linux/Documentation
Thomas Garnier 0483e1fa6e x86/mm: Implement ASLR for kernel memory regions
Randomizes the virtual address space of kernel memory regions for
x86_64. This first patch adds the infrastructure and does not randomize
any region. The following patches will randomize the physical memory
mapping, vmalloc and vmemmap regions.

This security feature mitigates exploits relying on predictable kernel
addresses. These addresses can be used to disclose the kernel modules
base addresses or corrupt specific structures to elevate privileges
bypassing the current implementation of KASLR. This feature can be
enabled with the CONFIG_RANDOMIZE_MEMORY option.

The order of each memory region is not changed. The feature looks at the
available space for the regions based on different configuration options
and randomizes the base and space between each. The size of the physical
memory mapping is the available physical memory. No performance impact
was detected while testing the feature.

Entropy is generated using the KASLR early boot functions now shared in
the lib directory (originally written by Kees Cook). Randomization is
done on PGD & PUD page table levels to increase possible addresses. The
physical memory mapping code was adapted to support PUD level virtual
addresses. This implementation on the best configuration provides 30,000
possible virtual addresses in average for each memory region.  An
additional low memory page is used to ensure each CPU can start with a
PGD aligned virtual address (for realmode).

x86/dump_pagetable was updated to correctly display each region.

Updated documentation on x86_64 memory layout accordingly.

Performance data, after all patches in the series:

Kernbench shows almost no difference (-+ less than 1%):

Before:

Average Optimal load -j 12 Run (std deviation): Elapsed Time 102.63 (1.2695)
User Time 1034.89 (1.18115) System Time 87.056 (0.456416) Percent CPU 1092.9
(13.892) Context Switches 199805 (3455.33) Sleeps 97907.8 (900.636)

After:

Average Optimal load -j 12 Run (std deviation): Elapsed Time 102.489 (1.10636)
User Time 1034.86 (1.36053) System Time 87.764 (0.49345) Percent CPU 1095
(12.7715) Context Switches 199036 (4298.1) Sleeps 97681.6 (1031.11)

Hackbench shows 0% difference on average (hackbench 90 repeated 10 times):

attemp,before,after 1,0.076,0.069 2,0.072,0.069 3,0.066,0.066 4,0.066,0.068
5,0.066,0.067 6,0.066,0.069 7,0.067,0.066 8,0.063,0.067 9,0.067,0.065
10,0.068,0.071 average,0.0677,0.0677

