Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp483389pxa; Tue, 4 Aug 2020 10:07:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxgJUHSOyBefCALa8Sx0wGXWw6W8eyKapc2FITCfP0D+A0MXcBHvpg1xaECFaHJPCMbczkL X-Received: by 2002:a50:ee96:: with SMTP id f22mr5068954edr.243.1596560827270; Tue, 04 Aug 2020 10:07:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596560827; cv=none; d=google.com; s=arc-20160816; b=pXgHmJ/vXcaoJtRp4cVQ40TyNwim8KMBHt9thSmEjVfpBdXeRzlgT9wB2VTbOZumBR l7A1svFk53z8mAC1QYOtraW/nBsIVpYmgzPq02G1sdo9Zw88fYBSQ8A2JYdMPj2rYsyM HbYNWLqbr40OSHkr48ts9JwwRF1CrN//T1XejlikDen+eC5j2fQNGV6JBmCfdJStAHpG if3J6u8iLCni/8STGtcMIy+1/jdV+uttSuV8JDwEgmvnXdG8jcs5EIXUHtAlySO+JMke I29vVjuR1vMTwn9/kl0J8lMlhd5NzHrvbwM/Zya9y3HE1N/jx1z4y6z0gcrEMJia+Y/f LlIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=W8ExtNwXWVGPyx9ZboKCDccF2gWgshgIm8dUbOvWxY0=; b=xUW4dylqcCP1f/MOTCZ4Av5vGnXGKkElxrSgxSFxJKfiDD4vhbYteqYJjVfdsiS3LN 97oBgKjHCghcR3EOyPRFyHIwiW1wIxeAV3a8iMRMXNeVlU1J/ElHJmGFTKkiSX2fCliW dkN5QvdcBKVRmnV7CAi99NwpAoOBSbQsK+y/K1hkCVeHLEj3169UU3mzd97QncT8dfn1 IIpAQfFObqSWENS02pVHY6Qg1XOhrv4UGuVMGcQmt8FkrAspiWXAkWb4h6qs3jx0W/4N bVmA8ukFsMgtoqzZukYcrb/IHlbrx101PA2wsL02dZB0s5dP9ipQxKcfIKwDdoWaC3uh 5Jrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=n+e1woa8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gz7si12856111ejb.347.2020.08.04.10.05.57; Tue, 04 Aug 2020 10:07:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=n+e1woa8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729928AbgHDRFp (ORCPT + 99 others); Tue, 4 Aug 2020 13:05:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:59230 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728244AbgHDRFN (ORCPT ); Tue, 4 Aug 2020 13:05:13 -0400 Received: from linux-8ccs (p57a236d4.dip0.t-ipconnect.de [87.162.54.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 158C4207FC; Tue, 4 Aug 2020 17:04:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596560669; bh=NfFOur+2uJBT2CYsYqIKkCO828wrRIoMoBW74zXNLOs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=n+e1woa8+9O8XHHYjFSWLqeRpRx6enaexRX7sKQfy051cr/iLoAwsezENBZr3mESG 9Yd/w5qDUouv+KikFNI/PiizqAMJJJ3W9XA2gjAQYEzvSx0NDrGa7B5VTrV1EBeLql /bS4aa4q4sAlAv7ki/Tc3yK8cG1ddnNJpRtMF7as= Date: Tue, 4 Aug 2020 19:04:21 +0200 From: Jessica Yu To: Joe Lawrence Cc: Kees Cook , Evgenii Shatokhin , Kristen Carlson Accardi , Miroslav Benes , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, arjan@linux.intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, rick.p.edgecombe@intel.com, live-patching@vger.kernel.org, Josh Poimboeuf , "Frank Ch. Eigler" Subject: Re: [PATCH v4 00/10] Function Granular KASLR Message-ID: <20200804170419.GA3882@linux-8ccs> References: <20200717170008.5949-1-kristen@linux.intel.com> <202008031043.FE182E9@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: X-OS: Linux linux-8ccs 5.8.0-rc6-lp150.12.61-default+ x86_64 User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Joe Lawrence [03/08/20 14:17 -0400]: >On 8/3/20 1:45 PM, Kees Cook wrote: >>On Mon, Aug 03, 2020 at 02:39:32PM +0300, Evgenii Shatokhin wrote: >>>There are at least 2 places where high-order memory allocations might happen >>>during module loading. Such allocations may fail if memory is fragmented, >>>while physically contiguous memory areas are not really needed there. I >>>suggest to switch to kvmalloc/kvfree there. Thanks Evgenii for pointing out the potential memory allocation issues that may arise with very large modules when memory is fragmented. I was curious as to which modules on my machine would be considered large, and there seems to be quite a handful...(x86_64 with v5.8-rc6 with a relatively standard distro config and FG KASLR patches on top): ./amdgpu/sections 7277 ./i915/sections 4267 ./nouveau/sections 3772 ./xfs/sections 2395 ./btrfs/sections 1966 ./mac80211/sections 1588 ./kvm/sections 1468 ./cfg80211/sections 1194 ./drm/sections 1012 ./bluetooth/sections 843 ./iwlmvm/sections 664 ./usbcore/sections 524 ./videodev/sections 436 So, I agree with the suggestion that we could switch to kvmalloc() to try to mitigate potential allocation problems when memory is fragmented. >>While this does seem to be the right solution for the extant problem, I >>do want to take a moment and ask if the function sections need to be >>exposed at all? What tools use this information, and do they just want >>to see the bounds of the code region? (i.e. the start/end of all the >>.text* sections) Perhaps .text.* could be excluded from the sysfs >>section list? > >[[cc += FChE, see [0] for Evgenii's full mail ]] > >It looks like debugging tools like systemtap [1], gdb [2] and its >add-symbol-file cmd, etc. peek at the /sys/module//section/ info. > >But yeah, it would be preferable if we didn't export a long sysfs >representation if nobody actually needs it. Thanks Joe for looking into this. Hmm, AFAICT for gdb it's not a hard dependency per se - for add-symbol-file I was under the impression that we are responsible for obtaining the relevant section addresses ourselves through /sys/module/ (the most oft cited method) and then feeding those to add-symbol-file. It would definitely be more difficult to find out the section addresses without the /sys/module/ section entries. In any case, it sounds like systemtap has a hard dependency on /sys/module/*/sections anyway. Regarding /proc/kallsyms, I think it is probably possible to expose section symbols and their addresses via /proc/kallsyms rather than through sysfs (it would then live in the module's vmalloc'ed memory) but I'm not sure how helpful that would actually be, especially since existing tools depend on the sysfs interface being there. >[0] https://lore.kernel.org/lkml/e9c4d88b-86db-47e9-4299-3fac45a7e3fd@virtuozzo.com/ >[1] https://fossies.org/linux/systemtap/staprun/staprun.c >[2] https://www.oreilly.com/library/view/linux-device-drivers/0596005903/ch04.html#linuxdrive3-CHP-4-SECT-6.1 > >-- Joe