Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1779144ybv; Thu, 6 Feb 2020 09:38:09 -0800 (PST) X-Google-Smtp-Source: APXvYqxQmbYFetl1LK2bT98dbWmPe5GgQDfaUBxCAlLGPyNbDjuz52+ohqxr2cSJDZbrWHO0NJ52 X-Received: by 2002:a05:6808:8ca:: with SMTP id k10mr7636077oij.164.1581010689180; Thu, 06 Feb 2020 09:38:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581010689; cv=none; d=google.com; s=arc-20160816; b=0Wg/CgQcujJKiCljBnf+7UhN2tvtP4XWtaHhtH50qpt3Co1oWHY0rhOgDUwVg4FwkA 2gAtFNJTt6iusS4lrxsOrq+3/OqWfjn2ZXuFTYOS4oQfC+oP37c2iEvfhgdbGcto1ltt 9h6O4nKVGgb4Jg6P70uyRUM1rhOGlKS1nPW46O6qMGj0hyUR7zs9wfoLfRB2TCZuTMjs D3w/570cWnqEFblLPDxJjyOp8ROyi08X8u3BOj+uU6XoqCUOtmUfaX3eXYLIQW8AtPZz DZbcPTtdrSZWi8PEVUsiYviHMD52Aa6k8RoBowehSrR/AbX1P9lGORNFfv4PTU4Bq7bN 9e/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=c4tZ5HRvMCEkmB7b4aFIGY8l4V14DL4Qt8TJDicMoxs=; b=LzF8iJf/DxZkp2YzcLnm9dW4pQvjq2/VM82dDZKS08e1Nc7/8jAKRfuY7pLPwwTRL8 BWIHyQBP2JEcQoEaiLtfpi2v8p77ZC2urBwwLXNqV9tgzqRWLrdPqlijxgY4SX7HK93a oqbZqrd8Mqux7Y3a6GIwRzV4REqbXkrCR0Xz+5rGqL0bu4SAX/b/Va5kChg8mi8ujc9Y WgAVORcGhlKdA249Ov/G+3mIYUOggPd/PXTkKVQ6MorMOrluoS60U8KymV1CWaiIX3GC xdldC/nL3K9aw2VGkOt6KKtdHww42EQ05IbSxqaZKiRGKxd/RL/w/e1Uu/LV93d9bIZ/ IlcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g25si158656otj.198.2020.02.06.09.37.57; Thu, 06 Feb 2020 09:38:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727721AbgBFRhA (ORCPT + 99 others); Thu, 6 Feb 2020 12:37:00 -0500 Received: from mga02.intel.com ([134.134.136.20]:10353 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726990AbgBFRhA (ORCPT ); Thu, 6 Feb 2020 12:37:00 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 09:37:00 -0800 X-IronPort-AV: E=Sophos;i="5.70,410,1574150400"; d="scan'208";a="220510906" Received: from kcaccard-mobl.amr.corp.intel.com (HELO kcaccard-mobl1.jf.intel.com) ([10.24.10.96]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 09:37:00 -0800 Message-ID: Subject: Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR From: Kristen Carlson Accardi To: Kees Cook , Andy Lutomirski Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Arjan van de Ven , Rick Edgecombe , X86 ML , LKML , Kernel Hardening Date: Thu, 06 Feb 2020 09:36:59 -0800 In-Reply-To: <202002060353.A6A064A@keescook> References: <20200205223950.1212394-1-kristen@linux.intel.com> <20200205223950.1212394-9-kristen@linux.intel.com> <202002060353.A6A064A@keescook> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2020-02-06 at 03:56 -0800, Kees Cook wrote: > On Wed, Feb 05, 2020 at 05:17:11PM -0800, Andy Lutomirski wrote: > > On Wed, Feb 5, 2020 at 2:39 PM Kristen Carlson Accardi > > wrote: > > > At boot time, find all the function sections that have separate > > > .text > > > sections, shuffle them, and then copy them to new locations. > > > Adjust > > > any relocations accordingly. > > > > > > + sort(base, num_syms, sizeof(int), kallsyms_cmp, > > > kallsyms_swp); > > > > Hah, here's a huge bottleneck. Unless you are severely > > memory-constrained, never do a sort with an expensive swap function > > like this. Instead allocate an array of indices that starts out as > > [0, 1, 2, ...]. Sort *that* where the swap function just swaps the > > indices. Then use the sorted list of indices to permute the actual > > data. The result is exactly one expensive swap per item instead of > > one expensive swap per swap. > > I think there are few places where memory-vs-speed need to be > examined. > I remain surprised about how much memory the entire series already > uses > (58MB in my local tests), but I suspect this is likely dominated by > the > two factors: a full copy of the decompressed kernel, and that the > "allocator" in the image doesn't really implement free(): > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/decompress/mm.h#n55 > Yes - that was a huge issue (that free() doesn't actually...). Having to do the copy really caused me to need to bump up the boot heap. Thankfully, this is a readily solvable problem. I think there's a temptation to focus too hard on the boot latency. While I measured this on a reasonably fast system, we aren't talking minutes of latency here, just a second or a second and a half. I know there are those who sweat the milliseconds on booting vms, but I expect they might just turn this feature off anyway. That said, there are absolutely a lot of great ideas for improving things here that I am excited to try should people be interested enough in this feature for me to take it to the next stage.