Verify that kmem_create_cache flags are not allocator specific. It is
done before removing flags that are not available with the current
configuration.
Signed-off-by: Thomas Garnier
---
Based on next-20161027
---
mm/slab.h| 15 +++
mm/slab_common.c | 6 ++
2 files
On Mon, Nov 7, 2016 at 3:07 PM, Andrew Morton wrote:
> On Mon, 7 Nov 2016 13:11:15 -0800 Thomas Garnier wrote:
>
>> Verify that kmem_create_cache flags are not allocator specific. It is
>> done before removing flags that are not available with the current
>>
On Mon, Nov 7, 2016 at 2:49 PM, Andrew Morton wrote:
> On Mon, 7 Nov 2016 14:32:56 -0800 Thomas Garnier wrote:
>
>> On Mon, Nov 7, 2016 at 2:19 PM, Andrew Morton
>> wrote:
>> > On Mon, 7 Nov 2016 13:11:14 -0800 Thomas Garnier
>> > wrote:
>> &g
eate cannot be called with them.
Fixes: b03a017bebc4 ("mm/slab: introduce new slab management type,
OBJFREELIST_SLAB")
Signed-off-by: Thomas Garnier
Signed-off-by: Greg Thelen
---
Based on next-20161025
---
mm/slab.h| 3 +++
mm/slab_common.c | 10 --
2 files changed,
On Tue, May 9, 2017 at 4:10 AM, Greg KH wrote:
> On Tue, May 09, 2017 at 08:56:19AM +0200, Ingo Molnar wrote:
>>
>> * Kees Cook wrote:
>>
>> > > There's the option of using GCC plugins now that the infrastructure was
>> > > upstreamed from grsecurity. It can be used as part of the regular build
On Tue, May 9, 2017 at 7:29 AM, Thomas Garnier wrote:
>
> On Tue, May 9, 2017 at 4:10 AM, Greg KH wrote:
> > On Tue, May 09, 2017 at 08:56:19AM +0200, Ingo Molnar wrote:
> >>
> >> * Kees Cook wrote:
> >>
> >> > > There's the o
On Wed, Apr 19, 2017 at 7:34 AM, Dan Williams wrote:
> Does the randomization ever cross a pgd boundary?
Yes, it can cross a pgd boundary. The original physical memory mapping
might as well but you would need almost 550Gb of memory.
>
> These crashes look very similar to the crashes caused by
>
On Tue, Jun 20, 2017 at 1:18 PM, Kees Cook wrote:
> On Wed, Jun 14, 2017 at 6:12 PM, Thomas Garnier wrote:
>> Ensure the address limit is a user-mode segment before returning to
>> user-mode. Otherwise a process can corrupt kernel-mode memory and
>> elevate privileges
On Wed, Jun 21, 2017 at 1:16 AM, Catalin Marinas
wrote:
> On Wed, Jun 14, 2017 at 06:12:03PM -0700, Thomas Garnier wrote:
>> Ensure the address limit is a user-mode segment before returning to
>> user-mode. Otherwise a process can corrupt kernel-mode memory and
>>
if
needed.
The addr_limit_user_check function is added as a cross-architecture
function to check the address limit.
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990
Signed-off-by: Thomas Garnier
---
v10 redesigns the change to use work flags on set_fs as recommended by
Linus
if
needed.
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990
Signed-off-by: Thomas Garnier
---
v10 redesigns the change to use work flags on set_fs as recommended by
Linus and agreed by others.
Based on next-20170609
---
arch/arm64/include/asm/thread_info.h | 4 +++-
arch/arm64
-by: Thomas Garnier
---
v10 redesigns the change to use work flags on set_fs as recommended by
Linus and agreed by others.
Based on next-20170609
---
arch/arm/include/asm/thread_info.h | 15 +--
arch/arm/include/asm/uaccess.h | 2 ++
arch/arm/kernel/entry-common.S | 9 +++--
arch
address does not provide enough space for the kernel
to support a large number of processors.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
---
arch/x86/include/asm/fixmap.h | 8
arch/x86/include/asm/pgtable_64_types.h | 3 ---
arch/x86/kernel/module.c| 1
The KVM segment_base function is confusing. This patch replaces integers
with appropriate flags, simplify constructs and add comments.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
---
arch/x86/kvm/vmx.c | 26 ++
1 file changed, 18 insertions(+), 8 deletions
the original GDT.
Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
expected. For testing, VMs were started and restored on multiple
configurations.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
---
arch/x86/include/asm/desc.h | 51
. For hibernation, the main processor returns with the
original GDT and switches back to the remapping at completion.
This patch was tested on both architectures. Hibernation and KVM were
both tested specially for their usage of the GDT.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
On Fri, Jan 6, 2017 at 11:35 PM, Ingo Molnar wrote:
>
> * Thomas Garnier wrote:
>
>> > No, and I had the way this worked on 64-bit wrong. LTR requires an
>> > available TSS and changes it to busy. So here are my thoughts on how
>> > this should work:
>&
On Tue, Jan 10, 2017 at 2:27 AM, Ingo Molnar wrote:
>
> * Thomas Garnier wrote:
>
>> Coming back on that after a bit more testing. The LTR instruction
>> check if the busy bit is already set, if already set then it will just
>> issue a #GP given a bad selector:
&
This patch prevents a syscall to modify the address limit of the
caller. The address limit is kept by the syscall wrapper and restored
just after the syscall ends.
For example, it would mitigation this bug:
- https://bugs.chromium.org/p/project-zero/issues/detail?id=990
Signed-off-by: Thomas
On Thu, Feb 9, 2017 at 3:05 PM, Andy Lutomirski wrote:
> On Thu, Feb 9, 2017 at 11:31 AM, Kees Cook wrote:
>> On Thu, Feb 9, 2017 at 10:33 AM, Thomas Garnier wrote:
>>> This patch prevents a syscall to modify the address limit of the
>>> caller. The address limit is
address does not provide enough space for the kernel
to support a large number of processors.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
---
Documentation/x86/x86_64/mm.txt | 5 -
arch/x86/include/asm/pgtable_64_types.h | 3 ++-
2 files changed, 6 insertions(+), 2 deletions
The KVM segment_base function is confusing. This patch replaces integers
with appropriate flags, simplify constructs and add comments.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
---
arch/x86/kvm/vmx.c | 30 --
1 file changed, 20 insertions(+), 10
the original GDT.
Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
expected. For testing, VMs were started and restored on multiple
configurations.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
---
arch/x86/include/asm/desc.h | 51
. For hibernation, the main processor returns with the
original GDT and switches back to the remapping at completion.
This patch was tested on both architectures. Hibernation and KVM were
both tested specially for their usage of the GDT.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
address does not provide enough space for the kernel
to support a large number of processors.
Signed-off-by: Thomas Garnier
---
Based on next-20170213
Fixed fixmap dependencies on random configurations.
---
Documentation/x86/x86_64/mm.txt | 5 -
arch/x86/include/asm/pgtable_64_types.h | 3
KASLR memory randomization can randomize the base of the physical memory
mapping (PAGE_OFFSET), vmalloc (VMALLOC_START) and vmemmap
(VMEMMAP_START). Adding these variables on VMCOREINFO so tools can
easily identify the base of each memory section.
Signed-off-by: Thomas Garnier
---
Based on next
CCing Kees for information.
On Fri, Apr 7, 2017 at 7:41 AM, Jeff Moyer wrote:
> Hi,
>
> commit 021182e52fe01 ("x86/mm: Enable KASLR for physical mapping memory
> regions") causes some of my systems with persistent memory (whether real
> or emulated) to fail to boot with a couple of different
the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
---
Based on next-20170410
---
arch/arm64/Kconfig| 1 +
arch/arm64/kernel/entry.S | 13 +
2 files changed, 14 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9b8fcab7da56..3f9e8e7d9376
The CONFIG_ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE option is also
added so each architecture can optimize this change.
Signed-off-by: Thomas Garnier
Tested-by: Kees Cook
---
Based on next-20170410
---
arch/s390/Kconfig| 1 +
include/linux/syscalls.h | 26 +-
init/Kconfig
. If the address limit
was changed, a generic handler is called to stop the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
---
Based on next-20170410
---
arch/arm/Kconfig | 1 +
arch/arm/kernel/entry-common.S | 10 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff
on 32-bit
and on the 64-bit syscall slowpath. For the 64-bit syscall fast path, an
assembly address limit check redirects to the slow path if the address
limit is different.
The TASK_SIZE_MAX define is moved to the pgtable_64_types header so it
can be used in assembly code.
Signed-off-by: Thomas
the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
---
Based on next-20170410
---
arch/arm64/Kconfig| 1 +
arch/arm64/kernel/entry.S | 13 +
2 files changed, 14 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 9b8fcab7da56..3f9e8e7d9376
the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
Reviewed-by: Catalin Marinas
---
Based on next-20170410
Fix comments from Catalin and add review-by in the message.
---
arch/arm64/Kconfig| 1 +
arch/arm64/kernel/entry.S | 12
2 files changed, 13 insertions
On Mon, Apr 10, 2017 at 1:06 PM, Thomas Garnier wrote:
> Disable the generic pre-usermode check in favor of an optimized
> implementation. This patch adds specific checks on user-mode return path
> to make it faster and smaller.
>
> The address limit is checked on each syscall retu
On Mon, Apr 24, 2017 at 4:07 PM, Baoquan He wrote:
> Yeah, according to my debugging tracking, it goes as Dan said. And the
> is_ram is REGION_DISJOINT. And till arch_add_memory, the parameters
> passed to arch_add_memory are "arch_add_memory, align_start:0x100,
>
On Mon, Apr 24, 2017 at 11:23 PM, Ingo Molnar wrote:
>
> * Kees Cook wrote:
>
>> On Mon, Apr 10, 2017 at 9:44 AM, Thomas Garnier wrote:
>> > This patch ensures a syscall does not return to user-mode with a kernel
>> > address limit. If that happened,
On Mon, Apr 24, 2017 at 11:33 PM, Ingo Molnar wrote:
>
> * Thomas Garnier wrote:
>
>> This patch ensures a syscall does not return to user-mode with a kernel
>> address limit. If that happened, a process can corrupt kernel-mode
>> memory and elevate privileges.
On Wed, Apr 26, 2017 at 1:12 AM, Ingo Molnar wrote:
>
> * Thomas Garnier wrote:
>
>> >> +#ifdef CONFIG_ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE
>> >> +/*
>> >> + * This function is called when an architecture specific implementation
>
On Wed, Apr 26, 2017 at 3:43 AM, Baoquan He wrote:
>
> This bug will cause SGI uv 100 boot failure since SGI uv 100 can only
> use efi old_map because of hardware. On rhel it failed all SGI uv series
> since we haven't back ported fix for SGI uv 200/300.
>
> On 04/26/17 at 06:39pm, Baoquan He
Disable the generic address limit check in favor of an architecture
specific optimized implementation.
The address limit is checked on each syscall return path to user-mode.
If it was changed, a generic handler is called to stop the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
://bugs.chromium.org/p/project-zero/issues/detail?id=990
Signed-off-by: Thomas Garnier
Tested-by: Kees Cook
---
Based on next-20170426
---
arch/s390/Kconfig| 1 +
include/linux/syscalls.h | 27 ++-
init/Kconfig | 6 ++
kernel/sys.c | 13
the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
---
Based on next-20170426
---
arch/arm/Kconfig | 1 +
arch/arm/kernel/entry-common.S | 10 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4c1a35f15838
syscall fast path, an
assembly address limit check redirects to the slow path if the address
limit is different.
The TASK_SIZE_MAX definition is moved to the pgtable_64_types header so
it can be used in assembly code.
Signed-off-by: Thomas Garnier
---
Based on next-20170426
---
arch/x86/Kconfig
On Wed, Apr 26, 2017 at 11:49 PM, Ingo Molnar wrote:
>
> * Thomas Garnier wrote:
>
>> +
>> +/*
>> + * Called before coming back to user-mode. Returning to user-mode with an
>> + * address limit different than USER_DS can allow to overwrite kernel
>>
://bugs.chromium.org/p/project-zero/issues/detail?id=990
Signed-off-by: Thomas Garnier
Tested-by: Kees Cook
---
Based on next-20170426
---
arch/s390/Kconfig| 1 +
include/linux/syscalls.h | 27 ++-
init/Kconfig | 6 ++
kernel/sys.c | 13
is enabled by
default on s390 because a similar feature already exists.
