Re: [PATCH v6 1/3] x86/mm: PUD VA support for physical mapping (x86_64)

On Fri, Jun 17, 2016 at 2:02 AM, Ingo Molnar wrote: > > * Kees Cook wrote: > >> From: Thomas Garnier >> >> Minor change that allows early boot physical mapping of PUD level virtual >> addresses. The current implementation expects the virtual address to be

Re: [PATCH v6 2/3] x86/mm: Implement ASLR for kernel memory sections (x86_64)

On Fri, Jun 17, 2016 at 3:26 AM, Ingo Molnar wrote: > > * Kees Cook wrote: > >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -1993,6 +1993,23 @@ config PHYSICAL_ALIGN >> >> Don't change this unless you know what you are doing. >> >> +config RANDOMIZE_MEMORY >> + bool "Random

[PATCH] x86/mm: Enable KASLR for vmemmap memory region (x86_64)

Add vmemmap in the list of randomized memory regions. The vmemmap region holds a representation of the physical memory (through a struct page array). An attacker could use this region to disclose the kernel memory layout (walking the page linked list). Signed-off-by: Thomas Garnier Signed-off

[PATCH v1 0/2] x86/power/64: Make KASLR memory randomization compatible with hibernation

***Background: KASLR memory randomization for x86_64 was added when KASLR did not support hibernation. Now that it does, some changes are needed. ***Problems that needed solving: Hibernation was failing on reboot with a GP fault when CONFIG_RANDOMIZE_MEMORY was enabled. Two issues were identifie

[PATCH v1 2/2] x86/power/64: Fix __PAGE_OFFSET usage on restore

When KASLR memory randomization is used, __PAGE_OFFSET is a global variable changed during boot. The assembly code was using the variable as an immediate value to calculate the cr3 physical address. The physical address was incorrect resulting to a GP fault. Signed-off-by: Thomas Garnier

[PATCH v1 1/2] x86/power/64: Support unaligned addresses for temporary mapping

Correctly setup the temporary mapping for hibernation. Previous implementation assumed the address was aligned on the PGD level. With KASLR memory randomization enabled, the address is randomized on the PUD level. This change supports unaligned address up to PMD. Signed-off-by: Thomas Garnier

Re: [PATCH] x86/mm: Enable KASLR for vmemmap memory region (x86_64)

On Wed, Jul 27, 2016 at 8:59 AM, Thomas Garnier wrote: > Add vmemmap in the list of randomized memory regions. > > The vmemmap region holds a representation of the physical memory (through > a struct page array). An attacker could use this region to disclose the > kernel memory

Re: [PATCH v1] kdump, vmcoreinfo: report memory sections virtual addresses

ALUE); >> > #ifdef CONFIG_X86 >> > VMCOREINFO_NUMBER(KERNEL_IMAGE_SIZE); >> > + VMCOREINFO_NUMBER(PAGE_OFFSET); >> > + VMCOREINFO_NUMBER(VMALLOC_START); >> > + VMCOREINFO_NUMBER(VMEMMAP_START); >> > #endif >> > #ifdef CONFI

Re: [PATCH] x86/power/64: Do not refer to __PAGE_OFFSET from assembly code

f that variable is ready to be >> > written into CR3. Then, the assembly code doesn't have to worry >> > about converting that value into a physical address and things work >> > regardless of whether or not CONFIG_RANDOMIZE_MEMORY is set. >> > >> >

Re: [Resend][PATCH] x86/power/64: Always create temporary identity mapping correctly

t; result (leading to a kernel panic most of the time). >>> >>> To fix this problem, rework kernel_ident_mapping_init() to support >>> unaligned offsets between KVA and PA up to the PMD level and make >>> set_up_temporary_mappings() use it as approprtiate. >

[PATCH v1 1/2] x86/KASLR: Fix physical memory calculation on KASLR memory randomization

Initialize KASLR memory randomization after max_pfn is initialized. Also ensure the size is rounded up. Could have create problems on machines with more than 1Tb of memory on certain random addresses. Signed-off-by: Thomas Garnier --- Based on next-20160805 --- arch/x86/kernel/setup.c | 4

[PATCH v1 2/2] x86/KASLR: Increase BRK pages for KASLR memory randomization

while doing extensive testing of KASLR memory randomization on different type of hardware. Signed-off-by: Thomas Garnier --- Based on next-20160805 --- arch/x86/mm/init.c | 8 1 file changed, 8 insertions(+) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 6209289..3a27e6a 100644

Re: [PATCH v10 2/3] arm/syscalls: Check address limit on user-mode return

On Tue, Jun 20, 2017 at 1:18 PM, Kees Cook wrote: > On Wed, Jun 14, 2017 at 6:12 PM, Thomas Garnier wrote: >> Ensure the address limit is a user-mode segment before returning to >> user-mode. Otherwise a process can corrupt kernel-mode memory and >> elevate privileges

Re: [PATCH v10 3/3] arm64/syscalls: Check address limit on user-mode return

On Wed, Jun 21, 2017 at 1:16 AM, Catalin Marinas wrote: > On Wed, Jun 14, 2017 at 06:12:03PM -0700, Thomas Garnier wrote: >> Ensure the address limit is a user-mode segment before returning to >> user-mode. Otherwise a process can corrupt kernel-mode memory and >>

Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode

On Tue, May 9, 2017 at 7:29 AM, Thomas Garnier wrote: > > On Tue, May 9, 2017 at 4:10 AM, Greg KH wrote: > > On Tue, May 09, 2017 at 08:56:19AM +0200, Ingo Molnar wrote: > >> > >> * Kees Cook wrote: > >> > >> > > There's the

Re: [kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode

On Thu, May 11, 2017 at 11:58 PM, Ingo Molnar wrote: > > * Linus Torvalds wrote: > >> On Thu, May 11, 2017 at 4:17 PM, Thomas Garnier wrote: >> > >> > Ingo: Do you want the change as-is? Would you like it to be optional? >> > What do you think? >&

[PATCH v5 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/a

[PATCH v5 10/27] x86/boot/64: Adapt assembly for PIE support

. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/head_64.S | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch

[PATCH v5 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked-by: Rafael J

[PATCH v5 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/entry/entry_64.S

[PATCH v5 12/27] x86/paravirt: Adapt assembly for PIE support

if PIE is enabled, switch the paravirt assembly constraints to be compatible. The %c/i constrains generate smaller code so is kept by default. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier

[PATCH v5 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled

ition Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/Makefile | 6 ++ arch/x86/kernel/head64.c | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kernel/Makefile b/arch/x86/k

[PATCH v5 15/27] compiler: Option to default to hidden symbols

/end of sections). In this case, older versions of GCC will remove the comparison if the symbols are hidden. This issue exists at least on gcc 4.9 and before. Signed-off-by: Thomas Garnier --- arch/x86/boot/boot.h | 2 +- arch/x86/include/asm/setup.h | 2 +- arch/x86

[PATCH v5 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols

Provide an option to have a PROVIDE_HIDDEN (linker script) entry for each weak symbol. This option solves an error in x86_64 where the linker optimizes PIE generated code to be non-PIE because --emit-relocs was used instead of -pie (to reduce dynamic relocations). Signed-off-by: Thomas Garnier

[PATCH v5 19/27] kvm: Adapt assembly for PIE support

randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/kvm_host.h | 8 ++-- arch/x86/kernel/kvm.c | 6 -- arch/x86/kvm/svm.c | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v5 20/27] x86: Support global stack cookie

and the global variable stack cookie is used. If a specific stack mode was selected (regular or strong) and the compiler does not support selecting the segment register, an error is emitted. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 12 arch/x86

[PATCH v5 25/27] x86/pie: Add option to build the kernel as PIE

-0.1%) - PIE enabled: average -0.4% to +0.4%. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82303 Signed-off-by: Thomas Garnier merge pie --- arch/x86/Kconfig | 8 arch/x86/Makefile | 45 - 2 files changed, 52 insertions(+), 1 deletion

