From patchwork Fri Nov 2 19:25:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 10666053 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1830D17D4 for ; Fri, 2 Nov 2018 19:30:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F20962BFF6 for ; Fri, 2 Nov 2018 19:30:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E34742C0B2; Fri, 2 Nov 2018 19:30:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 65D5F2BFF6 for ; Fri, 2 Nov 2018 19:30:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 64BD66B0006; Fri, 2 Nov 2018 15:30:11 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 60C9E6B000C; Fri, 2 Nov 2018 15:30:11 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 49BF26B000A; Fri, 2 Nov 2018 15:30:11 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id 070966B0006 for ; Fri, 2 Nov 2018 15:30:11 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id o9so1959491pgv.19 for ; Fri, 02 Nov 2018 12:30:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:mime-version:content-transfer-encoding; bh=z+XiMTgDbuoNeQHHcKPlgldho8+VGXPvrKN3USQVVPQ=; b=JR4z+AnXfon5W0DC3c5YoE9Xw5BxkfQ585u80MActLQg1TgwoQHfHv5y/C+4QQ1mjq eip5y7BJnsKdaZzy3P52734hKaaFNQriJ6oPx9hAhp7Saf2VjPlVAno7x64STx6SEfos aRjbKcUx56TyTqwDql/ywOZR+EzQy5V+ZiF8mhKs2NCtUNHF3A45JmlxHIZBzxhJbNIu T8T+/yDjRnmmcnf7vZFnhQGH1X8WLGentbjsVSj7/7scYztqOyATHVDH0Gjjuf2qra1C Zr2vWEq7OzIVq75q+roMxJ2BdVSCl0ur2rRSv2CVgqtC+YvQQPwC1xdi8bhhf4FfDZxK 3ngA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: AGRZ1gKOf4xeTljlBoD0efIf4nYjubBh8Qr9GphwvqGmwr797P70eMw4 FYXKke6f2GssqDZppo1bcrWqXkpgXzZa+QQHXuafNj73HgWfIHDsLhRgtNC6PAJLS4rhG64Nomb 2d77558yPGh1ZUnyipVzmGER3WeFfI236px5rig4MBV63hFovXqDKNkhQbqsLHLNqGA== X-Received: by 2002:a17:902:144:: with SMTP id 62-v6mr12527486plb.142.1541187010653; Fri, 02 Nov 2018 12:30:10 -0700 (PDT) X-Google-Smtp-Source: AJdET5dJNcnIs1kZhfrgmiuiSERuhHnT+Y/FHRVZKzNOX3v8Lfmo+ZHHXWxc8dP7KYCJcJbXSwhu X-Received: by 2002:a17:902:144:: with SMTP id 62-v6mr12527435plb.142.1541187009495; Fri, 02 Nov 2018 12:30:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541187009; cv=none; d=google.com; s=arc-20160816; b=mIt9C/F6skKb/WocY9jYeRpjmjVxNfKkEcns1CpwHH40GBxY3wSBJHaMwQrWACDZ8A dL3XQwxDwwd1xk/fHUkj3GKno81twLVECaKTI2DZDWN9BKknvIvcMhrAh4EL1WgkMGpx gTiuk9xvxyrOK5ui+OU2vc1EE1NcvP/Vwbfn9O/uDjMOw2ntIJIK02AAEtDlx5YCPERt nzCbMW5ILGnOipF7Qt8bKN17YIRsUklybkoR5LVWifoVaskXFFEucTs7mglCzgI1fD5/ l/5qEWG2ZfEPsFQ3jxl5G6VAj1A8DyNNuulDzl4KLlUL8RrgQgKLcCP/HMBJvxZOq2B0 ptAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from; bh=z+XiMTgDbuoNeQHHcKPlgldho8+VGXPvrKN3USQVVPQ=; b=T5KfEMtSCqPDJQ6nueAv9F89L+CS+l5T1Pe50bW07beXW59OUBwLjAsm//68fh4g6a h5/0VDcCXYbocvYhG7jCj7dXk2C+/WHx/vNaaHrAFNZNeC8huP4Tnd+iw8Yx8U4odj9v pbOmAUGs568doQmZUM0xUJEMLDmBNrOdm9PVnVqfyUjJJa2m8G/T6GsxldsWlnwUelrw nwcrBl9zPwiX3iKp9RWU2tnHHWxd6Kio2PDtH+DX48aAcyY+A1/A7rk50y4cxvvLQkHh V9D7FhF+a5FD3QrEkO+S6ILXI3b/SJqDuZ1q+LHrYb1DWY+TE8SIPqCxQIAGZe6vY9sJ fUgQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31]) by mx.google.com with ESMTPS id 30si817802pgr.396.2018.11.02.12.30.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Nov 2018 12:30:09 -0700 (PDT) Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Nov 2018 12:30:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,457,1534834800"; d="scan'208";a="276669246" Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168]) by fmsmga005.fm.intel.com with ESMTP; 02 Nov 2018 12:30:07 -0700 From: Rick Edgecombe To: jeyu@kernel.org, akpm@linux-foundation.org, willy@infradead.org, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, kernel-hardening@lists.openwall.com, daniel@iogearbox.net, jannh@google.com, keescook@chromium.org