From: "GONG, Ruiqi" <gongruiqi@huaweicloud.com>
To: Kees Cook <keescook@chromium.org>, Vlastimil Babka <vbabka@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
David Rientjes <rientjes@google.com>,
Pekka Enberg <penberg@kernel.org>,
Christoph Lameter <cl@linux.com>, Tejun Heo <tj@kernel.org>,
Dennis Zhou <dennis@kernel.org>,
Alexander Potapenko <glider@google.com>,
Marco Elver <elver@google.com>, Jann Horn <jannh@google.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Alexander Lobakin <aleksander.lobakin@intel.com>,
Pedro Falcato <pedro.falcato@gmail.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
Wang Weiyang <wangweiyang2@huawei.com>,
Xiu Jianfeng <xiujianfeng@huawei.com>,
linux-mm@kvack.org, linux-hardening@vger.kernel.org,
linux-kernel@vger.kernel.org, gongruiqi1@huawei.com
Subject: Re: [PATCH v3 1/1] Randomized slab caches for kmalloc()
Date: Sun, 25 Jun 2023 20:01:07 +0800 [thread overview]
Message-ID: <5c222541-4add-2ca6-90a1-faf11e0b5319@huaweicloud.com> (raw)
In-Reply-To: <202306221307.6CF63BAC20@keescook>
On 2023/06/23 4:10, Kees Cook wrote:
> On Thu, Jun 22, 2023 at 03:56:04PM +0200, Vlastimil Babka wrote:
>> On 6/16/23 13:18, GONG, Ruiqi wrote:
>>> index a3c95338cd3a..6150e9a946a7 100644
>>> --- a/mm/Kconfig
>>> +++ b/mm/Kconfig
>>> @@ -337,6 +337,55 @@ config SLUB_CPU_PARTIAL
>>> which requires the taking of locks that may cause latency spikes.
>>> Typically one would choose no for a realtime system.
>>>
>>> +config RANDOM_KMALLOC_CACHES
>>> + default n
>>> + depends on SLUB
>>> + bool "Random slab caches for normal kmalloc"
>>> + help
>>> + A hardening feature that creates multiple copies of slab caches for
>>> + normal kmalloc allocation and makes kmalloc randomly pick one based
>>> + on code address, which makes the attackers unable to spray vulnerable
>>> + memory objects on the heap for exploiting memory vulnerabilities.
>>> +
>>> +choice
>>> + prompt "Number of random slab caches copies"
>>> + depends on RANDOM_KMALLOC_CACHES
>>> + default RANDOM_KMALLOC_CACHES_16
>>> + help
>>> + The number of copies of random slab caches. Bigger value makes the
>>> + potentially vulnerable memory object less likely to collide with
>>> + objects allocated from other subsystems or modules.
>>
>> When I read this, without further knowledge, why would I select anything
>> else than the largest value? It should mention memory overhead maybe?
>
> Yeah, good idea.
>
No problem. Will add some text about memory overhead into the help
paragraph of RANDOM_KMALLOC_CACHES.
>> Also would anyone really select only "2" and thus limit the collision
>> probability to 50% and not less? "4" also seems quite low for the given
>> purpose? Could we just pick and hardcode 8 or 16 and avoid the selection, at
>> least until there's some more experience with the whole approach?
>
> I assume it was for doing performance (speed or space) analysis for
> people interested in tuning it. The default is 16, which is what most
> folks will end up with. i.e. I'm not sure I see a benefit to dropping 2
> and 4, since I imagine people will either want the highest value (16),
> or the ability to do a full comparison of each setting.
>
> Regardless, I would be fine if we dropped 2 and 4, since I am focused on
> the maximum number (16) of hash buckets. :)
>
It's true that 2 and 4 don't make much sense from the hardening
perspective, and I added them only to cover all possible choices. And
since the overhead difference between 8 and 16 is small, I will hardcode
16 and drop all other options in the next version.
> -Kees
>
next prev parent reply other threads:[~2023-06-25 12:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-16 11:18 [PATCH v3 0/1] " GONG, Ruiqi
2023-06-16 11:18 ` [PATCH v3 1/1] " GONG, Ruiqi
2023-06-21 18:21 ` Kees Cook
2023-06-25 11:25 ` GONG, Ruiqi
2023-06-22 13:56 ` Vlastimil Babka
2023-06-22 20:10 ` Kees Cook
2023-06-25 12:01 ` GONG, Ruiqi [this message]
2023-06-23 8:30 ` [PATCH v3 0/1] " Markus Elfring
2023-06-26 0:56 ` GONG, Ruiqi
2023-06-26 9:18 ` [v3 " Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5c222541-4add-2ca6-90a1-faf11e0b5319@huaweicloud.com \
--to=gongruiqi@huaweicloud.com \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=aleksander.lobakin@intel.com \
--cc=cl@linux.com \
--cc=dennis@kernel.org \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=gongruiqi1@huawei.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=paul@paul-moore.com \
--cc=pedro.falcato@gmail.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=serge@hallyn.com \
--cc=tj@kernel.org \
--cc=vbabka@suse.cz \
--cc=wangweiyang2@huawei.com \
--cc=xiujianfeng@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox