From patchwork Wed Sep 12 22:55:36 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
X-Patchwork-Id: 10598439
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EE48D14F9
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed, 12 Sep 2018 22:55:51 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC72E2AC76
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed, 12 Sep 2018 22:55:51 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D01CA2AC7F; Wed, 12 Sep 2018 22:55:51 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5811F2AC76
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Wed, 12 Sep 2018 22:55:51 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 771688E0001; Wed, 12 Sep 2018 18:55:40 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7105B8E0007; Wed, 12 Sep 2018 18:55:40 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4F3728E0001; Wed, 12 Sep 2018 18:55:40 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com
 [209.85.214.200])
	by kanga.kvack.org (Postfix) with ESMTP id C885E8E0006
	for <linux-mm@kvack.org>; Wed, 12 Sep 2018 18:55:39 -0400 (EDT)
Received: by mail-pl1-f200.google.com with SMTP id e8-v6so1655988plt.4
        for <linux-mm@kvack.org>; Wed, 12 Sep 2018 15:55:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:mime-version:content-transfer-encoding;
        bh=/294g5B4YNbOPxgpKAuqhFXrTBKqwIexcfYtDROElkQ=;
        b=Zd1yu9z3j7mIYrqhdyhDDHOv1i3MltpikHet326ENx0EqKE3m6c4ttqCskqMZrmV3M
         S3DXDQsQ34JOd48J/UF4NZjGlcD2XfVfW/pv9jaBowpS1vs313YO+/JBMEsAkwcWHE/H
         m4tVBlr4UR27/jNh18/yMoLuXKENcVe3IYVkudXylojvhL0S2/v9WqHBnuEtNJyBpsAO
         mBBW/zmsmxSyT0oeiDODxswymUrTm3aqdswKFcYhtwgUCNioqV5vY2kOAwmAQ1Yv73dH
         WNm7BPgmwTEo95Ou6suWpAc7Wzh3s85tHeCDxv94MKNsvvXun0CflxDUspGC2R3RIcah
         NASw==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Gm-Message-State: APzg51AgDbOZ/pUpngI9Tf1eSYo6eZXOkcpFQb1BCBAKhHl3AuaAL31s
	vqPANZROjb3n8ZTTYw/hrXO2PoNFzD1VNRTFxdM0BjcCmMQLqh/FiARr1AlXe+43H8F9fLnj+18
	IYoudMh7mSHts0swhePFbR6ccb4LZtNAzVM+SGjAOK+ZxnKz9pDEDpyCHUlUpEJWgAw==
X-Received: by 2002:a62:848e:: with SMTP id
 k136-v6mr4544103pfd.231.1536792939493;
        Wed, 12 Sep 2018 15:55:39 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vda84VVdsr9DrZX6hvlngSUibC5AIhdw2pfAFsYgaUISMxHelfvwWCLbO9t12YnH56rf1TE4
X-Received: by 2002:a62:848e:: with SMTP id
 k136-v6mr4544057pfd.231.1536792938041;
        Wed, 12 Sep 2018 15:55:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536792938; cv=none;
        d=google.com; s=arc-20160816;
        b=RyDfQYeQrbY5xtdFmNgYFdMtMpypoAeahUkLrXfuWTOBuZdraCRprYgq4j8bxyx39B
         g07i9Ssxt3cb934CJVok0skRCr9hcYkgAQ89cK3XS8r3Z7tIi/s5qqa+wtT69L2Dd3EC
         lSDy/RUBX4hN+RbxBrv7j6miJNzuxfjJiSQZrCYpXHn1HO2p9h99mT5LcGDaE5tlbC4q
         rZ79vxYlrnzI6qMN718HHoFl6jCRH2hCY+kx/b9zpaROHjGsc+DAw43bxkfb9R17uHnW
         mmSQOz/UCqS5/s3Ogq3TcghVJWLtimo/lZS+mvV9N3TqPeJlE6VJ/irj8QAhAzXKCKDx
         C9Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from;
        bh=/294g5B4YNbOPxgpKAuqhFXrTBKqwIexcfYtDROElkQ=;
        b=p4Zo7noACNdkChjBHKFf68mpsi0tx0ZO1ciSti+dECsb7y6YITYn29Ra1CNZmBwF9X
         IeQUjx7zg/lA94GyYzBGRN8aIt6/PZKm2srrNPWhL8QiJW9pWHV3D86c8tz2CvN47I21
         kJYYMr9G+9kttIquhiWbo3xwXMvBNmvUJ73peyf99H1wi0pDXYpU7+031ECQhoamtO2l
         TIhnHZtnm23HZ1SKuzPbK152ASd2WORTixQ1qWkuODl49LyDVV9UQb0SvdP7gC1aXKg8
         +thQk6WRnOE/z14K2mnBHyDeLPL8y+V0uypi/VDIK085EJvMaUE7eskwFFEXZBDUSzhR
         KOHA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from mga03.intel.com (mga03.intel.com. [134.134.136.65])
        by mx.google.com with ESMTPS id
 n5-v6si2470946pgf.529.2018.09.12.15.55.37
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 12 Sep 2018 15:55:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of rick.p.edgecombe@intel.com
 designates 134.134.136.65 as permitted sender) client-ip=134.134.136.65;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of rick.p.edgecombe@intel.com designates
 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 12 Sep 2018 15:55:36 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,366,1531810800";
   d="scan'208";a="69545853"
Received: from rpedgeco-desk5.jf.intel.com ([10.54.75.168])
  by fmsmga007.fm.intel.com with ESMTP; 12 Sep 2018 15:55:21 -0700
From: Rick Edgecombe <rick.p.edgecombe@intel.com>
To: tglx@linutronix.de,
	mingo@redhat.com,
	hpa@zytor.com,
	x86@kernel.org,
	linux-kernel@vger.kernel.org,
	linux-mm@kvack.org,
	kernel-hardening@lists.openwall.com,
	daniel@iogearbox.net,
	jannh@google.com,
	keescook@chromium.org,
	alexei.starovoitov@gmail.com
Cc: kristen@linux.intel.com,
	dave.hansen@intel.com,
	arjan@linux.intel.com,
	Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [PATCH v5 0/4] KASLR feature to randomize each loadable module
Date: Wed, 12 Sep 2018 15:55:36 -0700
Message-Id: <1536792940-8294-1-git-send-email-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Hi,

