From patchwork Thu Sep 13 21:31:34 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
X-Patchwork-Id: 10600107
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D8EC6933
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 13 Sep 2018 21:37:11 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD71A2B2C2
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 13 Sep 2018 21:37:11 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D1A6E2B327; Thu, 13 Sep 2018 21:37:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 69A8C2B2C2
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 13 Sep 2018 21:37:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 5D5CA8E000A; Thu, 13 Sep 2018 17:37:10 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 585578E0001; Thu, 13 Sep 2018 17:37:10 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4748A8E000A; Thu, 13 Sep 2018 17:37:10 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com
 [209.85.215.197])
	by kanga.kvack.org (Postfix) with ESMTP id 062AB8E0001
	for <linux-mm@kvack.org>; Thu, 13 Sep 2018 17:37:10 -0400 (EDT)
Received: by mail-pg1-f197.google.com with SMTP id l65-v6so2996659pge.17
        for <linux-mm@kvack.org>; Thu, 13 Sep 2018 14:37:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:mime-version:content-transfer-encoding;
        bh=yyWsNVabShBLnbXNNK3ND1a03HAUBlslH3KYk5b7DJ4=;
        b=I2lS9Gw1ofUd3IhKTE48vJBVR9rCdAJJvIR3mHr71yKop42CtS17lW0FwYRwFT3ZFX
         mZiEJcOo68nLH96Dd67B163AmzYM5kJ3pCg5eRwLCw9Mp/WfUoovB3Tzkr6E0yw5978m
         K1nrdLS50p63v0Ox2L/jzRufYyDcMPW7Wg+0cUUHYG1Rgc/XGAMtqZZ2JmM28zy+B8Cp
         dqnkpePpSNl5WFTmhq0x/coF5W6r1CmVJYXUoMhW34DBe2+obDrYCytbVVyMS80PpV3t
         lCCLvNXfb/36Fry+6qFMFNZ22D3PWrEGKgwp3WU2YAnM9x6Pbf60OF8qSimWxQtzDOot
         3dUw==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Gm-Message-State: APzg51AuRtYOYsNRcDuNd8VZjdi856WjdOQUcxNvkWlpR/e01szwNeg5
	lpHuOKnSvQaKOZvTAhhTq7LNqVLcV0Ay7239tS75BpP5BFsy4JGuBQDwqvmBZApPgXZ9dezjXf9
	8ZVCwGLZwfCaVMRo0cXOkYxiUkytOJCYlibELtICIwiGB6g7ACKA+6WbennulnbTn0w==
X-Received: by 2002:a62:a65a:: with SMTP id
 t87-v6mr9128671pfe.225.1536874629671;
        Thu, 13 Sep 2018 14:37:09 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdZaATogMBZWqZw0I03bWGOhE8YAXfiKsqeLod1LKuwXaSSZtxLAWULjxpyXOqIZtMwoeLe5
X-Received: by 2002:a62:a65a:: with SMTP id
 t87-v6mr9128623pfe.225.1536874628641;
        Thu, 13 Sep 2018 14:37:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536874628; cv=none;
        d=google.com; s=arc-20160816;
        b=TYbd5D6EoQ67vn8vL8+I5srbHCBcplKfgeYth9yL0HBVGjSGfRFpsmzpYqg9pFRZRa
         JN+Ynx3Hev1UeL5pN2MBsal8OIQW9BZoEPeN5oRxxznK520ssjgxvc8R1ccJUaAKsx76
         o4njx3mCP478P23bsxJMfaCX3Pin2V14EWhYLtLel8rlrmv7/0Tc8QXAoXGiiMNGqunZ
         aUdZNyz+TmpNa36tYxBwyR9fhwe4YMzXXqllYOaJCURZkk0m4wqWqmtaSc/ajcFf7wAA
         BJGLavJ7E7wGYxTJbtC21VOaC2ymHUY1ZvdRqzl4CirVHq5hcpXsYrgSQBTFT+GjuFjk
         q5fw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from;
        bh=yyWsNVabShBLnbXNNK3ND1a03HAUBlslH3KYk5b7DJ4=;
        b=h6Dc4YxV9J/YwDTsV6bnsqtouaV/Go8II5+FzchV3jS7Ze9mgthhIl5a+y5856JYW0
         Nb0Rq27W20vHFHpOMMRXtzMAFUP3EcdNogpfTEVqc1ko/nwOt59ghNociKyFArkJ1zBk
         hDJ5iliVPOlVeWkotDrTbfcg/BYV6jdp3ZFHSK15op9R9epGd9pPfXHdRB7u7Xaqdg40
         zl3/JH0VvnL8ew83djWSVHTQ805Lc8XCcmKH84o7W0ogdPDgCUhiy0gj4voGI46dCDY9
         qNNamDvADg/faV5GcVCNKwT0cmDzwkXFR8sxkMePQh71fg1+jSes5fqHRvWHXelJM4SV
         n5kA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31])
        by mx.google.com with ESMTPS id
 h7-v6si5264503plr.98.2018.09.13.14.37.08
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 13 Sep 2018 14:37:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com
 designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 13 Sep 2018 14:37:08 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,370,1531810800";
   d="scan'208";a="263300603"
Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168])
  by fmsmga006.fm.intel.com with ESMTP; 13 Sep 2018 14:37:07 -0700
From: Rick Edgecombe <rick.p.edgecombe@intel.com>
To: tglx@linutronix.de,
	mingo@redhat.com,
	hpa@zytor.com,
	x86@kernel.org,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	kernel-hardening@lists.openwall.com,
	daniel@iogearbox.net,
	jannh@google.com,
	keescook@chromium.org,
	alexei.starovoitov@gmail.com
Cc: kristen@linux.intel.com,
	dave.hansen@intel.com,
	arjan@linux.intel.com,
	Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [PATCH v6 0/4] KASLR feature to randomize each loadable module
Date: Thu, 13 Sep 2018 14:31:34 -0700
Message-Id: <1536874298-23492-1-git-send-email-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Hi,

