[v5,3/7] init_on_alloc: Unpessimize default-on builds

Message ID	20210309214301.678739-4-keescook@chromium.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=vB8j=IH=lists.openwall.com=kernel-hardening-return-20891-kernel-hardening=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F53B64F59 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk From: Kees Cook <keescook@chromium.org> To: Thomas Gleixner <tglx@linutronix.de> Cc: Kees Cook <keescook@chromium.org>, Alexander Potapenko <glider@google.com>, Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>, Alexander Popov <alex.popov@linux.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Jann Horn <jannh@google.com>, kernel-hardening@lists.openwall.com, linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Vlastimil Babka <vbabka@suse.cz>, David Hildenbrand <david@redhat.com>, Mike Rapoport <rppt@linux.ibm.com>, Andrew Morton <akpm@linux-foundation.org>, Jonathan Corbet <corbet@lwn.net>, Randy Dunlap <rdunlap@infradead.org> Subject: [PATCH v5 3/7] init_on_alloc: Unpessimize default-on builds Date: Tue, 9 Mar 2021 13:42:57 -0800 Message-Id: <20210309214301.678739-4-keescook@chromium.org> In-Reply-To: <20210309214301.678739-1-keescook@chromium.org> References: <20210309214301.678739-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Optionally randomize kernel stack offset each syscall \| expand [v5,0/7] Optionally randomize kernel stack offset each syscall [v5,1/7] mm: Restore init_on_* static branch defaults [v5,2/7] jump_label: Provide CONFIG-driven build state defaults [v5,3/7] init_on_alloc: Unpessimize default-on builds [v5,4/7] stack: Optionally randomize kernel stack offset each syscall [v5,5/7] x86/entry: Enable random_kstack_offset support [v5,6/7] arm64: entry: Enable random_kstack_offset support [v5,7/7] lkdtm: Add REPORT_STACK for checking stack offsets

Message ID

20210309214301.678739-4-keescook@chromium.org (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6F53B64F59
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
From: Kees Cook <keescook@chromium.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>,
	Alexander Potapenko <glider@google.com>,
	Elena Reshetova <elena.reshetova@intel.com>,
	x86@kernel.org,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>,
	Alexander Popov <alex.popov@linux.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Jann Horn <jannh@google.com>,
	kernel-hardening@lists.openwall.com,
	linux-hardening@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	Vlastimil Babka <vbabka@suse.cz>,
	David Hildenbrand <david@redhat.com>,
	Mike Rapoport <rppt@linux.ibm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Randy Dunlap <rdunlap@infradead.org>
Subject: [PATCH v5 3/7] init_on_alloc: Unpessimize default-on builds
Date: Tue,  9 Mar 2021 13:42:57 -0800
Message-Id: <20210309214301.678739-4-keescook@chromium.org>
In-Reply-To: <20210309214301.678739-1-keescook@chromium.org>
References: <20210309214301.678739-1-keescook@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Optionally randomize kernel stack offset each syscall | expand

Commit Message

Kees Cook March 9, 2021, 9:42 p.m. UTC

Right now, the state of CONFIG_INIT_ON_ALLOC_DEFAULT_ON (and
...ON_FREE...) did not change the assembly ordering of the static branch
tests. Use the new jump_label macro to check CONFIG settings to default
to the "expected" state, unpessimizes the resulting assembly code.

Reviewed-by: Alexander Potapenko <glider@google.com>
Link: https://lore.kernel.org/lkml/CAG_fn=X0DVwqLaHJTO6Jw7TGcMSm77GKHinrd0m_6y0SzWOrFA@mail.gmail.com/
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/linux/mm.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Andrey Konovalov March 10, 2021, 12:52 p.m. UTC | #1