Cc: kristen@linux.intel.com, dave.hansen@intel.com, arjan@linux.intel.com, Rick Edgecombe Subject: [PATCH v8 0/4] KASLR feature to randomize each loadable module Date: Fri, 2 Nov 2018 12:25:16 -0700 Message-Id: <20181102192520.4522-1-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi, This is V8 of the "KASLR feature to randomize each loadable module" patchset. The purpose is to increase the randomization and also to make the modules randomized in relation to each other instead of just the base, so that if one module leaks the location of the others can't be inferred. This version gets rid of the more complex, more LOC, new logic in vmalloc that helped optimization around lazy the free area case, and hopefully makes this patchset more straightforward. Earlier versions were concerned with efficiently handling this case, but I have learned they are actually not common in real world module loader usage. So instead there are some smaller tweaks to existing vmalloc logic to allow an allocation to be tried without triggering a purge_vmap_area_lazy() and retry, when it encounters a real (non lazy free) area. The kselftest simulations have been updated with the logic of init sections getting cleaned up as well. There is a small allocation performance degradation versus v7 as a trade off, but it is still faster on average than the existing algorithm until >7000 modules. Changes for V8: - Simplify code by removing logic for optimum handling of lazy free areas Changes for V7: - More 0-day build fixes, readability improvements (Kees Cook) Changes for V6: - 0-day build fixes by removing un-needed functional testing, more error handling Changes for V5: - Add module_alloc test module Changes for V4: - Fix issue caused by KASAN, kmemleak being provided different allocation lengths (padding). - Avoid kmalloc until sure its needed in __vmalloc_node_try_addr. - Fixed issues reported by 0-day. Changes for V3: - Code cleanup based on internal feedback. (thanks to Dave Hansen and Andriy Shevchenko) - Slight refactor of existing algorithm to more cleanly live along side new one. - BPF synthetic benchmark Changes for V2: - New implementation of __vmalloc_node_try_addr based on the __vmalloc_node_range implementation, that only flushes TLB when needed. - Modified module loading algorithm to try to reduce the TLB flushes further. - Increase "random area" tries in order to increase the number of modules that can get high randomness. - Increase "random area" size to 2/3 of module area in order to increase the number of modules that can get high randomness. - Fix for 0day failures on other architectures. - Fix for wrong debugfs permissions. (thanks to Jann Horn) - Spelling fix. (thanks to Jann Horn) - Data on module_alloc performance and TLB flushes. (brought up by Kees Cook and Jann Horn) - Data on memory usage. (suggested by Jann) Rick Edgecombe (4): vmalloc: Add __vmalloc_node_try_addr function x86/modules: Increase randomization for modules vmalloc: Add debugfs modfraginfo Kselftest for module text allocation benchmarking arch/x86/Kconfig | 3 + arch/x86/include/asm/kaslr_modules.h | 38 ++ arch/x86/include/asm/pgtable_64_types.h | 7 + arch/x86/kernel/module.c | 111 ++++-- include/linux/vmalloc.h | 3 + lib/Kconfig.debug | 9 + lib/Makefile | 1 + lib/test_mod_alloc.c | 343 ++++++++++++++++++ mm/vmalloc.c | 228 ++++++++++-- tools/testing/selftests/bpf/test_mod_alloc.sh | 29 ++ 10 files changed, 711 insertions(+), 61 deletions(-) create mode 100644 arch/x86/include/asm/kaslr_modules.h create mode 100644 lib/test_mod_alloc.c create mode 100755 tools/testing/selftests/bpf/test_mod_alloc.sh