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=990
Signed-off-by: Thomas Garnier
Tested-by: Kees Cook
---
Based on next-20170426
---
arch/s390/Kconfig| 1 +
include/linux/syscalls.h | 27
syscall fast path, an
assembly address limit check redirects to the slow path if the address
limit is different.
The TASK_SIZE_MAX definition is moved to the pgtable_64_types header so
it can be used in assembly code.
Signed-off-by: Thomas Garnier
---
Based on next-20170426
---
arch/x86/Kconfig
Disable the generic address limit check in favor of an architecture
specific optimized implementation.
The address limit is checked on each syscall return path to user-mode.
If it was changed, a generic handler is called to stop the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
the kernel on an
explicit check.
Signed-off-by: Thomas Garnier
---
Based on next-20170426
---
arch/arm/Kconfig | 1 +
arch/arm/kernel/entry-common.S | 10 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4c1a35f15838
Implement specific usage of verify_pre_usermode_state for user-mode
returns for x86.
Signed-off-by: Thomas Garnier
---
Based on next-20170404
---
arch/x86/Kconfig| 1 +
arch/x86/entry/common.c | 3 +++
arch/x86/entry/entry_64.S | 8
Implement specific usage of verify_pre_usermode_state for user-mode
returns for arm64.
Signed-off-by: Thomas Garnier
---
Based on next-20170404
---
arch/arm64/Kconfig| 1 +
arch/arm64/kernel/entry.S | 15 +++
2 files changed, 16 insertions(+)
diff --git a/arch/arm64
The CONFIG_ARCH_NO_SYSCALL_VERIFY_PRE_USERMODE_STATE option is also
added so each architecture can optimize this change.
Signed-off-by: Thomas Garnier
Tested-by: Kees Cook
---
Based on next-20170404
---
arch/s390/Kconfig| 1 +
include/linux/syscalls.h | 26 +-
init/Kconfig
Implement specific usage of verify_pre_usermode_state for user-mode
returns for arm.
Signed-off-by: Thomas Garnier
---
Based on next-20170404
---
arch/arm/Kconfig | 1 +
arch/arm/kernel/entry-common.S | 16 +++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff
On Tue, Apr 4, 2017 at 11:27 AM, H. Peter Anvin wrote:
> On 04/04/17 10:47, Thomas Garnier wrote:
>> diff --git a/arch/x86/include/asm/pgtable_64_types.h
>> b/arch/x86/include/asm/pgtable_64_types.h
>> index 516593e66bd6..12fa851c7fa8 100644
>> --- a/arch/x86/inc
On Wed, Apr 5, 2017 at 7:22 AM, Catalin Marinas wrote:
> On Tue, Apr 04, 2017 at 10:47:27AM -0700, Thomas Garnier wrote:
>> diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
>> index 43512d4d7df2..6d598e7051c3 100644
>> --- a/arch/arm64/kernel/entry.S
>&
On Wed, Apr 5, 2017 at 10:49 AM, Catalin Marinas
wrote:
> On Wed, Apr 05, 2017 at 07:36:17AM -0700, Thomas Garnier wrote:
>> On Wed, Apr 5, 2017 at 7:22 AM, Catalin Marinas
>> wrote:
>> > On Tue, Apr 04, 2017 at 10:47:27AM -0700, Thomas Garnier wrote:
>> >
On Thu, Mar 23, 2017 at 1:15 PM, Kees Cook wrote:
> On Thu, Mar 23, 2017 at 10:25 AM, Thomas Garnier wrote:
>> This patch ensures a syscall does not return to user-mode with a kernel
>> address limit. If that happened, a process can corrupt kernel-mode
>> memory a
address does not provide enough space for the kernel
to support a large number of processors.
Signed-off-by: Thomas Garnier
---
Based on next-20170308
---
Documentation/x86/x86_64/mm.txt | 5 -
arch/x86/include/asm/pgtable_64_types.h | 3 ++-
arch/x86/kernel/module.c| 1
the original GDT.
Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
expected. For testing, VMs were started and restored on multiple
configurations.
