From: "Rafael J. Wysocki" <rafael@kernel.org>
To: Kees Cook <kees@kernel.org>
Cc: "Harry (Hyeonggon) Yoo" <42.hyeyoo@gmail.com>,
Huacai Chen <chenhuacai@kernel.org>,
Huacai Chen <chenhuacai@loongson.cn>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, "Rafael J . Wysocki" <rafael@kernel.org>,
Pavel Machek <pavel@kernel.org>,
linux-pm@vger.kernel.org, GONG Ruiqi <gongruiqi@huaweicloud.com>,
Xiu Jianfeng <xiujianfeng@huawei.com>,
stable@vger.kernel.org, Yuli Wang <wangyuli@uniontech.com>,
Vlastimil Babka <vbabka@suse.cz>,
Christoph Lameter <cl@linux.com>,
David Rientjes <rientjes@google.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
Pekka Enberg <penberg@kernel.org>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
GONG Ruiqi <gongruiqi1@huawei.com>
Subject: Re: How does swsusp work with randomization features? (was: mm/slab: Initialise random_kmalloc_seed after initcalls)
Date: Wed, 19 Feb 2025 19:09:37 +0100 [thread overview]
Message-ID: <CAJZ5v0hZZdRPwp=OgPw4w8r9X=VbL6Hn6R4ZX6ZujNhBmMV3_A@mail.gmail.com> (raw)
In-Reply-To: <202502190921.6E26F49@keescook>
On Wed, Feb 19, 2025 at 6:25 PM Kees Cook <kees@kernel.org> wrote:
>
> On Fri, Feb 14, 2025 at 09:44:59PM +0900, Harry (Hyeonggon) Yoo wrote:
> > On Fri, Feb 14, 2025 at 06:02:52PM +0800, Huacai Chen wrote:
> > > On Fri, Feb 14, 2025 at 5:33 PM Harry (Hyeonggon) Yoo
> > > <42.hyeyoo@gmail.com> wrote:
> > > >
> > > > On Thu, Feb 13, 2025 at 11:20:22AM +0800, Huacai Chen wrote:
> > > > > Hi, Harry,
> > > > >
> > > > > On Wed, Feb 12, 2025 at 11:39 PM Harry (Hyeonggon) Yoo
> > > > > <42.hyeyoo@gmail.com> wrote:
> > > > > > On Wed, Feb 12, 2025 at 11:17 PM Huacai Chen <chenhuacai@loongson.cn> wrote:
> > > > > > >
> > > > > > > Hibernation assumes the memory layout after resume be the same as that
> > > > > > > before sleep, but CONFIG_RANDOM_KMALLOC_CACHES breaks this assumption.
> > > > > >
> > > > > > Could you please elaborate what do you mean by
> > > > > > hibernation assumes 'the memory layout' after resume be the same as that
> > > > > > before sleep?
> > > > > >
> > > > > > I don't understand how updating random_kmalloc_seed breaks resuming from
> > > > > > hibernation. Changing random_kmalloc_seed affects which kmalloc caches
> > > > > > newly allocated objects are from, but it should not affect the objects that are
> > > > > > already allocated (before hibernation).
> > > > >
> > > > > When resuming, the booting kernel should switch to the target kernel,
> > > > > if the address of switch code (from the booting kernel) is the
> > > > > effective data of the target kernel, then the switch code may be
> > > > > overwritten.
> > > >
> > > > Hmm... I'm still missing some pieces.
> > > > How is the kernel binary overwritten when slab allocations are randomized?
> > > >
> > > > Also, I'm not sure if it's even safe to assume that the memory layout is the
> > > > same across boots. But I'm not an expert on swsusp anyway...
> > > >
> > > > It'd be really helpful for linux-pm folks to clarify 1) what are the
> > > > (architecture-independent) assumptions are for swsusp to work, and
> > > > 2) how architectures dealt with other randomization features like kASLR...
> > >
> >
> > [+Cc few more people that worked on slab hardening]
> >
> > > I'm sorry to confuse you. Binary overwriting is indeed caused by
> > > kASLR, so at least on LoongArch we should disable kASLR for
> > > hibernation.
