| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Jun 2023 13:10:00 -0700
From: Kees Cook <keescook@...omium.org>
To: Vlastimil Babka <vbabka@...e.cz>
Cc: "GONG, Ruiqi" <gongruiqi@...weicloud.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
David Rientjes <rientjes@...gle.com>,
Pekka Enberg <penberg@...nel.org>,
Christoph Lameter <cl@...ux.com>, Tejun Heo <tj@...nel.org>,
Dennis Zhou <dennis@...nel.org>,
Alexander Potapenko <glider@...gle.com>,
Marco Elver <elver@...gle.com>, Jann Horn <jannh@...gle.com>,
Roman Gushchin <roman.gushchin@...ux.dev>,
Hyeonggon Yoo <42.hyeyoo@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Alexander Lobakin <aleksander.lobakin@...el.com>,
Pedro Falcato <pedro.falcato@...il.com>,
Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>,
"Serge E . Hallyn" <serge@...lyn.com>,
Wang Weiyang <wangweiyang2@...wei.com>,
Xiu Jianfeng <xiujianfeng@...wei.com>, linux-mm@...ck.org,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org,
gongruiqi1@...wei.com
Subject: Re: [PATCH v3 1/1] Randomized slab caches for kmalloc()
On Thu, Jun 22, 2023 at 03:56:04PM +0200, Vlastimil Babka wrote:
> On 6/16/23 13:18, GONG, Ruiqi wrote:
> > index a3c95338cd3a..6150e9a946a7 100644
> > --- a/mm/Kconfig
> > +++ b/mm/Kconfig
> > @@ -337,6 +337,55 @@ config SLUB_CPU_PARTIAL
> > which requires the taking of locks that may cause latency spikes.
> > Typically one would choose no for a realtime system.
> >
> > +config RANDOM_KMALLOC_CACHES
> > + default n
> > + depends on SLUB
> > + bool "Random slab caches for normal kmalloc"
> > + help
> > + A hardening feature that creates multiple copies of slab caches for
> > + normal kmalloc allocation and makes kmalloc randomly pick one based
> > + on code address, which makes the attackers unable to spray vulnerable
> > + memory objects on the heap for exploiting memory vulnerabilities.
> > +
> > +choice
> > + prompt "Number of random slab caches copies"
> > + depends on RANDOM_KMALLOC_CACHES
> > + default RANDOM_KMALLOC_CACHES_16
> > + help
> > + The number of copies of random slab caches. Bigger value makes the
> > + potentially vulnerable memory object less likely to collide with
> > + objects allocated from other subsystems or modules.
>
> When I read this, without further knowledge, why would I select anything
> else than the largest value? It should mention memory overhead maybe?
Yeah, good idea.
> Also would anyone really select only "2" and thus limit the collision
> probability to 50% and not less? "4" also seems quite low for the given
> purpose? Could we just pick and hardcode 8 or 16 and avoid the selection, at
> least until there's some more experience with the whole approach?
I assume it was for doing performance (speed or space) analysis for
people interested in tuning it. The default is 16, which is what most
folks will end up with. i.e. I'm not sure I see a benefit to dropping 2
and 4, since I imagine people will either want the highest value (16),
or the ability to do a full comparison of each setting.
Regardless, I would be fine if we dropped 2 and 4, since I am focused on
the maximum number (16) of hash buckets. :)
-Kees
--
Kees Cook
Powered by blists - more mailing lists