Signed-off-by: Thomas Garnier
---
Based on next-20170308
---
arch/x86/include/asm/desc.h | 106
changes for Xen support.
Signed-off-by: Thomas Garnier
---
Based on next-20170308
---
arch/x86/entry/vdso/vma.c | 2 +-
arch/x86/include/asm/desc.h | 58 ---
arch/x86/include/asm/fixmap.h | 4 +++
arch/x86/include/asm/processor.h | 1
unsigned long i, count = oo_objects(s->oo);
>
> + /* Bailout if already initialised */
> + if (s->random_seq)
> + return 0;
> +
> err = cache_random_seq_create(s, count, GFP_KERNEL);
> if (err) {
> pr_err("SLUB: U
Garnier wrote:
> On Fri, Jan 20, 2017 at 4:57 PM, Andy Lutomirski wrote:
>> On Fri, Jan 20, 2017 at 8:41 AM, Thomas Garnier wrote:
>>> Each processor holds a GDT in its per-cpu structure. The sgdt
>>> instruction gives the base address of the current GDT. This addres
. For hibernation, the main processor returns with the
original GDT and switches back to the remapping at completion.
This patch was tested on both architectures. Hibernation and KVM were
both tested specially for their usage of the GDT.
Signed-off-by: Thomas Garnier
---
Based on next-20170125
address does not provide enough space for the kernel
to support a large number of processors.
Signed-off-by: Thomas Garnier
---
Based on next-20170125
---
arch/x86/include/asm/fixmap.h | 8
arch/x86/include/asm/pgtable_64_types.h | 3 ---
arch/x86/kernel/module.c| 1
the original GDT.
Instead of reloading the previous GDT, VMX will reload the fixmap GDT as
expected. For testing, VMs were started and restored on multiple
configurations.
Signed-off-by: Thomas Garnier
---
Based on next-20170125
---
arch/x86/include/asm/desc.h | 46
On Mon, Oct 31, 2016 at 4:38 PM, David Rientjes wrote:
> On Mon, 31 Oct 2016, Thomas Garnier wrote:
>
>> While testing OBJFREELIST_SLAB integration with pagealloc, we found a
>> bug where kmem_cache(sys) would be created with both CFLGS_OFF_SLAB &
>> CFLGS_OBJFREEL
. If
CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the
entropy available.
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
arch/x86/Kconfig| 15 +++
arch/x86/mm/kaslr.c | 7 ++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch
Move the KASLR entropy functions in x86/libray to be used in early
kernel boot for KASLR memory randomization.
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
arch/x86/boot/compressed/kaslr.c | 77 +++---
arch/x86/include/asm/kaslr.h | 6 +++
arch
fter
1,0.076,0.069
2,0.072,0.069
3,0.066,0.066
4,0.066,0.068
5,0.066,0.067
6,0.066,0.069
7,0.067,0.066
8,0.063,0.067
9,0.067,0.065
10,0.068,0.071
average,0.0677,0.0677
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
Documentation/x86/x86_64/mm.txt | 4 +
arch/x86/Kconfig
This is PATCH v4 for KASLR memory implementation for x86_64.
Recent changes:
Add performance information on commit.
Add details on PUD alignment.
Add information on testing against the KASLR bypass exploit.
Rebase on next-20160511 and merge recent KASLR changes.
Integrate
.
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
arch/x86/mm/init_64.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index bce2e5d..f205f39 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -454,10
ed to the wrong git tree, please drop us a note to
> help improving the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Thomas-Garnier/x86-boot-KASLR-memory-randomization/20160513-001319
> config: i386-tinyconfig (attached as .config)
> compiler: gcc-6 (Debian 6.
This is PATCH v5 for KASLR memory implementation for x86_64.
Recent changes:
Add performance information on commit.
Add details on PUD alignment.
Add information on testing against the KASLR bypass exploit.
Rebase on next-20160511 and merge recent KASLR changes.
Integrate
.
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
arch/x86/mm/init_64.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index bce2e5d..f205f39 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -454,10
Move the KASLR entropy functions in x86/libray to be used in early
kernel boot for KASLR memory randomization.
