Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1649028ybv;
        Thu, 6 Feb 2020 07:31:03 -0800 (PST)
X-Google-Smtp-Source: APXvYqzEAecxsGM2P/+8vgASmdnFtbYGF5EmxsxuvRiVZrvABsmn0MbIPEkKzrvcAl8KVRGMW7L7
X-Received: by 2002:a05:6830:1e95:: with SMTP id n21mr31629280otr.25.1581003063294;
        Thu, 06 Feb 2020 07:31:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581003063; cv=none;
        d=google.com; s=arc-20160816;
        b=Uscmi7XXH5XYAQQlYJBOi9Z58z7mG6yIlypGllSBbfzO/2DVyzZ2+1iXzzQ/8J9Nnx
         Pt5vgA06rwqlr/5vwmjyZu5qSEIbzlidb99qtpcBzus/rA48U/6VkgKVLW7yOnssYxSi
         R35GbOGZE3C7Ra4/UgA5R9k8AFjQCRmbb6q2IJyZ7lHt0HggpRR05vBKOMzot1W4E+gm
         rv+UAE9rfM9tZLmXWmdRXdkQNouzsMfclA4ugQHa3OZVkelbo0axUuI4UYRhDEcEX59C
         QO738pyEwF8B/NyqlXegjinDOoJzKfgV8TAOi1fw3cRUm8RqeiIwHm3QWXS++ug3Vo9d
         bJ7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:date:from:dkim-signature;
        bh=YRGPQTxySG8GGpnc9qj5oMJ9OxtV3T+CuCWWaPN4Sm4=;
        b=lZPXbvJiLIdg2FiTT36rssEvdjrWX26zM8AUPfeB5sZf/PKDKDGzzlByH2WYZra1Cq
         fmYg8T75NPs7IMdxa21PHMT+Dafnffa7VSOt31T5jYq6lQ7YXXk5yMjIKGDNIACIosWx
         GSRBtTdPUhmqBhZ9XhfJ2PGx8OKqQ/wJTuKFL2n9YM7FRq2DgBKpReVJFcK2EfrqlCw3
         g8F0esI2ehulVZhRx27UJxQVd51IrsXb/cJq3PNGBkWHWExb+RCodvwJHMo0eC7GGbbH
         PahoIuM+MWoiBPoEFpbOLW1SsogZLdg/S7UXaQizinK6AvJZnvadhnXbzNppFNMx9A46
         h3zg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=kFOBTaZb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n11si2345143otf.36.2020.02.06.07.30.49;
        Thu, 06 Feb 2020 07:31:03 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=kFOBTaZb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727440AbgBFP3x (ORCPT <rfc822;dafubiji@gmail.com> + 99 others);
        Thu, 6 Feb 2020 10:29:53 -0500
Received: from mail-qv1-f65.google.com ([209.85.219.65]:36118 "EHLO
        mail-qv1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725535AbgBFP3x (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 6 Feb 2020 10:29:53 -0500
Received: by mail-qv1-f65.google.com with SMTP id db9so3037030qvb.3
        for <linux-kernel@vger.kernel.org>; Thu, 06 Feb 2020 07:29:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=sender:from:date:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=YRGPQTxySG8GGpnc9qj5oMJ9OxtV3T+CuCWWaPN4Sm4=;
        b=kFOBTaZbZk+6VKEeWwEi3ZTRFP/6WLlVpOAShTiRr6XWtBhvXRtaP9jNzjcAtx6mC4
         XLPvHoCNhHi6uHkJp2f8UYY+pa7Psn7d5gKhEKBimDVNaaf4ntcqdXDrpTTnSA+ukBgK
         LmJZ1U9B8ui6kIWVlnXutoSc+pjCv7h//L/BRrY6HOzk9M5R+ySe5/cbDJkv6DScyvd5
         eE8Kwrn41QarPcUKuFzYM1deV2vxmVaYXb2U2nkAlMpNCQpH+Wsu59bLZt30EvJdrFfM
         CHUAl52gdg+8/Ulbz+2TKm7X3gjMhfqFNPJP4oDdxXMzdm18yolhvGgBKlLI+8KxLAj/
         NSjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:sender:from:date:to:cc:subject:message-id
         :references:mime-version:content-disposition:in-reply-to:user-agent;
        bh=YRGPQTxySG8GGpnc9qj5oMJ9OxtV3T+CuCWWaPN4Sm4=;
        b=OsT3gbZh8dybKIvc1Od54riN9MzR2Cb8LuU+UytWA/MSnsaL39gpu2Wbcm6vicqgKf
