Sorry, forget adding Taku to the list. Hi Taku,
On 06/15/17 at 03:52pm, Baoquan He wrote: > Our customer reported that Kernel text may be located on non-mirror > region (movable zone) when both address range mirroring feature and > KASLR are enabled. > > The functions of address range mirroring feature are as follows. > - The physical memory region whose descriptors in EFI memory map have > EFI_MEMORY_MORE_RELIABLE attribute (bit: 16) are mirrored > - The function arranges such mirror region into normal zone and other region > into movable zone in order to locate kernel code and data on mirror region > > So we need restrict kernel to be located inside mirror region if it > is existed. > > The method is very simple. If efi is enabled, just iterate all efi > memory map and pick up mirror region to process for adding candidate > of slot. If efi disabled or no mirror region existed, still process > e820 memory map. This won't bring much efficiency loss, at worst we > just go through all efi memory maps and found no mirror. > > One question: > From code, though mirror regions are existed, they are meaningful only > if kernelcore=mirror kernel option is specified. Not sure if my understanding > is correct. Since you are the author of kernelcore=mirror related code and expert on mirror feature, could you help answer above question? Thanks Baoquan > > NOTE: > I haven't got a machine with efi mirror region enabled, so only test the > e820 map processing case and the case of no mirror region on efi machine. > So set this as a RFC patchset, will post formal one after above question > is made clear and mirror issue test passed. > > Baoquan He (2): > x86/boot/KASLR: Adapt process_e820_entry for all kinds of memory map > x86/boot/KASLR: Restrict kernel to be randomized in mirror regions if > existed > > arch/x86/boot/compressed/kaslr.c | 129 > +++++++++++++++++++++++++++++++-------- > 1 file changed, 104 insertions(+), 25 deletions(-) > > -- > 2.5.5 >