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
arch/x86/boot/compressed/kaslr.c | 77 +++---
arch/x86/include/asm/kaslr.h | 6 +++
arch
fter
1,0.076,0.069
2,0.072,0.069
3,0.066,0.066
4,0.066,0.068
5,0.066,0.067
6,0.066,0.069
7,0.067,0.066
8,0.063,0.067
9,0.067,0.065
10,0.068,0.071
average,0.0677,0.0677
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
Documentation/x86/x86_64/mm.txt | 4 +
arch/x86/Kconfig
. If
CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the
entropy available.
Signed-off-by: Thomas Garnier
---
Based on next-20160511
---
arch/x86/Kconfig| 15 +++
arch/x86/mm/kaslr.c | 7 ++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/x86/Kconfig b/arch
On Tue, May 10, 2016 at 11:24 AM, Kees Cook wrote:
> On Tue, May 3, 2016 at 12:31 PM, Thomas Garnier wrote:
>> Add a new option (CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING) to define
>> the padding used for the physical memory mapping section when KASLR
>> memory i
On Tue, May 10, 2016 at 12:05 PM, Kees Cook wrote:
> On Tue, May 3, 2016 at 12:31 PM, Thomas Garnier wrote:
>> Move the KASLR entropy functions in x86/libray to be used in early
>> kernel boot for KASLR memory randomization.
>>
>> Signed-off-by: Thomas Garnier
>&
On Tue, May 10, 2016 at 11:53 AM, Kees Cook wrote:
> On Tue, May 3, 2016 at 12:31 PM, Thomas Garnier wrote:
>> Randomizes the virtual address space of kernel memory sections (physical
>> memory mapping, vmalloc & vmemmap) for x86_64. This security feature
>> m
Yes, it is. Certainly happened while editing patches (sorry about
that), will be fixed on next iteration once I get a bit more feedback.
On Mon, Apr 18, 2016 at 7:46 AM, Joerg Roedel wrote:
> On Fri, Apr 15, 2016 at 03:03:12PM -0700, Thomas Garnier wrote:
>> +#if defined(CONFIG_KASAN)
&
I will send the next version today. Note that I get_random_bytes_arch
is used because at that stage we have 0 bits of entropy. It seemed
like a better idea to use the arch version that will fallback on
get_random_bytes sub API in the worse case.
On Fri, Apr 15, 2016 at 3:47 PM, Thomas Garnier
mes kmalloc(128)/kfree -> 127 cycles
1 times kmalloc(256)/kfree -> 119 cycles
1 times kmalloc(512)/kfree -> 112 cycles
1 times kmalloc(1024)/kfree -> 112 cycles
10000 times kmalloc(2048)/kfree -> 112 cycles
1 times kmalloc(4096)/kfree -> 1
mes kmalloc(128)/kfree -> 127 cycles
1 times kmalloc(256)/kfree -> 119 cycles
1 times kmalloc(512)/kfree -> 112 cycles
1 times kmalloc(1024)/kfree -> 112 cycles
10000 times kmalloc(2048)/kfree -> 112 cycles
1 times kmalloc(4096)/kfree -> 1
I agree, if we had a generic way to pass entropy across boots on all
architecture that would be amazing. I will let the SLAB maintainers to
decide on requiring CONFIG_ARCH_RANDOM or documenting it.
On Mon, Apr 18, 2016 at 12:36 PM, Laura Abbott wrote:
> On 04/18/2016 08:59 AM, Thomas Garn
On Tue, Apr 19, 2016 at 7:27 AM, Joerg Roedel wrote:
> Hi Thomas,
>
> On Fri, Apr 15, 2016 at 03:03:12PM -0700, Thomas Garnier wrote:
>> +/*
>> + * Create PGD aligned trampoline table to allow real mode initialization
>> + * of additional CPUs. Consume only
On Tue, Apr 19, 2016 at 12:15 AM, Joonsoo Kim wrote:
> On Mon, Apr 18, 2016 at 10:14:39AM -0700, Thomas Garnier wrote:
>> Provides an optional config (CONFIG_FREELIST_RANDOM) to randomize the
>> SLAB freelist. The list is randomized during initialization of a new set
>>
On Wed, Apr 20, 2016 at 1:08 AM, Joonsoo Kim wrote:
> On Tue, Apr 19, 2016 at 09:44:54AM -0700, Thomas Garnier wrote:
>> On Tue, Apr 19, 2016 at 12:15 AM, Joonsoo Kim wrote:
>> > On Mon, Apr 18, 2016 at 10:14:39AM -0700, Thomas Garnier wrote:
>> >&g
24)/kfree -> 119 cycles
10000 times kmalloc(2048)/kfree -> 119 cycles
1 times kmalloc(4096)/kfree -> 119 cycles
1 times kmalloc(8192)/kfree -> 119 cycles
1 times kmalloc(16384)/kfree -> 119 cycles
Signed-off-by: Thomas Garnier
Acked-by: Christoph Lameter
---
Based on n
On Wed, Apr 27, 2016 at 12:16 PM, Andrew Morton
wrote:
> On Wed, 27 Apr 2016 10:20:59 -0700 Thomas Garnier wrote:
>
>> Provides an optional config (CONFIG_SLAB_FREELIST_RANDOM) to randomize
>> the SLAB freelist.