This is V5 of the "KASLR feature to randomize each loadable module" patchset.
The purpose is to increase the randomization and also to make the modules
randomized in relation to each other instead of just the base, so that if one
module leaks the location of the others can't be inferred.

V5 is the addition of a module_alloc micro benchmarking module. It can be used
to see the performance and module area capacity differences between module_alloc
algorithms. Because of the dataset of the module text section sizes is very
large, I replaced it with a heuristic that generates module sizes that roughly
approximate the real X86_64 modules. As a result the benchmarks are slightly
different. If there is any interest in the real dataset I am happy to send it
out.

Changes for V5:
 - Add module_alloc test module

Changes for V4:
 - Fix issue caused by KASAN, kmemleak being provided different allocation
   lengths (padding).
 - Avoid kmalloc until sure its needed in __vmalloc_node_try_addr.
 - Fixed issues reported by 0-day.

Changes for V3:
 - Code cleanup based on internal feedback. (thanks to Dave Hansen and Andriy
   Shevchenko)
 - Slight refactor of existing algorithm to more cleanly live along side new
   one.
 - BPF synthetic benchmark

Changes for V2:
 - New implementation of __vmalloc_node_try_addr based on the
   __vmalloc_node_range implementation, that only flushes TLB when needed.
 - Modified module loading algorithm to try to reduce the TLB flushes further.
 - Increase "random area" tries in order to increase the number of modules that
   can get high randomness.
 - Increase "random area" size to 2/3 of module area in order to increase the
  number of modules that can get high randomness.
 - Fix for 0day failures on other architectures.
 - Fix for wrong debugfs permissions. (thanks to Jann Horn)
 - Spelling fix. (thanks to Jann Horn)
 - Data on module_alloc performance and TLB flushes. (brought up by Kees Cook
   and Jann Horn)
 - Data on memory usage. (suggested by Jann)


Rick Edgecombe (4):
  vmalloc: Add __vmalloc_node_try_addr function
  x86/modules: Increase randomization for modules
  vmalloc: Add debugfs modfraginfo
  Kselftest for module text allocation benchmarking

 arch/x86/include/asm/pgtable_64_types.h       |   7 +
 arch/x86/kernel/module.c                      | 165 ++++++++--
 include/linux/vmalloc.h                       |   3 +
 lib/Kconfig.debug                             |  10 +
 lib/Makefile                                  |   1 +
 lib/test_mod_alloc.c                          | 446 ++++++++++++++++++++++++++
 mm/vmalloc.c                                  | 279 +++++++++++++++-
 tools/testing/selftests/bpf/test_mod_alloc.sh |  29 ++
 8 files changed, 915 insertions(+), 25 deletions(-)
 create mode 100644 lib/test_mod_alloc.c
 create mode 100755 tools/testing/selftests/bpf/test_mod_alloc.sh