On Tue, Mar 9, 2021 at 10:43 PM Kees Cook <keescook@chromium.org> wrote:
>
> Right now, the state of CONFIG_INIT_ON_ALLOC_DEFAULT_ON (and
> ...ON_FREE...) did not change the assembly ordering of the static branch
> tests. Use the new jump_label macro to check CONFIG settings to default
> to the "expected" state, unpessimizes the resulting assembly code.
>
> Reviewed-by: Alexander Potapenko <glider@google.com>
> Link: https://lore.kernel.org/lkml/CAG_fn=X0DVwqLaHJTO6Jw7TGcMSm77GKHinrd0m_6y0SzWOrFA@mail.gmail.com/
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  include/linux/mm.h | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index bf341a9bfe46..2ccd856ac0d1 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -2874,7 +2874,8 @@ static inline void kernel_unpoison_pages(struct page *page, int numpages) { }
>  DECLARE_STATIC_KEY_MAYBE(CONFIG_INIT_ON_ALLOC_DEFAULT_ON, init_on_alloc);
>  static inline bool want_init_on_alloc(gfp_t flags)
>  {
> -       if (static_branch_unlikely(&init_on_alloc))
> +       if (static_branch_maybe(CONFIG_INIT_ON_ALLOC_DEFAULT_ON,
> +                               &init_on_alloc))
>                 return true;
>         return flags & __GFP_ZERO;
>  }
> @@ -2882,7 +2883,8 @@ static inline bool want_init_on_alloc(gfp_t flags)
>  DECLARE_STATIC_KEY_MAYBE(CONFIG_INIT_ON_FREE_DEFAULT_ON, init_on_free);
>  static inline bool want_init_on_free(void)
>  {
> -       return static_branch_unlikely(&init_on_free);
> +       return static_branch_maybe(CONFIG_INIT_ON_FREE_DEFAULT_ON,
> +                                  &init_on_free);
>  }
>
>  extern bool _debug_pagealloc_enabled_early;

Should we also update slab_want_init_on_alloc() and slab_want_init_on_free()?

Kees Cook March 10, 2021, 9:03 p.m. UTC | #2

On Wed, Mar 10, 2021 at 01:52:04PM +0100, Andrey Konovalov wrote:
> On Tue, Mar 9, 2021 at 10:43 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > Right now, the state of CONFIG_INIT_ON_ALLOC_DEFAULT_ON (and
> > ...ON_FREE...) did not change the assembly ordering of the static branch
> > tests. Use the new jump_label macro to check CONFIG settings to default
> > to the "expected" state, unpessimizes the resulting assembly code.
> >
> > Reviewed-by: Alexander Potapenko <glider@google.com>
> > Link: https://lore.kernel.org/lkml/CAG_fn=X0DVwqLaHJTO6Jw7TGcMSm77GKHinrd0m_6y0SzWOrFA@mail.gmail.com/
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > ---
> >  include/linux/mm.h | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > index bf341a9bfe46..2ccd856ac0d1 100644
> > --- a/include/linux/mm.h
> > +++ b/include/linux/mm.h
> > @@ -2874,7 +2874,8 @@ static inline void kernel_unpoison_pages(struct page *page, int numpages) { }
> >  DECLARE_STATIC_KEY_MAYBE(CONFIG_INIT_ON_ALLOC_DEFAULT_ON, init_on_alloc);
> >  static inline bool want_init_on_alloc(gfp_t flags)
> >  {
> > -       if (static_branch_unlikely(&init_on_alloc))
> > +       if (static_branch_maybe(CONFIG_INIT_ON_ALLOC_DEFAULT_ON,
> > +                               &init_on_alloc))
> >                 return true;
> >         return flags & __GFP_ZERO;
> >  }
> > @@ -2882,7 +2883,8 @@ static inline bool want_init_on_alloc(gfp_t flags)
> >  DECLARE_STATIC_KEY_MAYBE(CONFIG_INIT_ON_FREE_DEFAULT_ON, init_on_free);
> >  static inline bool want_init_on_free(void)
> >  {
> > -       return static_branch_unlikely(&init_on_free);
> > +       return static_branch_maybe(CONFIG_INIT_ON_FREE_DEFAULT_ON,
> > +                                  &init_on_free);
> >  }
> >
> >  extern bool _debug_pagealloc_enabled_early;
> 
> Should we also update slab_want_init_on_alloc() and slab_want_init_on_free()?

Whoops! Thank you; I will update and resend. :)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index bf341a9bfe46..2ccd856ac0d1 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -2874,7 +2874,8 @@  static inline void kernel_unpoison_pages(struct page *page, int numpages) { }
 DECLARE_STATIC_KEY_MAYBE(CONFIG_INIT_ON_ALLOC_DEFAULT_ON, init_on_alloc);
 static inline bool want_init_on_alloc(gfp_t flags)
 {
-	if (static_branch_unlikely(&init_on_alloc))
+	if (static_branch_maybe(CONFIG_INIT_ON_ALLOC_DEFAULT_ON,
+				&init_on_alloc))
 		return true;
 	return flags & __GFP_ZERO;
 }
@@ -2882,7 +2883,8 @@  static inline bool want_init_on_alloc(gfp_t flags)
 DECLARE_STATIC_KEY_MAYBE(CONFIG_INIT_ON_FREE_DEFAULT_ON, init_on_free);
 static inline bool want_init_on_free(void)
 {
-	return static_branch_unlikely(&init_on_free);
+	return static_branch_maybe(CONFIG_INIT_ON_FREE_DEFAULT_ON,
+				   &init_on_free);
 }
 
 extern bool _debug_pagealloc_enabled_early;