From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC102C77B7D for ; Mon, 15 May 2023 08:20:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 344EC28000A; Mon, 15 May 2023 04:20:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2F39B280008; Mon, 15 May 2023 04:20:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1BBA128000A; Mon, 15 May 2023 04:20:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 0A484280008 for ; Mon, 15 May 2023 04:20:11 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C4135AF43F for ; Mon, 15 May 2023 08:20:10 +0000 (UTC) X-FDA: 80791791780.13.69CC07C Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by imf28.hostedemail.com (Postfix) with ESMTP id B2337C0003 for ; Mon, 15 May 2023 08:20:06 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf28.hostedemail.com: domain of gongruiqi1@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=gongruiqi1@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684138808; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1NsOqaCvkMVHyBArQlFng09a1+LaVyICgzskB82sxBU=; b=H8RL9GUgPujh+N/BWMdyySIOfDer3GLxuAtYHc+pkkRDVvtIRhr9FlXScDUm7tBJhNGmmX ucfQ2hWg8tf6ZVNNNv7qjmpI6YC5bnpbf7RB99OLCa5j2CiLcrw8rZ1cS0EXQi1Gev5s8C 58c1RRvwwwk6kHneWHhL2d4TzcOf/8s= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684138808; a=rsa-sha256; cv=none; b=B4cu97vZCckQyElkfzVzxx7hYjBjHj44BLc99TG94ZY8G4q0uygxPypvMPN2fcX6uG8kkr c5KIQP9xNZwkubU4bbAtqu7RakvMF8tRmqbWTPcLrTrZFwkXZhwuqgB5VYeIyzm3J91yrT Bo8JXN/73PvOHfbZ+wD3sBPd5R9b88Q= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf28.hostedemail.com: domain of gongruiqi1@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=gongruiqi1@huawei.com Received: from dggpemm500016.china.huawei.com (unknown [172.30.72.57]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4QKXLN6zGXzsR3y; Mon, 15 May 2023 16:18:04 +0800 (CST) Received: from [10.67.110.48] (10.67.110.48) by dggpemm500016.china.huawei.com (7.185.36.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 15 May 2023 16:20:02 +0800 Message-ID: <6db163dc-e7fc-e304-5007-74db66a3ad1a@huawei.com> Date: Mon, 15 May 2023 16:20:02 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH RFC v2] Randomized slab caches for kmalloc() Content-Language: en-US To: Vlastimil Babka , Hyeonggon Yoo <42.hyeyoo@gmail.com> CC: , , , Alexander Lobakin , , Wang Weiyang , Xiu Jianfeng , Christoph Lameter , David Rientjes , Roman Gushchin , Joonsoo Kim , Andrew Morton , Pekka Enberg , Kees Cook , Paul Moore , James Morris , "Serge E. Hallyn" , "Gustavo A. R. Silva" References: <20230508075507.1720950-1-gongruiqi1@huawei.com> <5f5a858a-7017-5424-0fa0-db3b79e5d95e@huawei.com> From: Gong Ruiqi In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.110.48] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpemm500016.china.huawei.com (7.185.36.25) X-CFilter-Loop: Reflected X-Stat-Signature: 7f118rbzouyr6nixgtjta9zomjxj64wb X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: B2337C0003 X-Rspam-User: X-HE-Tag: 1684138806-89932 X-HE-Meta: U2FsdGVkX1/IkVbmz2vr5Ai8vIUA7uqPqIqExxZCVvW2ZKvait5pNmL0yPAtZI+mfrQIrRupqeot//2swnL7I/2FLBNjPr+WXwhAQbX2u6p/2F0ewenEQtyV0VGIuempC+1pwBHyDbqD4WstdmgDhAV9xqeaJU9AtJJvXO6togJ4ek4g9FxkFiFV1pnPijsFYoQbhiWQ3kWlqnHpbNXUu7vQANGlgmVBLsGVIbhEL9YrmLzw5Qv1bu6RY9kJbuppnVyMHJg1Ge17PMjtL7JbxsHF/cgIoeskzJrGlZ10L/nrkklLwBupK+brdplB3pWHxoFmX0dpu5mLMVdDGdLAIgAocPHciwGyoazKxOgnhTqgAJtW0BXjRH7589j7f6MtJlGSt0iu9bQpZOIyXqPWRgfOIKxW+409nHJL6d+GKF5+y4kgcDoQk8k2Fjd2mhDYaWMcpaspdSLt54RWH9eTcPd3roO35+cc6Ml2gfvEKjuA5CJCECvl/KybUo00C0pcG44xTFSZVLXFij0IFzb0hZwM2AGd22eZCDvjAQqrthA0Ait0Td8rsOGuISfzdgzHDYJlnReAeHUBZpe3A5tqpSK5XufZGEefJ+bOY1FfXFoXSqcTurppg1hnyNpzFujeyJbsUj6g7EzVjikDq3h/u4tr6FUfQKXbkc0coYgh3hp3HPsbyq5tpKmg9CEfumDbqjBIbxHbC2TPUcDi1O3WW4ybAbxnD3sRqEmLrRTxVN120klTXJddRnMULaNSdRfyXk0FG3koiBrqV4UisnB4FmBvRtbeW/ClNj9pT1yNqFeo4x9SqweowbbJG/4In3AySu74ARPF4YoLpjuUOVseNIq8r6IhaeAf+8GivS1JLJ/kc5ctPckMDBbJBPZK6xwiMXjpzKbHUQMckHGbx9xiflaWSYNgH8erFcP8uZkK9nnQw6/g3NWi4JVb9ayVpFHWQ9n4jWBUz79qC63y8yQ MFlWrwn0 dIEcQ7eoKBE9zBK+t46cG45CxTDwN/RXmls6rffBILc4H/vPFz4DWVGvG4N+zEihljFAP47qVAwG6cuz1Ne6+wVv2IrpX5Pab2dQ1OZqOYI68CZeam6Y5Rv3dfGAm1Qm+JK5G5vga9xmI+szOE1Lmp5J9nMGRthXGYYADG+KESI3pIUyinoVNLFKX70xbX3Un5uZPTFY155I9QcSDnP8mSSVPs+1+/6uk3rhuZLntesOSPqs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2023/05/14 17:30, Vlastimil Babka wrote: > On 5/12/23 12:11, Gong Ruiqi wrote: >> >> >> On 2023/05/11 2:43, Hyeonggon Yoo wrote: >>> On Mon, May 8, 2023 at 12:53 AM GONG, Ruiqi wrote: >>>> >> >> [...] >> >>>> >>>> The overhead of performance has been tested on a 40-core x86 server by >>>> comparing the results of `perf bench all` between the kernels with and >>>> without this patch based on the latest linux-next kernel, which shows >>>> minor difference. A subset of benchmarks are listed below: >>>> >>> >>> Please Cc maintainers/reviewers of corresponding subsystem in MAINTAINERS file. >> >> Okay, I've appended maintainers/reviewers of linux-hardening and >> security subsystem to the Cc list. > > I think they were CC'd on v1 but didn't respond yet. I thought maybe if > I run into Kees at OSS, I will ask him about it, but didn't happen. Yeah it would be great if you can contact Kees or other developers of hardening to know their opinions about this, since I'm curious about what they think of this as well. > As a slab maintainer I don't mind adding such things if they don't > complicate the code excessively, and have no overhead when configured > out. This one would seem to be acceptable at first glance, although > maybe the CONFIG space is too wide, and the amount of #defines in > slab_common.c is also large (maybe there's a way to make it more > concise, maybe not). > > But I don't have enough insight into hardening to decide if it's a > useful mitigation that people would enable, so I'd hope for hardening > folks to advise on that. Similar situation with freelist hardening in > the past, which was even actively pushed by Kees, IIRC. For the effectiveness of this mechanism, I would like to provide some results of the experiments I did. I conducted actual defense tests on CVE-2021-22555 and CVE-2016-8655 by reverting fixing patch to recreate exploitable environments, and running the exploits/PoCs on the vulnerable kernel with and without our randomized kmalloc caches patch. With our patch, the originally exploitable environments were not pwned by running the PoCs.