[PATCH v5 26/27] x86/relocs: Add option to generate 64-bit relocations

top 2G and 32-bit integers are not enough. Signed-off-by: Thomas Garnier --- arch/x86/tools/relocs.c| 60 +++--- arch/x86/tools/relocs.h| 4 +-- arch/x86/tools/relocs_common.c | 15 ++--- 3 files changed, 60 insertions(+), 19 deletions(-) diff

[PATCH v5 21/27] x86/ftrace: Adapt function tracing for PIE support

-bytes as before. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/ftrace.c | 51 +- scripts/recordmcount.c | 79 +++- 2

[PATCH v5 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 21 + arch/x86/boot/compressed/Makefile| 5 + arch/x86/boot

[PATCH v5 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- include

[PATCH v5 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exists in the kernel GOT. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86

[PATCH v5 17/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL. Signed-off-by: Thomas Garnier --- arch/x86/tools

[PATCH v5 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek Acked-by: Rafael J

[PATCH v5 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/pm-trace.h | 2

[PATCH v5 08/27] x86/CPU: Adapt assembly for PIE support

ff8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/processor.h | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index cfd29ee8c3da..25b5842a4646 100644 --- a/arch/x86/include/asm/process

[PATCH v5 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/relocate_kernel_64.S

[PATCH v5 02/27] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v5 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

Re: [PATCH v5 23/27] x86/modules: Adapt module loading for PIE support

On Mon, Jun 25, 2018 at 4:51 PM Randy Dunlap wrote: > > On 06/25/18 15:39, Thomas Garnier wrote: > > Adapt module loading to support PIE relocations. Generate dynamic GOT if > > a symbol requires it but no entry exists in the kernel GOT. > > Hi, > > This patch desc

[PATCH v4 09/27] x86/acpi: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek --- arch/x86

[PATCH v4 06/27] x86/entry/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/entry/entry_64.S

[PATCH v4 16/27] compiler: Option to add PROVIDE_HIDDEN replacement for weak symbols

Provide an option to have a PROVIDE_HIDDEN (linker script) entry for each weak symbol. This option solves an error in x86_64 where the linker optimizes PIE generated code to be non-PIE because --emit-relocs was used instead of -pie (to reduce dynamic relocations). Signed-off-by: Thomas Garnier

[PATCH v4 15/27] compiler: Option to default to hidden symbols

/end of sections). In this case, older versions of GCC will remove the comparison if the symbols are hidden. This issue exists at least on gcc 4.9 and before. Signed-off-by: Thomas Garnier --- arch/x86/boot/boot.h | 2 +- arch/x86/include/asm/setup.h | 2 +- arch/x86

[PATCH v4 14/27] x86/percpu: Adapt percpu for PIE support

Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/entry/calling.h | 2 +- arch/x86/entry/entry_64.S| 4 ++-- arch/x86/include/asm/percpu.h| 25 +++-- arch/x86/include/asm

[PATCH v4 25/27] x86/pie: Add option to build the kernel as PIE

-0.1%) - PIE enabled: average -0.4% to +0.4%. [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82303 Signed-off-by: Thomas Garnier merge pie --- arch/x86/Kconfig | 8 arch/x86/Makefile | 45 - 2 files changed, 52 insertions(+), 1 deletion

[PATCH v4 27/27] x86/kaslr: Add option to extend KASLR range from 1GB to 3GB

three PUD pages. The relocation table uses 64-bit integers generated with the updated relocation tool with the large-reloc option. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 21 + arch/x86/boot/compressed/Makefile| 5 + arch/x86/boot

[PATCH v4 19/27] kvm: Adapt assembly for PIE support

randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/kvm_host.h | 8 ++-- arch/x86/kernel/kvm.c | 6 -- arch/x86/kvm/svm.c | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b

[PATCH v4 26/27] x86/relocs: Add option to generate 64-bit relocations

top 2G and 32-bit integers are not enough. Signed-off-by: Thomas Garnier --- arch/x86/tools/relocs.c| 60 +++--- arch/x86/tools/relocs.h| 4 +-- arch/x86/tools/relocs_common.c | 15 ++--- 3 files changed, 60 insertions(+), 19 deletions(-) diff

