Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1622925ybh; Sun, 15 Mar 2020 07:12:28 -0700 (PDT) X-Google-Smtp-Source: ADFU+vv8KwaYJOl6fzP+mkFPdBDwcKL6BCrYnWLr+xhXqZF2/UxS0qDxkF64Ozm54fUA1mK4GlNx X-Received: by 2002:a54:4f14:: with SMTP id e20mr13732176oiy.84.1584281548572; Sun, 15 Mar 2020 07:12:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584281548; cv=none; d=google.com; s=arc-20160816; b=vuxvXV7ICVlAA19mhi9wzL6kDKBRDCld2oNjsNW84lm0PaGVkWU3tEDUyK/q5+CTaV p60IX9WhQNlTa8Fe4syAdEML/ONazytJnuLx0lwNK+Hpl3paE6/k8tTsl3hBhZi+TQSw /yIhU/FAXxULxFKDdJVGgjdfmTujKsaJbTDNDDD0mCHYmOcz/URV0acajc0zXN11mFs6 OFm1daT+BDE6PKb8rKOiZU+rAmljaB+pnqAjYQGxbTZjw2Pri5De2EJRGPCIfmHxmpAp i4fRCvDgn852WFXRk0OPZ+P4daabj4D2t1SgjzfbWVETMudIeJycJGL11RLljLGYB801 eqKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=+Oq/PlUjxFW3XSsqYIBk9SAOcO0j5wFgpGVC6Rz4QV0=; b=hC0jDf1yo/HpZyRPeM2G/RwRkM9nxiu0ndQfIRzmeGiSrIQW2pTyUHBBSkbSpLw/n5 a9YidfXaLAuW9bCLlV8cX4AzXRHMYRaBG8zstRsbKyLSvK4BUNnALFpeai8DCW7j8SBG xmkKmPbaW6jQY2/G9yzz+IRfbzJunNVfPFY+7jdpetanugRVJkwVrsrWt7JrtIafudaR 1Aa7thf5+A1RAbXuu7pulBROcPQiA43ynPJO2l1DJkFo5AHB+N/wvugsAYD7otc/Xzqk f6DwWAexXnXH7yMi/eDXpgiNnAvgn8mXZdnJXx5LR+8gBhO1BExntC0Bg4dw1V7wwnnv N73Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f6si8577757otq.50.2020.03.15.07.12.15; Sun, 15 Mar 2020 07:12:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728211AbgCOOLj (ORCPT + 99 others); Sun, 15 Mar 2020 10:11:39 -0400 Received: from gentwo.org ([3.19.106.255]:43644 "EHLO gentwo.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727778AbgCOOLj (ORCPT ); Sun, 15 Mar 2020 10:11:39 -0400 Received: by gentwo.org (Postfix, from userid 1002) id 8C64E3F7A9; Sun, 15 Mar 2020 14:11:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by gentwo.org (Postfix) with ESMTP id 8B71A3F6EC; Sun, 15 Mar 2020 14:11:38 +0000 (UTC) Date: Sun, 15 Mar 2020 14:11:38 +0000 (UTC) From: Christopher Lameter X-X-Sender: cl@www.lameter.com To: Kees Cook cc: David Laight , Andrew Morton , Pekka Enberg , David Rientjes , Joonsoo Kim , Daniel Micay , Vitaly Nikolenko , Silvio Cesare , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH] slub: Relocate freelist pointer to middle of object In-Reply-To: <202003111039.24B8A0B@keescook> Message-ID: References: <202003051624.AAAC9AECC@keescook> <6fbf67b5936a44feaf9ad5b58d39082b@AcuMS.aculab.com> <202003111039.24B8A0B@keescook> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 11 Mar 2020, Kees Cook wrote: > > Sounds good. You could even randomize the position to avoid attacks on via > > the freelist pointer. > > That's a good point. "offset" is just calculated once, and for many > slabs, the available space is quite large. I wonder what the best Correct. > practice might be for how far from the edge to stay. Hmmm. Maybe simply > carve it into thirds, and randomize the offset within the middle third? Take off the first and last word and randomize within the space that is left?