From: Laura Abbott <laura@labbott.name>
To: Christoph Lameter <cl@linux.com>
Cc: Kees Cook <keescook@chromium.org>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: [kernel-hardening] Re: [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX
Date: Wed, 20 Jan 2016 19:35:06 -0800 [thread overview]
Message-ID: <56A051EA.8080003@labbott.name> (raw)
In-Reply-To: <56971AE1.1020706@labbott.name>
On 1/13/16 7:49 PM, Laura Abbott wrote:
> On 1/8/16 6:07 AM, Christoph Lameter wrote:
>> On Thu, 7 Jan 2016, Laura Abbott wrote:
>>
>>> The slub_debug=P not only poisons it enables other consistency checks on the
>>> slab as well, assuming my understanding of what check_object does is correct.
>>> My hope was to have the poison part only and none of the consistency checks in
>>> an attempt to mitigate performance issues. I misunderstood when the checks
>>> actually run and how SLUB_DEBUG was used.
>>
>> Ok I see that there pointer check is done without checking the
>> corresponding debug flag. Patch attached thar fixes it.
>>
>>> Another option would be to have a flag like SLAB_NO_SANITY_CHECK.
>>> sanitization enablement would just be that and SLAB_POISON
>>> in the debug options. The disadvantage to this approach would be losing
>>> the sanitization for ->ctor caches (the grsecurity version works around this
>>> by re-initializing with ->ctor, I haven't heard any feedback if this actually
>>> acceptable) and not having some of the fast paths enabled
>>> (assuming I'm understanding the code path correctly.) which would also
>>> be a performance penalty
>>
>> I think we simply need to fix the missing check there. There is already a
>> flag SLAB_DEBUG_FREE for the pointer checks.
>>
>>
>
> The patch improves performance but the overall performance of these full
> sanitization patches is still significantly better than slub_debug=P. I'll
> put some effort into seeing if I can figure out where the slow down is
> coming from.
>
There are quite a few other checks which need to be skipped over as well,
but I don't think skipping those are going to be sufficient to give an
acceptable performance; a quick 'hackbench -g 20 -l 1000' shows at least
a 3.5 second difference between just skipping all the checks+slab_debug=P
and this series.
The SLAB_DEBUG flags force everything to skip the CPU caches which is
causing the slow down. I experimented with allowing the debugging to
happen with CPU caches but I'm not convinced it's possible to do the
checking on the fast path in a consistent manner without adding
locking. Is it worth refactoring the debugging to be able to be used
on cpu caches or should I take the approach here of having the clear
be separate from free_debug_processing?
Thanks,
Laura
WARNING: multiple messages have this Message-ID (diff)
From: Laura Abbott <laura@labbott.name>
To: Christoph Lameter <cl@linux.com>
Cc: Kees Cook <keescook@chromium.org>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX
Date: Wed, 20 Jan 2016 19:35:06 -0800 [thread overview]
Message-ID: <56A051EA.8080003@labbott.name> (raw)
In-Reply-To: <56971AE1.1020706@labbott.name>
On 1/13/16 7:49 PM, Laura Abbott wrote:
> On 1/8/16 6:07 AM, Christoph Lameter wrote:
>> On Thu, 7 Jan 2016, Laura Abbott wrote:
>>
>>> The slub_debug=P not only poisons it enables other consistency checks on the
>>> slab as well, assuming my understanding of what check_object does is correct.
>>> My hope was to have the poison part only and none of the consistency checks in
>>> an attempt to mitigate performance issues. I misunderstood when the checks
>>> actually run and how SLUB_DEBUG was used.
>>
>> Ok I see that there pointer check is done without checking the
>> corresponding debug flag. Patch attached thar fixes it.
>>
>>> Another option would be to have a flag like SLAB_NO_SANITY_CHECK.
>>> sanitization enablement would just be that and SLAB_POISON
>>> in the debug options. The disadvantage to this approach would be losing
>>> the sanitization for ->ctor caches (the grsecurity version works around this
>>> by re-initializing with ->ctor, I haven't heard any feedback if this actually
>>> acceptable) and not having some of the fast paths enabled
>>> (assuming I'm understanding the code path correctly.) which would also
>>> be a performance penalty
>>
>> I think we simply need to fix the missing check there. There is already a
>> flag SLAB_DEBUG_FREE for the pointer checks.
>>
>>
>
> The patch improves performance but the overall performance of these full
> sanitization patches is still significantly better than slub_debug=P. I'll
> put some effort into seeing if I can figure out where the slow down is
> coming from.