[PATCH v4 24/27] x86/mm: Make the x86 GOT read-only

The GOT is changed during early boot when relocations are applied. Make it read-only directly. This table exists only for PIE binary. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- include

[PATCH v4 20/27] x86: Support global stack cookie

and the global variable stack cookie is used. If a specific stack mode was selected (regular or strong) and the compiler does not support selecting the segment register, an error is emitted. Signed-off-by: Thomas Garnier --- arch/x86/Kconfig | 12 arch/x86

[PATCH v4 23/27] x86/modules: Adapt module loading for PIE support

Adapt module loading to support PIE relocations. Generate dynamic GOT if a symbol requires it but no entry exists in the kernel GOT. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86

[PATCH v4 22/27] x86/modules: Add option to start module section after kernel

randomization range. Signed-off-by: Thomas Garnier --- Documentation/x86/x86_64/mm.txt | 3 +++ arch/x86/Kconfig| 4 arch/x86/include/asm/pgtable_64_types.h | 6 ++ arch/x86/kernel/head64.c| 5 - arch/x86/mm/dump_pagetables.c | 3

[PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

5-bytes as before. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/ftrace.h | 4 -- arch/x86/include/asm/sections.h | 4 ++ arch/x86/kernel/ftrace.c| 42

[PATCH v4 17/27] x86/relocs: Handle PIE relocations

Change the relocation tool to correctly handle relocations generated by -fPIE option: - Add relocation for each entry of the .got section given the linker does not generate R_X86_64_GLOB_DAT on a simple link. - Ignore R_X86_64_GOTPCREL. Signed-off-by: Thomas Garnier --- arch/x86/tools

[PATCH v4 11/27] x86/power/64: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier Acked-by: Pavel Machek --- arch/x86/power

[PATCH v4 08/27] x86/CPU: Adapt assembly for PIE support

ff8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/processor.h | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index e28add6b791f..7ae9fb91f7b5 100644 --- a/arch/x86/include/asm/process

[PATCH v4 13/27] x86/boot/64: Build head64.c as mcmodel large when PIE is enabled

ition Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/Makefile | 6 ++ arch/x86/kernel/head64.c | 3 +++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/kernel/Makefile b/arch/x86/k

[PATCH v4 07/27] x86: pm-trace - Adapt assembly for PIE support

Change assembly to use the new _ASM_MOVABS macro instead of _ASM_MOV for the assembly to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/pm-trace.h | 2

[PATCH v4 10/27] x86/boot/64: Adapt assembly for PIE support

. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/head_64.S | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/head_64.S b/arch

[PATCH v4 03/27] x86: Use symbol name in jump table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v4 02/27] x86: Use symbol name on bug table for PIE support

Replace the %c constraint with %P. The %c is incompatible with PIE because it implies an immediate value whereas %P reference a symbol. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch

[PATCH v4 01/27] x86/crypto: Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/crypto/aes-x86_64-asm_64.S

[PATCH v4 05/27] x86: relocate_kernel - Adapt assembly for PIE support

Change the assembly code to use only relative references of symbols for the kernel to be PIE compatible. Position Independent Executable (PIE) support will allow to extend the KASLR randomization range 0x8000. Signed-off-by: Thomas Garnier --- arch/x86/kernel/relocate_kernel_64.S

[PATCH v4 04/27] x86: Add macro to get symbol address for PIE support

Add a new _ASM_MOVABS macro to fetch a symbol address. It will be used to replace "_ASM_MOV $, %dst" code construct that are not compatible with PIE. Signed-off-by: Thomas Garnier --- arch/x86/include/asm/asm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/a

Re: [PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

On Mon, Jun 4, 2018 at 1:16 PM Steven Rostedt wrote: > > On Tue, 29 May 2018 15:15:22 -0700 > Thomas Garnier wrote: > > > When using -fPIE/PIC with function tracing, the compiler generates a > > call through the GOT (call *__fentry__@GOTPCREL). This instruction > >

Re: [PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

On Mon, Jun 4, 2018 at 2:44 PM Steven Rostedt wrote: > > On Mon, 4 Jun 2018 14:06:03 -0700 > Thomas Garnier wrote: > > > On Mon, Jun 4, 2018 at 1:16 PM Steven Rostedt wrote: > > > > > > On Tue, 29 May 2018 15:15:22 -0700 > > > Thomas Garnier w

Re: [PATCH v4 21/27] x86/ftrace: Adapt function tracing for PIE support

On Tue, Jun 5, 2018 at 9:56 AM Thomas Garnier wrote: > > On Mon, Jun 4, 2018 at 2:44 PM Steven Rostedt wrote: > > > > On Mon, 4 Jun 2018 14:06:03 -0700 > > Thomas Garnier wrote: > > > > > On Mon, Jun 4, 2018 at 1:16 PM Steven Rostedt wrote: > > &

Re: [PATCH v6 19/27] kvm: Adapt assembly for PIE support

On Wed, Feb 6, 2019 at 11:56 AM Sean Christopherson wrote: > > On Thu, Jan 31, 2019 at 11:24:26AM -0800, Thomas Garnier wrote: > > Change the assembly code to use only relative references of symbols for the > > kernel to be PIE compatible. The new __ASM_MOVABS macro is used to &

Re: [PATCH v6 14/27] x86/percpu: Adapt percpu for PIE support

On Fri, Feb 1, 2019 at 9:13 AM Thomas Garnier wrote: > > On Thu, Jan 31, 2019 at 6:31 PM Christopher Lameter wrote: > > > > On Thu, 31 Jan 2019, Thomas Garnier wrote: > > > > > The per-cpu symbols are in a section that is zero based to create > > >

Re: [PATCH] mm: slub: re-initialize randomized freelist sequence in calculate_sizes

I am not super familiar with the sysfs setup here but the random sequence should work as expected. One minor comment below. Reviewed-by: Thomas Garnier On Wed, Aug 19, 2020 at 1:26 PM Andrew Morton wrote: > > > (cc Thomas and linux-mm) > > On Sat, 8 Aug 2020 13:50:

[PATCH] mm: SLAB freelist randomization

5 cycles 1 times kmalloc(32)/kfree -> 115 cycles 1 times kmalloc(64)/kfree -> 120 cycles 1 times kmalloc(128)/kfree -> 127 cycles 1 times kmalloc(256)/kfree -> 119 cycles 1 times kmalloc(512)/kfree -> 112 cycles 1 times kmalloc(1024)/kfree -> 112 cycles 100

[RFC v1 0/4] x86, boot: KASLR memory implementation (x86_64)

This is RFC v1 for KASLR memory implementation on x86_64. It was reviewed early by Kees Cook. ***Background: The current implementation of KASLR randomizes only the base address of the kernel and its modules. Research was published showing that static memory can be overwitten to elevate privileges

[RFC v1 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64)

to ensure each CPU can start with a PGD aligned virtual address (for realmode). x86/dump_pagetable was updated to correctly display each section. Updated documentation on x86_64 memory layout accordingly. Signed-off-by: Thomas Garnier --- Based on next-20160413 --- Documentation/x86/x86_64/mm

[RFC v1 4/4] x86, boot: Memory hotplug support for KASLR memory randomization

CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the entropy available. Signed-off-by: Thomas Garnier --- Based on next-20160413 --- arch/x86/Kconfig| 15 +++ arch/x86/mm/kaslr.c | 14 -- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig

[RFC v1 2/4] x86, boot: PUD VA support for physical mapping (x86_64)

Minor change that allows early boot physical mapping of PUD level virtual addresses. This change prepares usage of different virtual addresses for KASLR memory randomization. It has no impact on default usage. Signed-off-by: Thomas Garnier --- Based on next-20160413 --- arch/x86/mm/init_64.c

[RFC v1 1/4] x86, boot: Refactor KASLR entropy functions

Move the KASLR entropy functions in x86/libray to be used in early kernel boot for KASLR memory randomization. Signed-off-by: Thomas Garnier --- Based on next-20160413 --- arch/x86/boot/compressed/aslr.c | 76 +++ arch/x86/include/asm/kaslr.h| 6

