From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F5B3C48BC3 for ; Sat, 17 Feb 2024 05:31:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E81A36B00A2; Sat, 17 Feb 2024 00:31:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E31F66B00A5; Sat, 17 Feb 2024 00:31:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CF98E6B00A6; Sat, 17 Feb 2024 00:31:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BD0206B00A2 for ; Sat, 17 Feb 2024 00:31:06 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 5607780171 for ; Sat, 17 Feb 2024 05:31:06 +0000 (UTC) X-FDA: 81800172132.06.2E101FF Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by imf12.hostedemail.com (Postfix) with ESMTP id 7DE3740006 for ; Sat, 17 Feb 2024 05:31:04 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=OhiEKZjz; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf12.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.170 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708147864; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pH1ffPnywlJckbhLTl8zM+cpKx6cCA6ardzfAPepLZc=; b=ljoeHWP0LwEAsEo2qKQfgCABzdoSCMPaEh2JUx9qqXrWJoURRFpeJVG9I/o1VVj+L7XuKr lHnKGGFHPh81UqmRgR3Exv0mw6FQUmcBcTDaR9Y/ZBxhIs3GyzdnYcivjHZ475JNBBIDgS bq5Tp9yatGGHngXSu9sJttPIxsyJceE= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=OhiEKZjz; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf12.hostedemail.com: domain of keescook@chromium.org designates 209.85.215.170 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708147864; a=rsa-sha256; cv=none; b=lptMLHV0/BdSuUMXYwHLcYf3RBGKy19J5roRkaLHu5EzujwZTimTuXEtYxuoxG6uwVQJ5v Z3Fdd+984P6q89BLR6HH2pnPZajvqM6ZLaOrhpvKBEiQRP3R8SVC8et7HwRd3Dew2SpX/x duTzwlyeQz1XmdGhHNqfGS7YcIoPjgM= Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-5ce9555d42eso2150864a12.2 for ; Fri, 16 Feb 2024 21:31:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1708147863; x=1708752663; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=pH1ffPnywlJckbhLTl8zM+cpKx6cCA6ardzfAPepLZc=; b=OhiEKZjzIP9QcM3r50pZuxO9RkmgtCxfNqyo1uUEW5UKI59Ll5jb/Av7fZlo7Lu10q 7pVfTcVkHnZMw4f83SDyVE6NIH2a2cuOFM0bK94HjBDAfUyTYU5pkpOoYIvFgadXsJ8o p2Q/B/qlNkEMYdS698soYiGKRZSeBtQgrfRZ4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708147863; x=1708752663; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=pH1ffPnywlJckbhLTl8zM+cpKx6cCA6ardzfAPepLZc=; b=kuRvIm55HSSaDLLltOxa6Lm50Sz1W4d28u0gv5RkfTJcCDibyRXCiGoR4ShYL3dijD INgsAJJNfbjj3XzAA00eHQcDtuHqYnJ7O/zrZsnMbh9vaI850P8AZ2zCOmhJ5aHNTlLB xrcHtr7W2Ek9apllh3G/z+mJcsIOZ9Zm8U8XGJlLU/002nbE0LQKUzHdwrUonFn95ncs wS6WGexrzxejAbDgxDn373IOCIBSBgvISJRNdBvnqTKxukKMmMltPozP5d/oVj+e9oDh j7287sBLfXUqKsfbdvCWe4j5KTNxzt62Ba0SpmpcWUjeiraundxf63frC7P5WRQilIHk CEYQ== X-Forwarded-Encrypted: i=1; AJvYcCWSyK9QzIzUeU6f/6wZC6r4GaQnBbxqYdeZUfqGhJzN/EM/w5lriZY6bpoDniOjAAnxnjcUw5u/T84R7aCn0/yFCZQ= X-Gm-Message-State: AOJu0YwIN7lE35s8Fxab1hZ/E9hqqBXtO7afcqQHYi61Gr7jl4G0viun U4o1BfIaXj+n2y4o/pJmjpd8vYk8Md+1/d9KuQEYZYfl+FDi8bdCtj2h6tpiTl70JnTGuKPuEu8 = X-Google-Smtp-Source: AGHT+IFoEmuZSigHtEIPgXAs4/5DtlTFnAAS1avxsigIbWW4ZjtTR0AyaAMva44chxBAjaTsoPprfw== X-Received: by 2002:a05:6a20:43a2:b0:19e:ba42:4edf with SMTP id i34-20020a056a2043a200b0019eba424edfmr9398908pzl.7.1708147863364; Fri, 16 Feb 2024 21:31:03 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id e3-20020aa798c3000000b006dfff453f8esm837201pfm.75.2024.02.16.21.31.