linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Laura Abbott <labbott@redhat.com>
To: Thomas Garnier <thgarnie@google.com>, Joe Perches <joe@perches.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Kees Cook <keescook@chromium.org>,
	Greg Thelen <gthelen@google.com>,
	Laura Abbott <labbott@fedoraproject.org>,
	kernel-hardening@lists.openwall.com,
	LKML <linux-kernel@vger.kernel.org>,
	Linux-MM <linux-mm@kvack.org>
Subject: Re: [PATCH] mm: SLAB freelist randomization
Date: Mon, 18 Apr 2016 12:36:49 -0700	[thread overview]
Message-ID: <57153751.7080800@redhat.com> (raw)
In-Reply-To: <CAJcbSZGLABr5xEFeopKTj34bL2P-ss=rChs+AYAP_49r1r0NfA@mail.gmail.com>

On 04/18/2016 08:59 AM, Thomas Garnier wrote:
> I will send the next version today. Note that I get_random_bytes_arch
> is used because at that stage we have 0 bits of entropy. It seemed
> like a better idea to use the arch version that will fallback on
> get_random_bytes sub API in the worse case.
>

This is unfortunate for ARM/ARM64. Those platforms don't have a standard
method for getting random numbers so until additional entropy is added
get_random_bytes will always return the same seed and indeed I always
see the same shuffle on a quick test of arm64. For KASLR, the workaround
was to require the bootloader to pass in entropy. It might be good to
either document this or require this only be used with CONFIG_ARCH_RANDOM.


> On Fri, Apr 15, 2016 at 3:47 PM, Thomas Garnier <thgarnie@google.com> wrote:
>> Thanks for the comments. I will address them in a v2 early next week.
>>
>> If anyone has other comments, please let me know.
>>
>> Thomas
>>
>> On Fri, Apr 15, 2016 at 3:26 PM, Joe Perches <joe@perches.com> wrote:
>>> On Fri, 2016-04-15 at 15:00 -0700, Andrew Morton wrote:
>>>> On Fri, 15 Apr 2016 10:25:59 -0700 Thomas Garnier <thgarnie@google.com> wrote:
>>>>> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
>>>>> SLAB freelist. The list is randomized during initialization of a new set
>>>>> of pages. The order on different freelist sizes is pre-computed at boot
>>>>> for performance. This security feature reduces the predictability of the
>>>>> kernel SLAB allocator against heap overflows rendering attacks much less
>>>>> stable.
>>>
>>> trivia:
>>>
>>>>> @@ -1229,6 +1229,61 @@ static void __init set_up_node(struct kmem_cache *cachep, int index)
>>> []
>>>>> + */
>>>>> +static freelist_idx_t master_list_2[2];
>>>>> +static freelist_idx_t master_list_4[4];
>>>>> +static freelist_idx_t master_list_8[8];
>>>>> +static freelist_idx_t master_list_16[16];
>>>>> +static freelist_idx_t master_list_32[32];
>>>>> +static freelist_idx_t master_list_64[64];
>>>>> +static freelist_idx_t master_list_128[128];
>>>>> +static freelist_idx_t master_list_256[256];
>>>>> +static struct m_list {
>>>>> +   size_t count;
>>>>> +   freelist_idx_t *list;
>>>>> +} master_lists[] = {
>>>>> +   { ARRAY_SIZE(master_list_2), master_list_2 },
>>>>> +   { ARRAY_SIZE(master_list_4), master_list_4 },
>>>>> +   { ARRAY_SIZE(master_list_8), master_list_8 },
>>>>> +   { ARRAY_SIZE(master_list_16), master_list_16 },
>>>>> +   { ARRAY_SIZE(master_list_32), master_list_32 },
>>>>> +   { ARRAY_SIZE(master_list_64), master_list_64 },
>>>>> +   { ARRAY_SIZE(master_list_128), master_list_128 },
>>>>> +   { ARRAY_SIZE(master_list_256), master_list_256 },
>>>>> +};
>>>
>>> static const struct m_list?
>>>

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

  reply	other threads:[~2016-04-18 19:36 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-15 17:25 [PATCH] mm: SLAB freelist randomization Thomas Garnier
2016-04-15 22:00 ` Andrew Morton
2016-04-15 22:26   ` Joe Perches
2016-04-15 22:47     ` Thomas Garnier
2016-04-18 15:59       ` Thomas Garnier
2016-04-18 19:36         ` Laura Abbott [this message]
2016-04-18 19:52           ` Thomas Garnier
2016-04-25 21:04             ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57153751.7080800@redhat.com \
    --to=labbott@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=cl@linux.com \
    --cc=gthelen@google.com \
    --cc=iamjoonsoo.kim@lge.com \
    --cc=joe@perches.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=labbott@fedoraproject.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=penberg@kernel.org \
    --cc=rientjes@google.com \
    --cc=thgarnie@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).