From patchwork Mon Oct 1 21:38:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10622769 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7B9C115E8 for ; Mon, 1 Oct 2018 21:38:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 071FA27D16 for ; Mon, 1 Oct 2018 21:38:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EEB12283E7; Mon, 1 Oct 2018 21:38:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7CE2227D16 for ; Mon, 1 Oct 2018 21:38:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E49736B0003; Mon, 1 Oct 2018 17:38:33 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DF7636B0006; Mon, 1 Oct 2018 17:38:33 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CBFC76B0007; Mon, 1 Oct 2018 17:38:33 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 857516B0003 for ; Mon, 1 Oct 2018 17:38:33 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id y86-v6so12226060pff.6 for ; Mon, 01 Oct 2018 14:38:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:mime-version:content-transfer-encoding; bh=9yCDPffpW3ManpPS28B7x1lnW8+7exYzbTKBgabheiw=; b=njMolHYs8O2rTUnFB89eiMNkBViqOvjzH/3hz1Swggvj9WhxA/NPq1W61BHoTDbday kfR91MO9GaJLgIO0roI2KLtZqt/F+xQFFe6Su9aU7R+DG61IZWAHdIxc1WNl+EM8/LzH nbQXUQMbfLpjTe0G53sREExt4hpPg1Rf2Zbdcd0EEZpF/RDOu0xd7unDqyD8lZ/B4X5U 5hyt5q0ln4MZZek/WGKgG6YLVMPHHHIBL/2gTxARNcW3gcDUX7KfLLQAP1svLOMwSxGP dGmBpNubbfcwPsoOtefd+IDJBXIH8kgKIdQAppJlfdEXyeoW7gJXtYTzunn3dHHtXhz5 TvMA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojw07ghAfTJr1agqjSAAPJXW8jSIAEiPjypeWge0ticrfM+snQZ ENmMn9yQHMKvORieBzlDLohPnOSK5D/EXdLx3eYvR4cbEOxyOCDkEpayqLJ+ul/LaaevTKUHSgr Y+WQ3rbhLwxmOyhqj6p3rEMAuRLeC2xE2Pim/7uaS1hsZhD99quezWaRqXCU95MZbUQ== X-Received: by 2002:a63:3cc:: with SMTP id 195-v6mr12015606pgd.262.1538429913167; Mon, 01 Oct 2018 14:38:33 -0700 (PDT) X-Google-Smtp-Source: ACcGV621X/IRgeUCq45XlCvnC3kWTMNNwjiNRi/IPmT/Woe0FWMt7/9v1SSdBfJzCpsQQf+8nQau X-Received: by 2002:a63:3cc:: with SMTP id 195-v6mr12015564pgd.262.1538429911998; Mon, 01 Oct 2018 14:38:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538429911; cv=none; d=google.com; s=arc-20160816; b=Y8ujT7ZE7XMExBgkwx/93Ece4Ab1jgG0TVdm0MOccm22OaYzJZdugs6o9HAayfV/AZ ercLteW80qtHEFNYPxehaB8EIuYndTnFjORgDjGeASR1McBKKN9lrkRrx1pD8lFL3k1D ayBBWwBqZmHkT8GOEHh9OfSvG4j+XXzgOYN/dtdrHGpXXgYdCJg6IFA1oNtYQE8bswOT kBT18y1CWY4jEDv3P1J4f1KgoVybn5GV6e2/v2PmbJoKbGYi7wAADYuN7qq92f7/Tp66 JWnSfmnrMp9Ij21ezkTUXK05LtNcrBDrZRBsEP6YgAtahjFIoJznduRfuCcxVKAuzlHN s84Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=9yCDPffpW3ManpPS28B7x1lnW8+7exYzbTKBgabheiw=; b=cDK1VQG8L0a3ERZ7ZRHLXHRzy+Pe1LyvtAfHOJSk9pUVglNAYYy2Y69QGe6XGPH9B9 IB4dvW9oQ591PoV0/lfmBoCaKK4VLYVDFSrAoMkYSAUHzXZTPL99dPHEeqW+d7iY5W6D AZKorYAKP/yghiIfGfuMVz22eNYh8WeTTy4WVmRvjVZST0o00/9C9r0BL14CTiwI6VAM Tr28xlVo/JkUTZuLl8mLdV3oiCyHEJZhTrH0wbz+oyT3RdbfaqzD9IVmnkuNeWHt+2CX BLyFgDxtkPdMUv+UauUI1rtLYL27/mZI32xabh7M2HDQPQ6H5SPdx4oHe/JPkKWRJ0mg tH4A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga09.intel.com (mga09.intel.com. [134.134.136.24]) by mx.google.com with ESMTPS id f62-v6si14059200pfb.218.2018.10.01.14.38.