From: Topi Miettinen <toiwoton@gmail.com>
To: Uladzislau Rezki <urezki@gmail.com>, Kees Cook <keescook@chromium.org>
Cc: linux-hardening@vger.kernel.org, akpm@linux-foundation.org,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Andy Lutomirski <luto@kernel.org>, Jann Horn <jannh@google.com>,
Linux API <linux-api@vger.kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Mike Rapoport <rppt@kernel.org>
Subject: Re: [PATCH v4] mm/vmalloc: randomize vmalloc() allocations
Date: Tue, 16 Mar 2021 10:01:46 +0200 [thread overview]
Message-ID: <85515ea8-744e-acec-76ba-034b38d0f9fa@gmail.com> (raw)
In-Reply-To: <20210315174742.GA2038@pc638.lan>
On 15.3.2021 19.47, Uladzislau Rezki wrote:
> On Mon, Mar 15, 2021 at 09:16:26AM -0700, Kees Cook wrote:
>> On Mon, Mar 15, 2021 at 01:24:10PM +0100, Uladzislau Rezki wrote:
>>> On Mon, Mar 15, 2021 at 11:04:42AM +0200, Topi Miettinen wrote:
>>>> What's the problem with that? It seems to me that nothing relies on specific
>>>> addresses of the chunks, so it should be possible to randomize these too.
>>>> Also the alignment is honored.
>>>>
>>> My concern are:
>>>
>>> - it is not a vmalloc allocator;
>>> - per-cpu allocator allocates chunks, thus it might be it happens only once. It does not allocate it often;
>>
>> That's actually the reason to randomize it: if it always ends up in the
>> same place at every boot, it becomes a stable target for attackers.
>>
> Probably we can randomize a base address only once when pcpu-allocator
> allocates a fist chunk during the boot.
>
>>> - changing it will likely introduce issues you are not aware of;
>>> - it is not supposed to be interacting with vmalloc allocator. Read the
>>> comment under pcpu_get_vm_areas();
>>>
>>> Therefore i propose just not touch it.
>>
>> How about splitting it from this patch instead? Then it can get separate
>> testing, etc.
>>
> It should be split as well as tested.
Would you prefer another kernel option `randomize_percpu_allocator=1`,
or would it be OK to make it a flag in `randomize_vmalloc`, like
`randomize_vmalloc=3`? Maybe the latter would not be compatible with
static branches.
-Topi
>
> --
> Vlad Rezki
>
next prev parent reply other threads:[~2021-03-16 8:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-09 13:57 [PATCH v4] mm/vmalloc: randomize vmalloc() allocations Topi Miettinen
2021-03-14 17:23 ` Uladzislau Rezki
2021-03-15 9:04 ` Topi Miettinen
2021-03-15 12:24 ` Uladzislau Rezki
2021-03-15 16:16 ` Kees Cook
2021-03-15 17:47 ` Uladzislau Rezki
2021-03-16 8:01 ` Topi Miettinen [this message]
2021-03-16 11:34 ` Uladzislau Rezki
2021-03-15 11:45 ` Topi Miettinen
2021-03-15 15:35 ` Uladzislau Rezki
2021-03-15 16:23 ` Topi Miettinen
2021-03-15 18:02 ` Uladzislau Rezki
2021-03-16 7:01 ` Topi Miettinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=85515ea8-744e-acec-76ba-034b38d0f9fa@gmail.com \
--to=toiwoton@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=rppt@kernel.org \
--cc=urezki@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).