Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS

To: "tech-kern%netbsd.org@localhost" <tech-kern%NetBSD.org@localhost>
Subject: Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
From: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
Date: Tue, 2 Jul 2019 16:21:24 +0200

> On 1. Jul 2019, at 20:12, Maxime Villard <max%M00nBSD.net@localhost> wrote:
> 
> Le 01/07/2019 à 19:40, J. Hannken-Illjes a écrit :
>> Sometimes kmem_alloc() returns an address below
>> VM_MIN_KERNEL_ADDRESS, something like
>>   kmem_alloc() -> 0xffffaba25800a5a8 with
>>   VM_MIN_KERNEL_ADDRESS 0xffffad8000000000
>> It doesn't happen after every reboot and breaks
>> dtrace which treats the region 0.. VM_MIN_KERNEL_ADDRESS
>> as toxic.
>> How could we test against the lowest address the kernel
>> may use?
>> --
>> J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig
> 
> Mmh, this seems to be a side effect of 1/2-KASLR which is enabled by default
> in GENERIC. Reminder: in GENERIC, we now randomize by default every kernel
> memory region.
> 
> It is now possible that the direct map is below the main memory map -- it was
> not the case before. kmem_alloc uses the direct map for certain allocations.
> 
> First, please confirm by also dumping PMAP_DIRECT_BASE and PMAP_DIRECT_END to
> make sure the area returned by kmem_alloc is indeed in the dmap when dtrace
> doesn't work.
> 
> Then, it seems that dtrace should be taught to consider as toxic everything
> that is neither in the main map nor in the dmap. That is, only these ranges
> are valid:
> 
> 	VM_MIN_KERNEL_ADDRESS -> VM_MAX_KERNEL_ADDRESS
> 	PMAP_DIRECT_BASE -> PMAP_DIRECT_END
> 
> There is no actual "lowest" address the kernel may use; there are just two
> separate regions that are valid. (Plus the kernel image itself, if it
> matters.)

It would work but unfortunately dtrace is a module and cannot
use PMAP_DIRECT_BASE aka. pmap_direct_base.  These variables
are not visible from module context and don't exist if the
kernel is built with KASAN.

Solaris uses the toxic areas 0 .. _userlimit and all regions
mapped from devices.

Will the kernel ever map anything below
VM_MIN_KERNEL_ADDRESS_DEFAULT?

Do we have a mapping that contains all device-mapped memory?

--
J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig

Attachment: signature.asc
Description: Message signed with OpenPGP

Follow-Ups:
- Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
  - From: Maxime Villard
- Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
  - From: Maxime Villard

References:
- kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
  - From: J. Hannken-Illjes
- Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
  - From: Maxime Villard

Prev by Date: Re: sys/malloc.h
Next by Date: Re: sys/malloc.h
Previous by Thread: Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
Next by Thread: Re: kmem_alloc() vs. VM_MIN_KERNEL_ADDRESS
Indexes:

Home | Main Index | Thread Index | Old Index