Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR

From: Kristen Carlson Accardi
Date: Thu Feb 06 2020 - 12:37:02 EST

Next message: Wei Huang: "Re: [PATCH v4 3/3] selftests: KVM: SVM: Add vmcall test"
Previous message: Dmitry Osipenko: "Re: [PATCH v2 0/9] add ASoC components for AHUB"
In reply to: Kees Cook: "Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR"
Next in thread: Peter Zijlstra: "Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2020-02-06 at 03:56 -0800, Kees Cook wrote:
> On Wed, Feb 05, 2020 at 05:17:11PM -0800, Andy Lutomirski wrote:
> > On Wed, Feb 5, 2020 at 2:39 PM Kristen Carlson Accardi
> > <kristen@xxxxxxxxxxxxxxx> wrote:
> > > At boot time, find all the function sections that have separate
> > > .text
> > > sections, shuffle them, and then copy them to new locations.
> > > Adjust
> > > any relocations accordingly.
> > >
> > > + sort(base, num_syms, sizeof(int), kallsyms_cmp,
> > > kallsyms_swp);
> >
> > Hah, here's a huge bottleneck. Unless you are severely
> > memory-constrained, never do a sort with an expensive swap function
> > like this. Instead allocate an array of indices that starts out as
> > [0, 1, 2, ...]. Sort *that* where the swap function just swaps the
> > indices. Then use the sorted list of indices to permute the actual
> > data. The result is exactly one expensive swap per item instead of
> > one expensive swap per swap.
>
> I think there are few places where memory-vs-speed need to be
> examined.
> I remain surprised about how much memory the entire series already
> uses
> (58MB in my local tests), but I suspect this is likely dominated by
> the
> two factors: a full copy of the decompressed kernel, and that the
> "allocator" in the image doesn't really implement free():
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/decompress/mm.h#n55
>

Yes - that was a huge issue (that free() doesn't actually...). Having
to do the copy really caused me to need to bump up the boot heap.
Thankfully, this is a readily solvable problem.

I think there's a temptation to focus too hard on the boot latency.
While I measured this on a reasonably fast system, we aren't talking
minutes of latency here, just a second or a second and a half. I know
there are those who sweat the milliseconds on booting vms, but I expect
they might just turn this feature off anyway. That said, there are
absolutely a lot of great ideas for improving things here that I am
excited to try should people be interested enough in this feature for
me to take it to the next stage.

Next message: Wei Huang: "Re: [PATCH v4 3/3] selftests: KVM: SVM: Add vmcall test"
Previous message: Dmitry Osipenko: "Re: [PATCH v2 0/9] add ASoC components for AHUB"
In reply to: Kees Cook: "Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR"
Next in thread: Peter Zijlstra: "Re: [RFC PATCH 08/11] x86: Add support for finer grained KASLR"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]