>
> Forgot this bit?
>
I thought I would change it w
Any feedback on this patch proposal?
Thanks,
Thomas
On Mon, Apr 25, 2016 at 9:39 AM, Thomas Garnier wrote:
> This is PATCH v1 for KASLR memory implementation on x86_64. Minor changes
> were done based on RFC v1 comments.
>
> ***Background:
> The current implementation of KASLR
This is PATCH v1 for KASLR memory implementation on x86_64. Minor changes
were done based on RFC v1 comments.
***Background:
The current implementation of KASLR randomizes only the base address of
the kernel and its modules. Research was published showing that static
memory can be overwitten to
Minor change that allows early boot physical mapping of PUD level virtual
addresses. This change prepares usage of different virtual addresses for
KASLR memory randomization. It has no impact on default usage.
Signed-off-by: Thomas Garnier
---
Based on next-20160422
---
arch/x86/mm/init_64.c
. If
CONFIG_MEMORY_HOTPLUG is not used, no space is reserved increasing the
entropy available.
Signed-off-by: Thomas Garnier
---
Based on next-20160422
---
arch/x86/Kconfig| 15 +++
arch/x86/mm/kaslr.c | 14 --
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/arch/x86/Kconfig
ses. An additional low memory page is used to ensure each CPU can
start with a PGD aligned virtual address (for realmode).
x86/dump_pagetable was updated to correctly display each section.
Updated documentation on x86_64 memory layout accordingly.
Signed-off-by: Thomas Garnier
---
Base
This is PATCH v1 for KASLR memory implementation on x86_64. Minor changes
were done based on RFC v1 comments.
***Background:
The current implementation of KASLR randomizes only the base address of
the kernel and its modules. Research was published showing that static
memory can be overwitten to
Move the KASLR entropy functions in x86/libray to be used in early
kernel boot for KASLR memory randomization.
Signed-off-by: Thomas Garnier
---
Based on next-20160422
---
arch/x86/boot/compressed/kaslr.c | 76 +++---
arch/x86/include/asm/kaslr.h | 6
142 cycles
1 times kmalloc(128)/kfree -> 121 cycles
1 times kmalloc(256)/kfree -> 119 cycles
1 times kmalloc(512)/kfree -> 119 cycles
1 times kmalloc(1024)/kfree -> 119 cycles
10000 times kmalloc(2048)/kfree -> 119 cycles
1 times kmalloc(4096)/kfree -> 119
On Mon, Apr 25, 2016 at 2:10 PM, Andrew Morton
wrote:
> On Mon, 25 Apr 2016 13:39:23 -0700 Thomas Garnier wrote:
>
>> Provides an optional config (CONFIG_FREELIST_RANDOM) to randomize the
>> SLAB freelist. The list is randomized during initialization of a new set
>
On Mon, Apr 25, 2016 at 2:13 PM, Thomas Garnier wrote:
> On Mon, Apr 25, 2016 at 2:10 PM, Andrew Morton
> wrote:
>> On Mon, 25 Apr 2016 13:39:23 -0700 Thomas Garnier
>> wrote:
>>
>>> Provides an optional config (CONFIG_FREELIST_RANDOM) to randomize the
>>
601 - 700 of 834 matches
Mail list logo