Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp142213pxb; Fri, 5 Mar 2021 17:15:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJwVPr/zveKksOBGdViaAMgTDD5E1xFKa2xGf0HGKTx3SZcQCRb4imfQaP/ZfUGY/4OE7QKr X-Received: by 2002:a17:906:2312:: with SMTP id l18mr5012501eja.468.1614993318167; Fri, 05 Mar 2021 17:15:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614993318; cv=none; d=google.com; s=arc-20160816; b=D/5U8LhPSdCyj8H/SdKF+enJn2DKPEhq9ZBtmyOsI9eDms4Sbx1/km602oRXYnvl4J H7kAr+T8lYNG5nIuVsA/Glp2eQBtdmZPflKcMsKRk2L8V37fu+q//oq3gDpw0qbpkDnt 7pvrp5o0tOCJm1k5N/w1YZNDONGNooxK9yIIQ1R5W1VBaMENWR3iYuXtTYgZl1/Cv212 MJPbkW1Hf94nkLrs114SLZFMP+uvB3f6Jyiej+r1z1KIzPe6pbgxv09ncQbjGEyJwGDX QYQ5ytfYeETQgk4upLeo0qWoRfLUFEPELvgE4Ey0FO0bYq1mlfsTB0M+5mRcqs4l87Ul rWGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=nUOwd7iKcHFegffYIhHWDDLXFqRuniGA70id5C+8ve0=; b=pI/G1Gk47jIBC77mXEubFpPkLAEUpN0jOTSXYLDK0XtaD4O1LLBkbumCY1qQfT/svA nVWhLwkKXPhCrd6dKn77/T+MF/AVtNQkc993gwFBXhNsYx1I3TYIkv3lRGO8bM4byb6w 0a4WgHGPsE4i4ya1YPS3BqMHrQC6EosLPj5kU19v+yMvvoza/1JxHXOVIvwMQUU8YA4B /NxdcpaeKVeNxoc0DQ/Pl5ryhLwlNpIz4bjhcSKH/PD3dQM/v2905eHur93ogS13cl0Z gWVfCpVhcb8CI3DdgtWekRoXxbA2aHjGyMzFXS4s/kpre90l9pWK06B0dG8ZaK4j18hQ A41g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b="rrlGcLV/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j21si2498686ejn.713.2021.03.05.17.14.55; Fri, 05 Mar 2021 17:15:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b="rrlGcLV/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229679AbhCFBNk (ORCPT + 99 others); Fri, 5 Mar 2021 20:13:40 -0500 Received: from mail.kernel.org ([198.145.29.99]:42626 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229576AbhCFBNe (ORCPT ); Fri, 5 Mar 2021 20:13:34 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id BB11065090; Sat, 6 Mar 2021 01:13:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1614993212; bh=Uw04knjc4xx7x3agCMeJqcaVgzDCRD/JHNyGNt2bGIo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=rrlGcLV/iQuL/RnkUBIctgDo4IL+sqJKuHHI4vEq4GFnEbK3eyG1IqxAyw7/zgEz9 nU5nMBl4w1rrPU7gGUUlbEqAcdSs3F70xqpBKKXrWvsKNbDxNi14tl1Ox5rzZUNeMe CQKDNhM+a6qFcgTMALZwXLbxY/DRWmlzQBksg1rU= Date: Fri, 5 Mar 2021 17:13:31 -0800 From: Andrew Morton To: Topi Miettinen Cc: linux-hardening@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andy Lutomirski , Jann Horn , Kees Cook , Linux API , Matthew Wilcox , Mike Rapoport , Vlad Rezki Subject: Re: [PATCH v3] mm/vmalloc: randomize vmalloc() allocations Message-Id: <20210305171331.2424b166ed4d2d9da73ac335@linux-foundation.org> In-Reply-To: <20210215202634.5121-1-toiwoton@gmail.com> References: <20210215202634.5121-1-toiwoton@gmail.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 15 Feb 2021 22:26:34 +0200 Topi Miettinen wrote: > Memory mappings inside kernel allocated with vmalloc() are in > predictable order and packed tightly toward the low addresses, except > for per-cpu areas which start from top of the vmalloc area. With > new kernel boot parameter 'randomize_vmalloc=1', the entire area is > used randomly to make the allocations less predictable and harder to > guess for attackers. Also module and BPF code locations get randomized > (within their dedicated and rather small area though) and if > CONFIG_VMAP_STACK is enabled, also kernel thread stack locations. > > On 32 bit systems this may cause problems due to increased VM > fragmentation if the address space gets crowded. > > On all systems, it will reduce performance and increase memory and > cache usage due to less efficient use of page tables and inability to > merge adjacent VMAs with compatible attributes. On x86_64 with 5 level > page tables, in the worst case, additional page table entries of up to > 4 pages are created for each mapping, so with small mappings there's > considerable penalty. > > ... > How useful is this expected to be? What sort of attack scenarios will this help to defend against? And what do others think of the proposal?