> >
> > Understood.
> >
> > > Random kmalloc is another story, on LoongArch it breaks smpboot when
> > > resuming, the details are:
> > > 1, LoongArch uses kmalloc() family to allocate idle_task's
> > > stack/thread_info and other data structures.
> > > 2, If random kmalloc is enabled, idle_task's stack in the booting
> > > kernel may be other things in the target kernel.
> >
> > Slab hardening features try so hard to prevent such predictability.
> > For example, SLAB_FREELIST_RANDOM could also randomize the address
> > kmalloc objects are allocated at.
> >
> > Rather than hacking CONFIG_RANDOM_KMALLOC_CACHES like this, we could
> > have a single option to disable slab hardening features that makes
> > the address unpredictable.
> >
> > It'd be nice to have something like ARCH_SUPPORTS_SLAB_RANDOM which
> > some hardening features depend on. And then let some arches conditionally
> > not select ARCH_SUPPORTS_SLAB_RANDOM if hibernation's enabled
> > (at cost of less hardening)?
>
> I find this whole thread confusing. :) Hibernation should already do
> whatever it need to to get out of the way of the kernel it is restoring
> to memory. The random locations shouldn't matter at all: they're all
> stored in the image. I am not a hibernation expert, but my understanding
> is that the "resume" kernel moves itself out of the way to restore the
> KASLR-ed hibernation image and puts everything back exactly as it was.
> Randomization should not matter at all: it's just simply "put everything
> back where it was".
Exactly.
> Yes, the tricky part is the "move itself out of the way", but that's
> required for any kernel that support being relocatable (a prerequisite
> for KASLR), and KASLR is just an aggressive form of "the relocatable
> kernel might be anywhere" beyond just different boot loaders putting it
> in a handful of different potential offsets.
Right.
Thanks!
next prev parent reply other threads:[~2025-02-19 18:09 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-12 14:16 [PATCH] mm/slab: Initialise random_kmalloc_seed after initcalls Huacai Chen
2025-02-12 15:39 ` Harry (Hyeonggon) Yoo
2025-02-13 3:20 ` Huacai Chen
2025-02-14 9:33 ` How does swsusp work with randomization features? (was: mm/slab: Initialise random_kmalloc_seed after initcalls) Harry (Hyeonggon) Yoo
2025-02-14 10:02 ` Huacai Chen
2025-02-14 12:44 ` Harry (Hyeonggon) Yoo
2025-02-15 9:53 ` Huacai Chen
2025-02-15 14:05 ` Harry (Hyeonggon) Yoo
2025-02-16 5:08 ` Huacai Chen
2025-02-19 14:10 ` How does swsusp work with randomization features? Vlastimil Babka
2025-02-19 17:25 ` How does swsusp work with randomization features? (was: mm/slab: Initialise random_kmalloc_seed after initcalls) Kees Cook
2025-02-19 18:09 ` Rafael J. Wysocki [this message]
2025-02-25 11:35 ` Huacai Chen
2025-02-25 20:41 ` Kees Cook
2025-02-26 7:31 ` Huacai Chen
2025-02-27 2:50 ` ARM64 crashes when resuming from hibernation (randomization features enabled) Harry Yoo
2025-02-18 9:33 ` [PATCH] mm/slab: Initialise random_kmalloc_seed after initcalls WangYuli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJZ5v0hZZdRPwp=OgPw4w8r9X=VbL6Hn6R4ZX6ZujNhBmMV3_A@mail.gmail.com' \
--to=rafael@kernel.org \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=chenhuacai@kernel.org \
--cc=chenhuacai@loongson.cn \
--cc=cl@linux.com \
--cc=gongruiqi1@huawei.com \
--cc=gongruiqi@huaweicloud.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=kees@kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=pavel@kernel.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=stable@vger.kernel.org \
--cc=vbabka@suse.cz \
--cc=wangyuli@uniontech.com \
--cc=xiujianfeng@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox