Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1652797pxa; Thu, 6 Aug 2020 12:31:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwJm19qPTv1m0TMk1ZBlxn/vw1Lcp8A0cZx5pC5kEfSFCLm+rx4YAbyWSzpXczoWOkb5mCI X-Received: by 2002:aa7:cdd2:: with SMTP id h18mr5530088edw.387.1596742284696; Thu, 06 Aug 2020 12:31:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596742284; cv=none; d=google.com; s=arc-20160816; b=Lfm+N3rlZj+G1wtKOvx9XeI4JpyYsg4iA5IQd9iw5NdBHkyz74OXRerg83u3F3zZQk 2t+rqdXsqZ2kQVGcRdbi8d4KvJdWMftlRVfxktQJDnW2j1YcLuzkEST4ngQVIc2fBjQF r0Uinl49lv3RhzbuUu7l/Fn7ceuOJrR6rQo7rYi0NapqW9QNqj/2qu160/I4oGN2Aodi n5bo/73VrwwYBVpruPHzTvVQcaEK/m5ciVXaNnG8Qc/DKM8vgDtTmqpMZnhZqSSSudkU vDIPLc3ypqGbaQWfXRe88ZEHlOgvgD6SoSAbn0BoIwgxZpgqUmp7/bT8wnm6kfpcgOT8 T7GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=eXpUXCboa1iboXL0krzV2/Rr3Jeb/snQcwOxIp/4Dfc=; b=acimpBR5CjkvjcSHDc2kFo76DJ4Ta2XvEfI02eBUf8oQD03YuFRnhsuLvYPsIyfADc Qyk1hjZd9Yr8AOestfWqEZvz9hATHwKwUi4kSjab/N6vYULmFwUcacA43pv08xa9DKeR W6LogI2xe8shiFNvFe3RKH3XIqEY6gGzgSy47jxkCCT7JCNdKcASbRkOBqUSVfh5lrr0 Gv36MgHGOiu8cPHfwhaBnrP0R5qmk9BsIR8cqX81lPnB2W08rfcywnIa6AI8V2iGR9AB PzPM7QAPCGxRzCjSb3i+5zE5fBFLgBtTzNj6Za4HKxVgCjIgenf56iosHkidrZ7nDO1E ZP6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=VRbLv045; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qk16si3839626ejb.532.2020.08.06.12.31.00; Thu, 06 Aug 2020 12:31:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=VRbLv045; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726005AbgHFT1y (ORCPT + 99 others); Thu, 6 Aug 2020 15:27:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725272AbgHFT1x (ORCPT ); Thu, 6 Aug 2020 15:27:53 -0400 Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BD53C061574 for ; Thu, 6 Aug 2020 12:27:53 -0700 (PDT) Received: by mail-pj1-x1042.google.com with SMTP id i92so5142793pje.0 for ; Thu, 06 Aug 2020 12:27:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=eXpUXCboa1iboXL0krzV2/Rr3Jeb/snQcwOxIp/4Dfc=; b=VRbLv045DWIuz8DLew94VGvDSVErpo6jn4nvSzw0t7K7QnTc3umT6i53NWb1LP/jF0 VYzRuv6ew+G0jWbCr06tDw0B0AwLkTE9uV4u7R0p3VhkEcSPWnNxsCZS9qwEThWGqRYf BtImZHYpWLIfRfelG5j1Ui4Z6C2DXjTCalbpY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=eXpUXCboa1iboXL0krzV2/Rr3Jeb/snQcwOxIp/4Dfc=; b=rYW+42wGJr0V5TA04Ct0ufsPi2G0vt1ydUwfuoPrrwRzu7DoFs3GDSSmhk3kvXfZDW aYl5OvJQFZEMpjmwAihjt1xRmPIJkB94m9wfJE8CTtG7sIiOPubUmCDu440EZ9dGAUgu z5YdVJLdAMg6S6ZGnKJn1ajggm7Z6DsEzf2wmz8U3UqKH6HZ6k+NlAADRNg0hBD/rGt9 7Vki8oNmgPCWKm0Zy/CTS6ZE0R2Pu6qE/0WaMh0Jta7FmzmhBeAmgwVEXwqNGkEpO5OE eV2pAC5k57iRCS5AHipG81W3091UVcIoMPKBIntzLCGmLFfhRA9GaPgzcKu0c1lqc9IM 8d2Q== X-Gm-Message-State: AOAM532qhMQtzkHAZluj0MpebVzc8DpyePZ0LE2t4PE9U0pSPHGamXMp a9eipmz3GdIk99zyku2hTW2ufA== X-Received: by 2002:a17:90b:3597:: with SMTP id mm23mr9564700pjb.3.1596742072173; Thu, 06 Aug 2020 12:27:52 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id gm9sm7733975pjb.12.2020.08.06.12.27.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Aug 2020 12:27:51 -0700 (PDT) Date: Thu, 6 Aug 2020 12:27:50 -0700 From: Kees Cook To: Ingo Molnar Cc: Kristen Carlson Accardi , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, arjan@linux.intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, rick.p.edgecombe@intel.com Subject: Re: [PATCH v4 00/10] Function Granular KASLR Message-ID: <202008061052.DA6F3AA2@keescook> References: <20200717170008.5949-1-kristen@linux.intel.com> <20200806153258.GB2131635@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200806153258.GB2131635@gmail.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 06, 2020 at 05:32:58PM +0200, Ingo Molnar wrote: > * Kristen Carlson Accardi wrote: > > [...] > > Performance Impact > > ------------------ > > > * Run time > > The performance impact at run-time of function reordering varies by workload. > > Using kcbench, a kernel compilation benchmark, the performance of a kernel > > build with finer grained KASLR was about 1% slower than a kernel with standard > > KASLR. Analysis with perf showed a slightly higher percentage of > > L1-icache-load-misses. Other workloads were examined as well, with varied > > results. Some workloads performed significantly worse under FGKASLR, while > > others stayed the same or were mysteriously better. In general, it will > > depend on the code flow whether or not finer grained KASLR will impact > > your workload, and how the underlying code was designed. Because the layout > > changes per boot, each time a system is rebooted the performance of a workload > > may change. > > I'd guess that the biggest performance impact comes from tearing apart > 'groups' of functions that particular workloads are using. > > In that sense it might be worthwile to add a '__kaslr_group' function > tag to key functions, which would keep certain performance critical > functions next to each other. We kind of already do this manually for things like the scheduler, etc, using macros like ".whatever.text", so we might be able to create a more generalized approach for those. Right now they require a "section" macro usage and a linker script __start* and __end* marker, etc: #define SCHED_TEXT \ ALIGN_FUNCTION(); \ __sched_text_start = .; \ *(.sched.text) \ __sched_text_end = .; Manually collected each whatever_TEXT define and building out each __whatever_start, etc is annoying. It'd be really cool to have linker script have wildcard replacements for build a syntax like this, based on the presences of matching input sections: .%.text : { __%_start = .; *(.%.text.hot) *(.%.text) *(.%.text.*) *(.%.text.unlikely) __%_end = .; } > I'd also suggest allowing the passing in of a boot-time pseudo-random > generator seed number, which would allow the creation of a > pseudo-randomized but repeatable layout across reboots. This was present in earlier versions of the series. -- Kees Cook