Re: [PATCH] mm: SLAB freelist randomization

Thanks for the comments. I will address them in a v2 early next week. If anyone has other comments, please let me know. Thomas On Fri, Apr 15, 2016 at 3:26 PM, Joe Perches wrote: > On Fri, 2016-04-15 at 15:00 -0700, Andrew Morton wrote: >> On Fri, 15 Apr 2016 10:25:59 -0700 Thoma

Re: [PATCH 0/4] x86, boot: KASLR memory randomization

Any feedback on this patch proposal? Thanks, Thomas On Mon, Apr 25, 2016 at 9:39 AM, Thomas Garnier wrote: > This is PATCH v1 for KASLR memory implementation on x86_64. Minor changes > were done based on RFC v1 comments. > > ***Background: > The current implementation of KASLR

[PATCH v2 1/4] x86, boot: Refactor KASLR entropy functions

Move the KASLR entropy functions in x86/libray to be used in early kernel boot for KASLR memory randomization. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- arch/x86/boot/compressed/kaslr.c | 76 +++--- arch/x86/include/asm/kaslr.h | 6

[PATCH v2 2/4] x86, boot: PUD VA support for physical mapping (x86_64)

Minor change that allows early boot physical mapping of PUD level virtual addresses. This change prepares usage of different virtual addresses for KASLR memory randomization. It has no impact on default usage. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- arch/x86/mm/init_64.c

[PATCH v2 0/4] x86, boot: KASLR memory implementation

This is PATCH v2 for KASLR memory implementation for x86_64. Edit commit based on recents testing against the KASLR bypass exploits & rebase on next-20160502. ***Background: The current implementation of KASLR randomizes only the base address of the kernel and its modules. Research was published s

[PATCH v2 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64)

splay each section. Updated documentation on x86_64 memory layout accordingly. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- Documentation/x86/x86_64/mm.txt | 4 + arch/x86/Kconfig| 15 arch/x86/include/asm/kaslr.h| 12 +++ ar

[PATCH v2 4/4] x86, boot: Memory hotplug support for KASLR memory randomization

CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the entropy available. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- arch/x86/Kconfig| 15 +++ arch/x86/mm/kaslr.c | 14 -- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig

Re: [PATCH v2 2/4] x86, boot: PUD VA support for physical mapping (x86_64)

On Mon, May 2, 2016 at 2:58 PM, Dave Hansen wrote: > On 05/02/2016 02:41 PM, Thomas Garnier wrote: >> Minor change that allows early boot physical mapping of PUD level virtual >> addresses. This change prepares usage of different virtual addresses for >> KASLR memory ran

Re: [PATCH v2 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64)

n Mon, May 2, 2016 at 3:00 PM, Dave Hansen wrote: > On 05/02/2016 02:41 PM, Thomas Garnier wrote: >> -#define __PAGE_OFFSET _AC(0x8800, UL) >> +#define __PAGE_OFFSET_BASE _AC(0x8800, UL) >> +#ifdef CONFIG_RANDOMIZE_MEMORY

[PATCH v3 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64)

s 97681.6 (1031.11) Hackbench shows 0% difference on average (hackbench 90 repeated 10 times): attemp,before,after 1,0.076,0.069 2,0.072,0.069 3,0.066,0.066 4,0.066,0.068 5,0.066,0.067 6,0.066,0.069 7,0.067,0.066 8,0.063,0.067 9,0.067,0.065 10,0.068,0.071 average,0.0677,0.0677 Signed-off-by: Thomas Garnier

[PATCH v3 0/4] x86, boot: KASLR memory randomization

This is PATCH v3 for KASLR memory implementation for x86_64. Recent changes: Add performance information on commit. Add details on PUD alignment. Add information on testing against the KASLR bypass exploit. Rebase on next-20160502. ***Background: The current implementation of KASL

[PATCH v3 2/4] x86, boot: PUD VA support for physical mapping (x86_64)

. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- arch/x86/mm/init_64.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 89d9747..6adfbce 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -526,10

[PATCH v3 4/4] x86, boot: Memory hotplug support for KASLR memory randomization

CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the entropy available. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- arch/x86/Kconfig| 15 +++ arch/x86/mm/kaslr.c | 14 -- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig

[PATCH v3 1/4] x86, boot: Refactor KASLR entropy functions

Move the KASLR entropy functions in x86/libray to be used in early kernel boot for KASLR memory randomization. Signed-off-by: Thomas Garnier --- Based on next-20160502 --- arch/x86/boot/compressed/kaslr.c | 76 +++--- arch/x86/include/asm/kaslr.h | 6

Re: [PATCH v3 4/4] x86, boot: Memory hotplug support for KASLR memory randomization

On Tue, May 10, 2016 at 11:24 AM, Kees Cook wrote: > On Tue, May 3, 2016 at 12:31 PM, Thomas Garnier wrote: >> Add a new option (CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING) to define >> the padding used for the physical memory mapping section when KASLR >> memory is enabled

Re: [PATCH v3 1/4] x86, boot: Refactor KASLR entropy functions

On Tue, May 10, 2016 at 12:05 PM, Kees Cook wrote: > On Tue, May 3, 2016 at 12:31 PM, Thomas Garnier wrote: >> Move the KASLR entropy functions in x86/libray to be used in early >> kernel boot for KASLR memory randomization. >> >> Signed-off-by: Thomas Garnier >&

Re: [PATCH v3 3/4] x86, boot: Implement ASLR for kernel memory sections (x86_64)

On Tue, May 10, 2016 at 11:53 AM, Kees Cook wrote: > On Tue, May 3, 2016 at 12:31 PM, Thomas Garnier wrote: >> Randomizes the virtual address space of kernel memory sections (physical >> memory mapping, vmalloc & vmemmap) for x86_64. This security feature >> miti

Re: [RFC v1 2/2] mm: SLUB Freelist randomization

On Thu, May 19, 2016 at 7:15 PM, Joonsoo Kim wrote: > 2016-05-20 5:20 GMT+09:00 Thomas Garnier : >> I ran the test given by Joonsoo and it gave me these minimum cycles >> per size across 20 usage: > > I can't understand what you did here. Maybe, it's due to my poor

[RFC v2 0/2] mm: SLUB Freelist randomization

This is RFC v2 for the SLUB Freelist randomization. The patch is now based on the Linux master branch (as the based SLAB patch was merged). Changes since RFC v1: - Redone slab_test testing to decide best entropy approach on new page creation. - Moved to use get_random_int as best approach to

[RFC v2 1/2] mm: Reorganize SLAB freelist randomization

functions are changed to align with the SLUB implementation, now using get_random_* functions. Signed-off-by: Thomas Garnier --- Based on 0e01df100b6bf22a1de61b66657502a6454153c5 --- include/linux/slab_def.h | 11 +++- mm/slab.c| 68

[RFC v2 2/2] mm: SLUB Freelist randomization

Time 102.47 (0.562732) User Time 1045.3 (1.34263) System Time 88.311 (0.342554) Percent CPU 1105.8 (6.49444) Context Switches 189081 (2355.78) Sleeps 99231.5 (800.358) Signed-off-by: Thomas Garnier --- Based on 0e01df100b6bf22a1de61b66657502a6454153c5 --- include/linux/slub_def.h | 8 +++

[RFC v1 0/2] mm: SLUB Freelist randomization

This is RFC v1 for the SLUB Freelist randomization. ***Background: This proposal follows the previous SLAB Freelist patch submitted to next. It resuses parts of previous implementation and keep a similar approach. The kernel heap allocators are using a sequential freelist making their allocation

[RFC v1 1/2] mm: Reorganize SLAB freelist randomization

-by: Thomas Garnier --- Based on next-20160517 --- include/linux/slab_def.h | 11 +++- mm/slab.c| 66 +--- mm/slab.h| 16 mm/slab_common.c | 50 4 files changed

  1   2   3   4   5   >