This is V6 of the "KASLR feature to randomize each loadable module" patchset.
The purpose is to increase the randomization and also to make the modules
randomized in relation to each other instead of just the base, so that if one
module leaks the location of the others can't be inferred.

V6 is just a fix for 0-day arch=SH report, and made the error handling code
more robust in case this gets used for something unforeseeable in the future.

Changes for V6:
 - 0-day build fixes by removing un-needed functional testing, more error
   handling

Changes for V5:
 - Add module_alloc test module

Changes for V4:
 - Fix issue caused by KASAN, kmemleak being provided different allocation
   lengths (padding).
 - Avoid kmalloc until sure its needed in __vmalloc_node_try_addr.
 - Fixed issues reported by 0-day.

Changes for V3:
 - Code cleanup based on internal feedback. (thanks to Dave Hansen and Andriy
   Shevchenko)
 - Slight refactor of existing algorithm to more cleanly live along side new
   one.
 - BPF synthetic benchmark

Changes for V2:
 - New implementation of __vmalloc_node_try_addr based on the
   __vmalloc_node_range implementation, that only flushes TLB when needed.
 - Modified module loading algorithm to try to reduce the TLB flushes further.
 - Increase "random area" tries in order to increase the number of modules that
   can get high randomness.
 - Increase "random area" size to 2/3 of module area in order to increase the
   number of modules that can get high randomness.
 - Fix for 0day failures on other architectures.
 - Fix for wrong debugfs permissions. (thanks to Jann Horn)
 - Spelling fix. (thanks to Jann Horn)
 - Data on module_alloc performance and TLB flushes. (brought up by Kees Cook
   and Jann Horn)
 - Data on memory usage. (suggested by Jann)


Rick Edgecombe (4):
  vmalloc: Add __vmalloc_node_try_addr function
  x86/modules: Increase randomization for modules
  vmalloc: Add debugfs modfraginfo
  Kselftest for module text allocation benchmarking

 arch/x86/include/asm/pgtable_64_types.h       |   7 +
 arch/x86/kernel/module.c                      | 165 ++++++++++--
 include/linux/vmalloc.h                       |   3 +
 lib/Kconfig.debug                             |  10 +
 lib/Makefile                                  |   1 +
 lib/test_mod_alloc.c                          | 354 ++++++++++++++++++++++++++
 mm/vmalloc.c                                  | 279 +++++++++++++++++++-
 tools/testing/selftests/bpf/test_mod_alloc.sh |  29 +++
 8 files changed, 823 insertions(+), 25 deletions(-)
 create mode 100644 lib/test_mod_alloc.c
 create mode 100755 tools/testing/selftests/bpf/test_mod_alloc.sh