>
There are quite a few other checks which need to be skipped over as well,
but I don't think skipping those are going to be sufficient to give an
acceptable performance; a quick 'hackbench -g 20 -l 1000' shows at least
a 3.5 second difference between just skipping all the checks+slab_debug=P
and this series.
The SLAB_DEBUG flags force everything to skip the CPU caches which is
causing the slow down. I experimented with allowing the debugging to
happen with CPU caches but I'm not convinced it's possible to do the
checking on the fast path in a consistent manner without adding
locking. Is it worth refactoring the debugging to be able to be used
on cpu caches or should I take the approach here of having the clear
be separate from free_debug_processing?
Thanks,
Laura
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Laura Abbott <laura@labbott.name>
To: Christoph Lameter <cl@linux.com>
Cc: Kees Cook <keescook@chromium.org>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>
Subject: Re: [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX
Date: Wed, 20 Jan 2016 19:35:06 -0800 [thread overview]
Message-ID: <56A051EA.8080003@labbott.name> (raw)
In-Reply-To: <56971AE1.1020706@labbott.name>
On 1/13/16 7:49 PM, Laura Abbott wrote:
> On 1/8/16 6:07 AM, Christoph Lameter wrote:
>> On Thu, 7 Jan 2016, Laura Abbott wrote:
>>
>>> The slub_debug=P not only poisons it enables other consistency checks on the
>>> slab as well, assuming my understanding of what check_object does is correct.
>>> My hope was to have the poison part only and none of the consistency checks in
>>> an attempt to mitigate performance issues. I misunderstood when the checks
>>> actually run and how SLUB_DEBUG was used.
>>
>> Ok I see that there pointer check is done without checking the
>> corresponding debug flag. Patch attached thar fixes it.
>>
>>> Another option would be to have a flag like SLAB_NO_SANITY_CHECK.
>>> sanitization enablement would just be that and SLAB_POISON
>>> in the debug options. The disadvantage to this approach would be losing
>>> the sanitization for ->ctor caches (the grsecurity version works around this
>>> by re-initializing with ->ctor, I haven't heard any feedback if this actually
>>> acceptable) and not having some of the fast paths enabled
>>> (assuming I'm understanding the code path correctly.) which would also
>>> be a performance penalty
>>
>> I think we simply need to fix the missing check there. There is already a
>> flag SLAB_DEBUG_FREE for the pointer checks.
>>
>>
>
> The patch improves performance but the overall performance of these full
> sanitization patches is still significantly better than slub_debug=P. I'll
> put some effort into seeing if I can figure out where the slow down is
> coming from.
>
There are quite a few other checks which need to be skipped over as well,
but I don't think skipping those are going to be sufficient to give an
acceptable performance; a quick 'hackbench -g 20 -l 1000' shows at least
a 3.5 second difference between just skipping all the checks+slab_debug=P
and this series.
The SLAB_DEBUG flags force everything to skip the CPU caches which is
causing the slow down. I experimented with allowing the debugging to
happen with CPU caches but I'm not convinced it's possible to do the
checking on the fast path in a consistent manner without adding
locking. Is it worth refactoring the debugging to be able to be used
on cpu caches or should I take the approach here of having the clear
be separate from free_debug_processing?
