Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <202008061052.DA6F3AA2@keescook>
Date: Thu, 6 Aug 2020 12:27:50 -0700
From: Kees Cook <keescook@...omium.org>
To: Ingo Molnar <mingo@...nel.org>
Cc: Kristen Carlson Accardi <kristen@...ux.intel.com>, tglx@...utronix.de,
	mingo@...hat.com, bp@...en8.de, arjan@...ux.intel.com,
	x86@...nel.org, linux-kernel@...r.kernel.org,
	kernel-hardening@...ts.openwall.com, rick.p.edgecombe@...el.com
Subject: Re: [PATCH v4 00/10] Function Granular KASLR

On Thu, Aug 06, 2020 at 05:32:58PM +0200, Ingo Molnar wrote:
> * Kristen Carlson Accardi <kristen@...ux.intel.com> wrote:
> > [...]
> > Performance Impact
> > ------------------
> 
> > * Run time
> > The performance impact at run-time of function reordering varies by workload.
> > Using kcbench, a kernel compilation benchmark, the performance of a kernel
> > build with finer grained KASLR was about 1% slower than a kernel with standard
> > KASLR. Analysis with perf showed a slightly higher percentage of 
> > L1-icache-load-misses. Other workloads were examined as well, with varied
> > results. Some workloads performed significantly worse under FGKASLR, while
> > others stayed the same or were mysteriously better. In general, it will
> > depend on the code flow whether or not finer grained KASLR will impact
> > your workload, and how the underlying code was designed. Because the layout
> > changes per boot, each time a system is rebooted the performance of a workload
> > may change.
> 
> I'd guess that the biggest performance impact comes from tearing apart 
> 'groups' of functions that particular workloads are using.
> 
> In that sense it might be worthwile to add a '__kaslr_group' function 
> tag to key functions, which would keep certain performance critical 
> functions next to each other.

We kind of already do this manually for things like the scheduler, etc,
using macros like ".whatever.text", so we might be able to create a more
generalized approach for those. Right now they require a "section" macro
usage and a linker script __start* and __end* marker, etc:

#define SCHED_TEXT						\
                ALIGN_FUNCTION();				\
                __sched_text_start = .;				\
                *(.sched.text)					\
                __sched_text_end = .;

Manually collected each whatever_TEXT define and building out each
__whatever_start, etc is annoying. It'd be really cool to have linker
script have wildcard replacements for build a syntax like this, based
on the presences of matching input sections:

	.%.text : {
		__%_start = .;
		*(.%.text.hot)
		*(.%.text)
		*(.%.text.*)
		*(.%.text.unlikely)
		__%_end = .;
		}

> I'd also suggest allowing the passing in of a boot-time pseudo-random 
> generator seed number, which would allow the creation of a 
> pseudo-randomized but repeatable layout across reboots.

This was present in earlier versions of the series.

-- 
Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.