From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=g5mM=FG=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,
	SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 96B43C6369E
	for <linux-mm@archiver.kernel.org>; Wed,  2 Dec 2020 21:29:00 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id DD23122206
	for <linux-mm@archiver.kernel.org>; Wed,  2 Dec 2020 21:28:59 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DD23122206
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id D6E1C6B005C; Wed,  2 Dec 2020 16:28:58 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D1E466B005D; Wed,  2 Dec 2020 16:28:58 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C339A6B0068; Wed,  2 Dec 2020 16:28:58 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0119.hostedemail.com [216.40.44.119])
	by kanga.kvack.org (Postfix) with ESMTP id AAD356B005C
	for <linux-mm@kvack.org>; Wed,  2 Dec 2020 16:28:58 -0500 (EST)
Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 75EEA181AEF30
	for <linux-mm@kvack.org>; Wed,  2 Dec 2020 21:28:58 +0000 (UTC)
X-FDA: 77549632356.17.fuel11_070cbff273b6
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin17.hostedemail.com (Postfix) with ESMTP id 52B08180D0181
	for <linux-mm@kvack.org>; Wed,  2 Dec 2020 21:28:58 +0000 (UTC)
X-HE-Tag: fuel11_070cbff273b6
X-Filterd-Recvd-Size: 4952
Received: from mail-lj1-f196.google.com (mail-lj1-f196.google.com [209.85.208.196])
	by imf13.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed,  2 Dec 2020 21:28:57 +0000 (UTC)
Received: by mail-lj1-f196.google.com with SMTP id y16so131459ljk.1
        for <linux-mm@kvack.org>; Wed, 02 Dec 2020 13:28:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=5XxPc3chLSDUNv3JWhSZI6yuRR4/U1OgJnqTGaagloE=;
        b=D8/7JkieV7O7uvLtVcAzL+wIMniFiyKVdeCJY9CRDiOzumSNZJPXRHxgrn4EIXzTg8
         MaPq5BmxvXx5Las/rLGgT6t5AIUC4LZphF5yniGht66nAVoacoc4a1G0Pkuo1BoVohWa
         3Ab2/SIj5qN/U/7MJdND1QCQi/7h9fdK9Dbq2bSLIltGw368pbY8vmiGLW2mLlw1qglz
         tbYtr5T/Zv3dx6k21rlazfL47g9JcgS1XBx5iC5FeTnNeIyk/HY0Tjo5XQ+rYF4/LXEk
         kmatHvuGIsSRWXP0cJF5QIUw1J6w6jhQJickgKXMPWzq/M5rUX2z74KrlkJIeHDU2s3R
         14ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=5XxPc3chLSDUNv3JWhSZI6yuRR4/U1OgJnqTGaagloE=;
        b=JCf6A1GXOphEIu+0QIPD1PAxLbduIo730WGABWt9IEfCznmgx7Wy1zcKYuzXdoDrv3
         7M1IgeHyQ9b5JRBZ7SjvRVdlQUyUYPM/6t5e3Iu3MEgLfvc56sOu6OQZPrVN0h7WfLHC
         pqTH8qBF4PtrSqtxf77daVvJhbX88ShasEgl591idMppvYVgI5taQw+wxZX0dUOrEiRw
         EPEXDmZio+RwL+spaG2HF86toxSIArn0wg3Ch3sKA0yWJE9mWIgtzYYi0KTK/hpNQl77
         GE9ugSa9YB+TCfL515vygWBBG3kYTXvZK18T+HUwDPGRZ4M4EXbNAzl4H1i6KF7qipUT
         sgAA==
X-Gm-Message-State: AOAM532cu/jatRB4cY4oZv7ohYiXIejDiA45f6xmnIt9efYcy1BEyrMA
	QM4Dgvy1IqWLgpVLmzFnGb4=
X-Google-Smtp-Source: ABdhPJxgyr4kAy1RMo17xWfFqHcx1e6XFhqRmcr1tNyKq+pGOsciL9vMgmoSwRX9ecNVe2j1TV7cRQ==
X-Received: by 2002:a05:651c:2005:: with SMTP id s5mr2148512ljo.36.1606944535669;
        Wed, 02 Dec 2020 13:28:55 -0800 (PST)
Received: from [192.168.1.39] (88-114-211-119.elisa-laajakaista.fi. [88.114.211.119])
        by smtp.gmail.com with ESMTPSA id y65sm844738lfa.289.2020.12.02.13.28.54
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 02 Dec 2020 13:28:54 -0800 (PST)
Subject: Re: [PATCH] mm/vmalloc: randomize vmalloc() allocations
To: Matthew Wilcox <willy@infradead.org>
Cc: linux-hardening@vger.kernel.org, akpm@linux-foundation.org,
 linux-mm@kvack.org, linux-kernel@vger.kernel.org,
 Andy Lutomirski <luto@kernel.org>, Jann Horn <jannh@google.com>,
 Kees Cook <keescook@chromium.org>, Linux API <linux-api@vger.kernel.org>,
 Mike Rapoport <rppt@kernel.org>
References: <20201201214547.9721-1-toiwoton@gmail.com>
 <20201202185334.GG11935@casper.infradead.org>
From: Topi Miettinen <toiwoton@gmail.com>
Message-ID: <ddfe379a-915b-fca8-d191-e60e059e2dae@gmail.com>
Date: Wed, 2 Dec 2020 23:28:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <20201202185334.GG11935@casper.infradead.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 2.12.2020 20.53, Matthew Wilcox wrote:
> On Tue, Dec 01, 2020 at 11:45:47PM +0200, Topi Miettinen wrote:
>> +	/* Randomize allocation */
>> +	if (randomize_vmalloc) {
>> +		voffset = get_random_long() & (roundup_pow_of_two(vend - vstart) - 1);
>> +		voffset = PAGE_ALIGN(voffset);
>> +		if (voffset + size > vend - vstart)
>> +			voffset = vend - vstart - size;
>> +	} else
>> +		voffset = 0;
>> +
>>   	/*
>>   	 * If an allocation fails, the "vend" address is
>>   	 * returned. Therefore trigger the overflow path.
>>   	 */
>> -	addr = __alloc_vmap_area(size, align, vstart, vend);
>> +	addr = __alloc_vmap_area(size, align, vstart + voffset, vend);
>>   	spin_unlock(&free_vmap_area_lock);
> 
> What if there isn't any free address space between vstart+voffset and
> vend, but there is free address space between vstart and voffset?
> Seems like we should add:
> 
> 	addr = __alloc_vmap_area(size, align, vstart + voffset, vend);
> +	if (!addr)
> +		addr = __alloc_vmap_area(size, align, vstart, vend);
> 	spin_unlock(&free_vmap_area_lock);
> 

How about:

	addr = __alloc_vmap_area(size, align, vstart + voffset, vend);
+	if (!addr)
+		addr = __alloc_vmap_area(size, align, vstart, vstart + voffset + size);
	spin_unlock(&free_vmap_area_lock);

That way the search would not be redone for the area that was already 
checked and rejected.

Perhaps my previous patch for mmap() etc. randomization could also 
search towards higher addresses instead of trying random addresses five 
times in case of clashes.

-Topi