Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752915AbdF2R44 (ORCPT ); Thu, 29 Jun 2017 13:56:56 -0400 Received: from mail-it0-f52.google.com ([209.85.214.52]:35567 "EHLO mail-it0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752601AbdF2R4t (ORCPT ); Thu, 29 Jun 2017 13:56:49 -0400 Date: Thu, 29 Jun 2017 11:56:47 -0600 From: Tycho Andersen To: Rik van Riel Cc: Kees Cook , Christoph Lameter , Andrew Morton , Laura Abbott , Daniel Micay , Pekka Enberg , David Rientjes , Joonsoo Kim , "Paul E. McKenney" , Ingo Molnar , Josh Triplett , Andy Lutomirski , Nicolas Pitre , Tejun Heo , Daniel Mack , Sebastian Andrzej Siewior , Sergey Senozhatsky , Helge Deller , LKML , Linux-MM , "kernel-hardening@lists.openwall.com" Subject: Re: [kernel-hardening] Re: [PATCH v2] mm: Add SLUB free list pointer obfuscation Message-ID: <20170629175647.pufnks75fqy627jv@smitten> References: <20170623015010.GA137429@beast> <1498758853.6130.2.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1498758853.6130.2.camel@redhat.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1466 Lines: 38 On Thu, Jun 29, 2017 at 01:54:13PM -0400, Rik van Riel wrote: > On Thu, 2017-06-29 at 10:47 -0700, Kees Cook wrote: > > On Thu, Jun 29, 2017 at 10:05 AM, Christoph Lameter > > wrote: > > > On Sun, 25 Jun 2017, Kees Cook wrote: > > > > > > > The difference gets lost in the noise, but if the above is > > > > sensible, > > > > it's 0.07% slower. ;) > > > > > > Hmmm... These differences add up. Also in a repetative benchmark > > > like that > > > you do not see the impact that the additional cacheline use in the > > > cpu > > > cache has on larger workloads. Those may be pushed over the edge of > > > l1 or > > > l2 capacity at some point which then causes drastic regressions. > > > > Even if that is true, it may be worth it to some people to have the > > protection. Given that is significantly hampers a large class of heap > > overflow attacks[1], I think it's an important change to have. I'm > > not > > suggesting this be on by default, it's cleanly behind > > CONFIG-controlled macros, and is very limited in scope. If you can > > Ack > > it we can let system builders decide if they want to risk a possible > > performance hit. I'm pretty sure most distros would like to have this > > protection. > > I could certainly see it being useful for all kinds of portable > and network-connected systems where security is simply much > more important than performance. Indeed, I believe we would enable this in our kernels. Cheers, Tycho