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Oct 2018 14:38:31 -0700 (PDT) Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.24 as permitted sender) client-ip=134.134.136.24; Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Oct 2018 14:38:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,328,1534834800"; d="scan'208";a="84916732" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by FMSMGA003.fm.intel.com with ESMTP; 01 Oct 2018 14:38:03 -0700 From: Rick Edgecombe To: akpm@linux-foundation.org, willy@infradead.org, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, kernel-hardening@lists.openwall.com, daniel@iogearbox.net, jannh@google.com, keescook@chromium.org Cc: kristen@linux.intel.com, dave.hansen@intel.com, arjan@linux.intel.com, Rick Edgecombe Subject: [PATCH v7 0/4] KASLR feature to randomize each loadable module Date: Mon, 1 Oct 2018 14:38:43 -0700 Message-Id: <1538429927-17834-1-git-send-email-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This is V7 of the "KASLR feature to randomize each loadable module" patchset. The purpose is to increase the randomization and also to make the modules randomized in relation to each other instead of just the base, so that if one module leaks the location of the others can't be inferred. This new version is some more 0-day build fixes, trying to improve the readability and minimize IFDEFs. On cleaning up the kaslr_enabled() weirdness, it turned out there were quite a few conflicts depending on where I put the config helpers. I tried modules.h, and kaslr.h, but this caused a bunch of conflicts related to PAGE_* macros being defined in multiple places, and extern variables being named the same. In the end I just created a new file called kaslr_modules.h. Changes for V7: - More 0-day build fixes, readability improvements (Kees Cook) Changes for V6: - 0-day build fixes by removing un-needed functional testing, more error handling Changes for V5: - Add module_alloc test module Changes for V4: - Fix issue caused by KASAN, kmemleak being provided different allocation lengths (padding). - Avoid kmalloc until sure its needed in __vmalloc_node_try_addr. - Fixed issues reported by 0-day. Changes for V3: - Code cleanup based on internal feedback. (thanks to Dave Hansen and Andriy Shevchenko) - Slight refactor of existing algorithm to more cleanly live along side new one. - BPF synthetic benchmark Changes for V2: - New implementation of __vmalloc_node_try_addr based on the __vmalloc_node_range implementation, that only flushes TLB when needed. - Modified module loading algorithm to try to reduce the TLB flushes further. - Increase "random area" tries in order to increase the number of modules that can get high randomness. - Increase "random area" size to 2/3 of module area in order to increase the number of modules that can get high randomness. - Fix for 0day failures on other architectures. - Fix for wrong debugfs permissions. (thanks to Jann Horn) - Spelling fix. (thanks to Jann Horn) - Data on module_alloc performance and TLB flushes. (brought up by Kees Cook and Jann Horn) - Data on memory usage. (suggested by Jann) Rick Edgecombe (4): vmalloc: Add __vmalloc_node_try_addr function x86/modules: Increase randomization for modules vmalloc: Add debugfs modfraginfo Kselftest for module text allocation benchmarking arch/x86/Kconfig | 3 + arch/x86/include/asm/kaslr_modules.h | 38 +++ arch/x86/include/asm/pgtable_64_types.h | 7 + arch/x86/kernel/module.c | 139 ++++++++-- include/linux/vmalloc.h | 3 + lib/Kconfig.debug | 10 + lib/Makefile | 1 + lib/test_mod_alloc.c | 354 ++++++++++++++++++++++++++ mm/vmalloc.c | 275 +++++++++++++++++++- tools/testing/selftests/bpf/test_mod_alloc.sh | 29 +++ 10 files changed, 834 insertions(+), 25 deletions(-) create mode 100644 arch/x86/include/asm/kaslr_modules.h create mode 100644 lib/test_mod_alloc.c create mode 100755 tools/testing/selftests/bpf/test_mod_alloc.sh