         Appsi+7v2AUi2vhDFGQ6c3PRdol7Zbd+pmSChzpvNNa5O0X/HvusPrpr2hCZKfQ5YmVF
         JO/SoQu7j2iIKM4LmDckVmDiYKTAAunD6XYQ+qzZxtpTkcpkkj6NkPND66EZLIynIVa7
         sErlpfgy/aRWtzQVmU/SIWmnWDrsuj9OpPpipRopHf2a4rV/gdyfnlmfJcddmHl0gKqn
         1w6JACSDAvB2oFd8CsjYYGjosd9ksipy1shDZfAsu2TjjnSZMR7MrdPm9HjcPbaxf9oc
         cMVw==
X-Gm-Message-State: APjAAAV4T3CArGoNBG9NazF8PyJLNZye+NyiX9IMBuCquc3eg3Zcatg4
        RUgj//coJzwC+DQqVcLPvLg=
X-Received: by 2002:a0c:fac8:: with SMTP id p8mr2824512qvo.47.1581002992198;
        Thu, 06 Feb 2020 07:29:52 -0800 (PST)
Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f])
        by smtp.gmail.com with ESMTPSA id s48sm1808973qtc.96.2020.02.06.07.29.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 06 Feb 2020 07:29:51 -0800 (PST)
From:   Arvind Sankar <nivedita@alum.mit.edu>
X-Google-Original-From: Arvind Sankar <arvind@rani.riverdale.lan>
Date:   Thu, 6 Feb 2020 10:29:50 -0500
To:     Kees Cook <keescook@chromium.org>
Cc:     Kristen Carlson Accardi <kristen@linux.intel.com>,
        tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
        arjan@linux.intel.com, rick.p.edgecombe@intel.com, x86@kernel.org,
        linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: Re: [RFC PATCH 06/11] x86: make sure _etext includes function
 sections
Message-ID: <20200206152949.GA3055637@rani.riverdale.lan>
References: <20200205223950.1212394-1-kristen@linux.intel.com>
 <20200205223950.1212394-7-kristen@linux.intel.com>
 <202002060408.84005CEFFD@keescook>
 <20200206143941.GA3044151@rani.riverdale.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20200206143941.GA3044151@rani.riverdale.lan>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Feb 06, 2020 at 09:39:43AM -0500, Arvind Sankar wrote:
> On Thu, Feb 06, 2020 at 04:26:23AM -0800, Kees Cook wrote:
> > I know x86_64 stack alignment is 16 bytes. I cannot find evidence for
> > what function start alignment should be. It seems the linker is 16 byte
> > aligning these functions, when I think no alignment is needed for
> > function starts, so we're wasting some memory (average 8 bytes per
> > function, at say 50,000 functions, so approaching 512KB) between
> > functions. If we can specify a 1 byte alignment for these orphan
> > sections, that would be nice, as mentioned in the cover letter: we lose
> > a 4 bits of entropy to this alignment, since all randomized function
> > addresses will have their low bits set to zero.
> > 
> 
> The default function alignment is 16-bytes for x64 at least with gcc.
> You can use -falign-functions to specify a different alignment.
> 
> There was some old discussion on reducing it [1] but it doesn't seem to
> have been merged.
> 
> [1] https://lore.kernel.org/lkml/tip-4874fe1eeb40b403a8c9d0ddeb4d166cab3f37ba@git.kernel.org/

Though I don't think the entropy loss is real. With 50k functions, you
can use at most log(50k!) = ~35 KiB worth of entropy in permuting them,
no matter what the alignment is. The only way you can get more is if you
have more than 50k slots to put them in.