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Feb 2024 21:31:02 -0800 (PST) Date: Fri, 16 Feb 2024 21:31:01 -0800 From: Kees Cook To: Andy Lutomirski , Borislav Petkov , Dave Hansen Cc: Daniel Micay , Thomas Gleixner , Ingo Molnar , x86@kernel.org, "H. Peter Anvin" , Eric Biederman , Brian Gerst , Nikolay Borisov , "Chang S. Bae" , Igor Zhbanov , Rick Edgecombe , Randy Dunlap , linux-mm@kvack.org, John Allen , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] x86/vdso: Move vDSO to mmap region Message-ID: <202402162129.792C1AC@keescook> References: <20240210091827.work.233-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240210091827.work.233-kees@kernel.org> X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 7DE3740006 X-Stat-Signature: 8a9krddpt8jdh5yuua6pb1g7wmrsp743 X-HE-Tag: 1708147864-515540 X-HE-Meta: U2FsdGVkX18eZUKvsx56BcRa5nL+JhzriVG3QXa5HDctjpYRphW34i4q9sQH2sDag8PaOyvWPeNsr2hYs4/fHx4OdA85Cz3GYI9+oFzypk9YCYzsH6VZsgtSOsvSZPzdCN+xc965xqk7AmkgzSTS+IQZMu+dWSgT3c2dWbTCuLvh5N0BJShp2LPa9IG5bF7Nt1i/qM8G+ebQf8H0q2H6YICX4/q0/EdnG/7wf/Fkc38tVmFFhJ0lPW4DrMBHFeEOrY6G4eYAQUo9ia/79Kbyo2KruYv61idwa9OP1YOj5Wsl9hNUaRr3xzYjYNtmAcrI1L/1zW8+phJ1svcC7wZXkBLSg7gUi2cXy+yLuSfuYkb0Cnr6REzaxAKQZ6amMHzKFepAgzVNqL+3h7GKbBKZ6KNjb3zCRJ9VZPf1/JJNZ8K3wP8jcS6zCqY5KW5GrCtGkvL0NAtbbQYYSPgo2Kpgl2it98RWn67gjG2I6L3Yo8vqCFf+AAUWbpKGKDBNvefu29+zZfLYI7ds3jcErQINFb2drFx+loKC2lm88T/BGoLmV2GsgbqvZ/Exkf0vixpCGB6OP5o+kh2JUdg9UZSX2V9pEZwGLq8OF/pikQsoDvefwrn/gSqleM13v/dR9KT/jZgAedNAVleK7LHXKl/MF/4YSXVJh2KLo0rWj/WLX7I432ELPfmL3JLWQvdnaDBBavvbdn9yqZTu1SoGm+JZZD+P3MJ9mitBHtwwaBqcreZTWRvf076w2UNh+q5IYGsndE/FlnfWC90otfI374DZcrjqF+SdqpfdI9ut6b6OY6wgmofKfQQqFQ/em8wf0oi8t0xbw5s1BMLCLtUBazV3jjNhTYJGLXniCi9rb6+MfnsJ2yTVzhMeJS4FjMpUwjrHxANq7zyfZRfvtp+jbK8Zl700aT5M0VXcQYvVtBKbhDLDfgj64bh0v8s2JeZ3BJ+rYd59+ekEPPSlCNDox7I KHMLOO0P JeqxnGkS/Zdf2hWhmiG0H1Jjtux4Ei2nFwnY9ViKMfA3dYQ5FvDECrviIqY9Ob1tIQYK7OPTO6AVMGE8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Feb 10, 2024 at 01:18:35AM -0800, Kees Cook wrote: > The vDSO (and its initial randomization) was introduced in commit > 2aae950b21e4 ("x86_64: Add vDSO for x86-64 with gettimeofday/clock_gettime/getcpu"), > but had very low entropy. The entropy was improved in commit > 394f56fe4801 ("x86_64, vdso: Fix the vdso address randomization algorithm"), > but there is still improvement to be made. > > On principle there should not be executable code at a low entropy offset > from the stack, since the stack and executable code having separate > randomization is part of what makes ASLR stronger. > > Remove the only executable code near the stack region and give the vDSO > the same randomized base as other mmap mappings including the linker > and other shared objects. This results in higher entropy being provided > and there's little to no advantage in separating this from the existing > executable code there. This is already how other architectures like > arm64 handle the vDSO. Thread ping. Anyone have thoughts on this? I can carry it in -next to see if anything melts... -- Kees Cook