From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C033DEB64DC for ; Sun, 25 Jun 2023 12:01:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 038B86B0071; Sun, 25 Jun 2023 08:01:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F2B476B0072; Sun, 25 Jun 2023 08:01:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DF52D6B0074; Sun, 25 Jun 2023 08:01:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id CE6626B0071 for ; Sun, 25 Jun 2023 08:01:23 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 9129FA0A56 for ; Sun, 25 Jun 2023 12:01:23 +0000 (UTC) X-FDA: 80941130046.18.6AF1411 Received: from dggsgout11.his.huawei.com (unknown [45.249.212.51]) by imf17.hostedemail.com (Postfix) with ESMTP id B655540027 for ; Sun, 25 Jun 2023 12:01:18 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=none; spf=none (imf17.hostedemail.com: domain of gongruiqi@huaweicloud.com has no SPF policy when checking 45.249.212.51) smtp.mailfrom=gongruiqi@huaweicloud.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687694479; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8q1K2h8G60lLFUbfIlxlsMtMaraCghrnS+t7ZEQoOGo=; b=DUX3HMy9V15wl+4gfeVF1EdlbNEXx/tV/I1mO31hGfe9OKDa8Y5RT06TUq5BGHafDhtn/T mih7vT4/ZiK9dy1oW3nexNG+Rwk/sPiwrmgH9cCdPad86rAkXyQW5uPgFv8OXn2DN3noit jemzRoNUdJD6ccuNAlgOVXSxuwpKABY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687694479; a=rsa-sha256; cv=none; b=6HA+g9kJjxEdwx10a9e+rv1E+1HIqmEXEFMfV4agdwsog5Arb4rN9wk+SydqtUHsHZHUfY kkRlc9dY4uESg5rT4v4PlwXx2i7s2WJVwrhzLvB04NuO09U2v1wGBxawZEXMHaZJKeB2rV F5nH1Ah81j035c3tgpJ31qsL5wWdzYo= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=none; spf=none (imf17.hostedemail.com: domain of gongruiqi@huaweicloud.com has no SPF policy when checking 45.249.212.51) smtp.mailfrom=gongruiqi@huaweicloud.com; dmarc=none Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout11.his.huawei.com (SkyGuard) with ESMTP id 4QpqLt0kghz4f4Gf4 for ; Sun, 25 Jun 2023 20:01:10 +0800 (CST) Received: from [10.67.110.48] (unknown [10.67.110.48]) by APP1 (Coremail) with SMTP id cCh0CgCX8BqDLJhkkwNMLw--.23764S2; Sun, 25 Jun 2023 20:01:09 +0800 (CST) Message-ID: <5c222541-4add-2ca6-90a1-faf11e0b5319@huaweicloud.com> Date: Sun, 25 Jun 2023 20:01:07 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v3 1/1] Randomized slab caches for kmalloc() Content-Language: en-US To: Kees Cook , Vlastimil Babka Cc: Andrew Morton , Joonsoo Kim , David Rientjes , Pekka Enberg , Christoph Lameter , Tejun Heo , Dennis Zhou , Alexander Potapenko , Marco Elver , Jann Horn , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Dmitry Vyukov , Alexander Lobakin , Pedro Falcato , Paul Moore , James Morris , "Serge E . Hallyn" , Wang Weiyang , Xiu Jianfeng , linux-mm@kvack.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, gongruiqi1@huawei.com References: <20230616111843.3677378-1-gongruiqi@huaweicloud.com> <20230616111843.3677378-2-gongruiqi@huaweicloud.com> <3fdc76f0-6c45-c405-0024-d1d69b5bf068@suse.cz> <202306221307.6CF63BAC20@keescook> From: "GONG, Ruiqi" In-Reply-To: <202306221307.6CF63BAC20@keescook> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-CM-TRANSID:cCh0CgCX8BqDLJhkkwNMLw--.23764S2 X-Coremail-Antispam: 1UD129KBjvJXoW7Ary7tw18Jw1UZw48uFyrXrb_yoW5JFyDpF W3J3W7trs5Jr45Cwn2va1Iqw1Fv3s5tF45Xw1fu345uwn8Ja4IgryDKr4Iqa4kArn3uw10 qF4j9F97Z3ZIv3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvab4IE77IF4wAFF20E14v26ryj6rWUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x 0267AKxVW0oVCq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG 6I80ewAv7VC0I7IYx2IY67AKxVWUJVWUGwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFV Cjc4AY6r1j6r4UM4x0Y48IcVAKI48JM4IIrI8v6xkF7I0E8cxan2IY04v7Mxk0xIA0c2IE e2xFo4CEbIxvr21l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxV Aqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r4a 6rW5MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6x kF7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWrJr0_WFyUJwCI42IY6I8E87Iv 67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyT uYvjxUFDGOUUUUU X-CM-SenderInfo: pjrqw2pxltxq5kxd4v5lfo033gof0z/ X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: B655540027 X-Rspam-User: X-Stat-Signature: 3yyti6wdtyp1wxi38nr1o1wjdu5z43s5 X-Rspamd-Server: rspam03 X-HE-Tag: 1687694478-309928 X-HE-Meta: U2FsdGVkX18RdIqA8IL4K0SK2m1ezhR1aPwgTjy0SZ2bOQ0MBSOuC9ZlGYFO36iRqeGeBekR/zhd55DjseyPeN5I19tKczW5adf25+pt6uugs7OIB/7x6ZZfQ79iRsxMQkNLhrzPhWmIhNJdpx/QeWVpHlPT/pZwL8KA6+z8I/u9UurC303bOhEm1BGjB4etmk9DcFkxDb1U7ehGRU/rFHQxlfL2GsTMlPnTaVHRCbQCE1U7Z2IPA+8VNTeTnjIPBN7Y7pvCifPsQy1AJheMtkieWtBrnGfcshHEygOPWYG83IR6yjn8d/XSTOlrmDqwnexh0GbcCGH834Ks/7WkHCKIV3BUn4V1BZA6Hib0P3Ylo1uNxjMu2V1VsCtVdXjK2oCiPSOMz0Pj/7sbFrROBZ5dkkxTVUxQnzsEeWZGPohpdWodVT5/pdTrPGY7V6S4yx9T7E6Pw8ofjjN6dB1XjzcgZxryr+V9aw2ws2rulWwf+FnVs7moxEfTon74hR1/BUv5EsfowCjVhs1CAPwrYgY1CV96+R0Xz4YMG1t9nIUMNYo75S6/ow9ywFmXkk+OLF/Ix6dRvyC10ikdoFIJKqTsBHH5N/GdIS5ZGE+qTr1+mT5DCdvL/VnED1OzgP3ssHfComyvcNOi7g8gr2v1tVwjLZQ8C9wmSR4qXV8dMRDQn8RYSofltfMINXNDut3rzypHyF/T91bhNJhqHa8huVZ0d3o/kODeuqSVdF7rpVzYL2LThpRliGM6BWdvA1m2nNlqWLh8L1SWHJnq5HHm6WBInHAs65lApCmhN4V5DRpSOrLy+uPfdzDsBHH95u89Tyvw1BpNcfssjsfcNWwHA/6XhKHWtFeot9uPcLuv8lwsNRdlO1zZWixVHts2+iJgL0fGEqNeJFNPmoksFqEQ00DlAinsrKZsCGvzJGcY+tfRzJjPUnPEKD+1sdLDoLbmb6+NjQ9fwp+odDToVTq qqsjU4Xs oRPplhGUcnwnN0tGZ6agxHss7Ew9uGN9Qe+qytHKeOl5zgU57TjHYSzvj2sl+X9+u3RNwiVbcNNEoypGQeGfjWzexoPgkogf3bVLQwlufqqPGzxeJ8ILu4Hbv7J4n4DhYm3pA5x7QFyMoS+6H9dy4Tp9ZWpYnUxO1NsX1vRrOfHM4lZjid6VHAmgev9lAWZeUfP05qdkL4fxDyBc13qAICKm3cUnR3uR043CqOeRRQCINq+ntJ2vOqESPDZ9NCBqFgl4N7JuyHR+64IUOvBT1a/wQXMUS7hrD0X9NBkJAnoMskB07f4s2+bAAjA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2023/06/23 4:10, Kees Cook wrote: > On Thu, Jun 22, 2023 at 03:56:04PM +0200, Vlastimil Babka wrote: >> On 6/16/23 13:18, GONG, Ruiqi wrote: >>> index a3c95338cd3a..6150e9a946a7 100644 >>> --- a/mm/Kconfig >>> +++ b/mm/Kconfig >>> @@ -337,6 +337,55 @@ config SLUB_CPU_PARTIAL >>> which requires the taking of locks that may cause latency spikes. >>> Typically one would choose no for a realtime system. >>> >>> +config RANDOM_KMALLOC_CACHES >>> + default n >>> + depends on SLUB >>> + bool "Random slab caches for normal kmalloc" >>> + help >>> + A hardening feature that creates multiple copies of slab caches for >>> + normal kmalloc allocation and makes kmalloc randomly pick one based >>> + on code address, which makes the attackers unable to spray vulnerable >>> + memory objects on the heap for exploiting memory vulnerabilities. >>> + >>> +choice >>> + prompt "Number of random slab caches copies" >>> + depends on RANDOM_KMALLOC_CACHES >>> + default RANDOM_KMALLOC_CACHES_16 >>> + help >>> + The number of copies of random slab caches. Bigger value makes the >>> + potentially vulnerable memory object less likely to collide with >>> + objects allocated from other subsystems or modules. >> >> When I read this, without further knowledge, why would I select anything >> else than the largest value? It should mention memory overhead maybe? > > Yeah, good idea. > No problem. Will add some text about memory overhead into the help paragraph of RANDOM_KMALLOC_CACHES. >> Also would anyone really select only "2" and thus limit the collision >> probability to 50% and not less? "4" also seems quite low for the given >> purpose? Could we just pick and hardcode 8 or 16 and avoid the selection, at >> least until there's some more experience with the whole approach? > > I assume it was for doing performance (speed or space) analysis for > people interested in tuning it. The default is 16, which is what most > folks will end up with. i.e. I'm not sure I see a benefit to dropping 2 > and 4, since I imagine people will either want the highest value (16), > or the ability to do a full comparison of each setting. > > Regardless, I would be fine if we dropped 2 and 4, since I am focused on > the maximum number (16) of hash buckets. :) > It's true that 2 and 4 don't make much sense from the hardening perspective, and I added them only to cover all possible choices. And since the overhead difference between 8 and 16 is small, I will hardcode 16 and drop all other options in the next version. > -Kees >