Thanks,
Laura
next prev parent reply other threads:[~2016-01-21 3:35 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-22 3:40 [kernel-hardening] [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 1/7] mm/slab_common.c: Add common support for slab saniziation Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 20:48 ` [kernel-hardening] " Vlastimil Babka
2015-12-22 20:48 ` Vlastimil Babka
2015-12-22 20:48 ` Vlastimil Babka
2016-01-06 0:17 ` [kernel-hardening] " Kees Cook
2016-01-06 0:17 ` Kees Cook
2016-01-06 0:17 ` Kees Cook
2016-01-06 2:06 ` [kernel-hardening] " Laura Abbott
2016-01-06 2:06 ` Laura Abbott
2016-01-06 2:06 ` Laura Abbott
2016-01-06 0:19 ` [kernel-hardening] " Kees Cook
2016-01-06 0:19 ` Kees Cook
2016-01-06 0:19 ` Kees Cook
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 2/7] slub: Add support for sanitization Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 3/7] slab: " Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 4/7] slob: " Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 5/7] mm: Mark several cases as SLAB_NO_SANITIZE Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2016-01-06 0:21 ` [kernel-hardening] " Kees Cook
2016-01-06 0:21 ` Kees Cook
2016-01-06 0:21 ` Kees Cook
2016-01-06 2:11 ` [kernel-hardening] " Laura Abbott
2016-01-06 2:11 ` Laura Abbott
2016-01-06 2:11 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 9:33 ` [kernel-hardening] " Mathias Krause
2015-12-22 9:33 ` Mathias Krause
2015-12-22 17:51 ` Laura Abbott
2015-12-22 17:51 ` Laura Abbott
2015-12-22 18:37 ` Mathias Krause
2015-12-22 18:37 ` Mathias Krause
2015-12-22 19:18 ` Laura Abbott
2015-12-22 19:18 ` Laura Abbott
2015-12-22 20:01 ` Christoph Lameter
2015-12-22 20:01 ` Christoph Lameter
2015-12-22 20:06 ` Mathias Krause
2015-12-22 20:06 ` Mathias Krause
2015-12-22 14:57 ` Dave Hansen
2015-12-22 14:57 ` Dave Hansen
2015-12-22 16:25 ` Christoph Lameter
2015-12-22 16:25 ` Christoph Lameter
2015-12-22 17:22 ` Dave Hansen
2015-12-22 17:24 ` Christoph Lameter
2015-12-22 17:28 ` Dave Hansen
2015-12-22 17:28 ` Dave Hansen
2015-12-22 18:08 ` Christoph Lameter
2015-12-22 18:08 ` Christoph Lameter
2015-12-22 18:19 ` Dave Hansen
2015-12-22 18:19 ` Dave Hansen
2015-12-22 19:13 ` Laura Abbott
2015-12-22 19:13 ` Laura Abbott
2015-12-22 19:32 ` Dave Hansen
2015-12-22 19:32 ` Dave Hansen
2016-01-06 0:29 ` Kees Cook
2016-01-06 0:29 ` Kees Cook
2016-01-06 2:46 ` Laura Abbott
2016-01-06 2:46 ` Laura Abbott
2015-12-22 3:40 ` [kernel-hardening] [RFC][PATCH 7/7] lkdtm: Add READ_AFTER_FREE test Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2015-12-22 3:40 ` Laura Abbott
2016-01-06 0:15 ` [kernel-hardening] " Kees Cook
2016-01-06 0:15 ` Kees Cook
2016-01-06 0:15 ` Kees Cook
2016-01-06 2:49 ` [kernel-hardening] " Laura Abbott
2016-01-06 2:49 ` Laura Abbott
2016-01-06 2:49 ` Laura Abbott
2015-12-22 16:08 ` [kernel-hardening] Re: [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX Christoph Lameter
2015-12-22 16:08 ` Christoph Lameter
2015-12-22 16:08 ` Christoph Lameter
2015-12-22 16:15 ` [kernel-hardening] " Dave Hansen
2015-12-22 16:15 ` Dave Hansen
2015-12-22 16:38 ` Daniel Micay
2015-12-22 20:04 ` Laura Abbott
2015-12-22 20:04 ` Laura Abbott
2015-12-22 20:04 ` Laura Abbott
2016-01-06 0:09 ` [kernel-hardening] " Kees Cook
2016-01-06 0:09 ` Kees Cook
2016-01-06 0:09 ` Kees Cook
2016-01-06 3:17 ` [kernel-hardening] " Laura Abbott
2016-01-06 3:17 ` Laura Abbott
2016-01-06 3:17 ` Laura Abbott
2016-01-07 16:26 ` [kernel-hardening] " Christoph Lameter
2016-01-07 16:26 ` Christoph Lameter
2016-01-07 16:26 ` Christoph Lameter
2016-01-08 1:23 ` [kernel-hardening] " Laura Abbott
2016-01-08 1:23 ` Laura Abbott
2016-01-08 1:23 ` Laura Abbott
2016-01-08 14:07 ` [kernel-hardening] " Christoph Lameter
2016-01-08 14:07 ` Christoph Lameter
2016-01-08 14:07 ` Christoph Lameter
2016-01-14 3:49 ` [kernel-hardening] " Laura Abbott
2016-01-14 3:49 ` Laura Abbott
2016-01-14 3:49 ` Laura Abbott
2016-01-21 3:35 ` Laura Abbott [this message]
2016-01-21 3:35 ` Laura Abbott
2016-01-21 3:35 ` Laura Abbott
2016-01-21 15:39 ` [kernel-hardening] " Christoph Lameter
2016-01-21 15:39 ` Christoph Lameter
2016-01-21 15:39 ` Christoph Lameter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56A051EA.8080003@labbott.name \
--to=laura@labbott.name \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.