-05-18  8:19     ` Ingo Molnar
2018-05-18 11:28       ` Baoquan He
2018-05-18 12:14         ` Baoquan He
2018-05-23 19:10         ` Luiz Capitulino
2018-05-28  9:54           ` Baoquan He
2018-05-29 13:27             ` Luiz Capitulino

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180518074359.GR24627@MiWiFi-R3L-srv \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).