Signed-off-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Alexander Kuleshov <kuleshovmail@gmail.com>
Cc: Alexander Popov <alpopov@ptsecurity.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jan Beulich <JBeulich@suse.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Lv Zheng <lv.zheng@intel.com>
Cc: Mark Salter <msalter@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: kernel-hardening@lists.openwall.com
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/1466556426-32664-6-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-07-08 17:33:46 +02:00
..
ABI USB fixes for 4.7-rc4 2016-06-18 06:06:49 -10:00
accounting taskstats: fix nl parsing in accounting/getdelays.c 2016-04-27 12:50:14 -04:00
acpi ACPI / tables: Convert initrd table override to table upgrade mechanism 2016-04-18 23:59:09 +02:00
aoe
arm Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
arm64 irqchip/gicv3-its: numa: Enable workaround for Cavium thunderx erratum 23144 2016-06-02 18:01:07 +01:00
auxdisplay
backlight
blackfin
block The most interesting thing (IMO) this time around is some beginning 2016-05-19 18:07:25 -07:00
blockdev zram: introduce per-device debug_stat sysfs node 2016-05-20 17:58:30 -07:00
bus-devices
cdrom
cgroup-v1 Documentation/memcg: update kmem limit doc as codes behavior 2016-05-14 10:12:45 -06:00
cma
connector samples: connector: from Documentation to samples directory 2016-04-28 07:47:35 -06:00
console
cpu-freq
cpuidle
cris
crypto
development-process
device-mapper dm stats: fix spelling mistake in Documentation 2016-05-05 15:25:54 -04:00
devicetree Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-06-11 11:24:54 -07:00
dmaengine
DocBook doc: update/fixup dma-buf related DocBook 2016-05-31 22:16:53 +05:30
driver-model Staging and IIO driver update for 4.7-rc1 2016-05-20 22:20:48 -07:00
dvb
early-userspace
EDID
extcon
fault-injection
fb Documentation: fb: fix spelling mistakes 2016-05-10 12:05:27 +03:00
features powerpc: Add HAVE_PERF_USER_STACK_DUMP support 2016-05-11 21:54:05 +10:00
filesystems devpts: Make each mount of devpts an independent filesystem. 2016-06-05 10:36:01 -07:00
firmware_class Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
fmc
fpga
frv
gpio gpio: clarify open drain/source docs 2016-04-27 10:23:44 +02:00
hid
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2016-05-26 09:48:23 -07:00
i2c [media] rtl2832: change the i2c gate to be mux-locked 2016-05-04 22:40:02 +02:00
ia64
ide
iio
infiniband Round two of 4.7 merge window patches 2016-05-28 11:04:16 -07:00
input Input: clarify we want BTN_TOOL_<name> on proximity 2016-04-06 10:23:09 -07:00
ioctl
isdn
ja_JP Documentatio: HOWTO: remove regression postings info from translations 2016-04-16 10:49:08 -06:00
kbuild kconfig-language: elaborate on the type of a choice 2016-05-10 17:30:14 +02:00
kdump kdump: fix dmesg gdbmacro to work with record based printk 2016-06-03 15:06:22 -07:00
ko_KR Documentation: HOWTO: update git home URL in translations 2016-04-16 10:49:18 -06:00
laptops Documentation: laptops: fix spelling mistake 2016-04-28 07:21:48 -06:00
leds leds: core: Fix brightness setting upon hardware blinking enabled 2016-06-08 11:47:06 +02:00
livepatch Merge branches 'for-4.7/core', 'for-4.7/livepatching-doc' and 'for-4.7/livepatching-ppc64' into for-linus 2016-05-17 12:06:35 +02:00
locking locking/Documentation/lockdep: Fix spelling mistakes 2016-04-28 10:40:57 +02:00
m68k
memory-devices
metag
mic Char/Misc patches for 4.6-rc1 2016-03-17 13:47:50 -07:00
mips
misc-devices
mmc Documentation: mmc: Add the introduction for mmc-utils 2016-03-31 00:54:22 -06:00
mn10300
mtd
namespaces
netlabel
networking Documentation: ip-sysctl.txt: clarify secure_redirects 2016-05-29 22:40:53 -07:00
nfc
nios2
nvdimm
nvmem
parisc
PCI
pcmcia
phy
platform
power PM / runtime: Document steps for device removal 2016-04-05 03:46:59 +02:00
powerpc powerpc/eeh: rename EEH from "extended" to "enhanced" error handling 2016-04-11 20:30:42 +10:00
pps Documentation: pps: fix spelling mistake 2016-04-28 07:23:59 -06:00
prctl
pti
ptp Another relatively boring cycle for the docs tree: typo fixes, translation 2016-03-17 12:09:35 -07:00
rapidio rapidio: add mport char device driver 2016-03-22 15:36:02 -07:00
RCU The most interesting thing (IMO) this time around is some beginning 2016-05-19 18:07:25 -07:00
s390
scheduler
scsi Merge remote-tracking branch 'mkp-scsi/4.7/scsi-fixes' into fixes 2016-06-18 11:59:01 -07:00
security KEYS: Add placeholder for KDF usage with DH 2016-06-03 16:14:34 +10:00
serial TTY and Serial driver update for 4.7-rc1 2016-05-20 20:57:27 -07:00
sh
sound ALSA: compress: fix some typo 2016-05-08 11:27:44 +02:00
spi
sysctl Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-05-25 17:05:40 -07:00
target target: make close_session optional 2016-05-10 01:19:26 -07:00
thermal thermal: Syntactic and factual errors in the API document 2016-05-17 07:28:24 -07:00
timers Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
tpm
trace Char / Misc driver update for 4.7-rc1 2016-05-20 21:20:31 -07:00
usb Hi Greg, below are changes for chipidea and OTG FSM, no major changes. 2016-05-04 10:25:58 -07:00
vDSO
video4linux The most interesting thing (IMO) this time around is some beginning 2016-05-19 18:07:25 -07:00
virtual kvm: introduce KVM_MAX_VCPU_ID 2016-05-11 22:37:54 +02:00
vm z3fold: the 3-fold allocator for compressed pages 2016-05-20 17:58:30 -07:00
w1 w1: add ability to set (SRAM) and store (EEPROM) configuration for temp sensors like DS18B20 2016-05-01 14:37:49 -07:00
watchdog Documentation: Add ebc-c384_wdt watchdog-parameters.txt entry 2016-05-14 18:28:29 +02:00
wimax
x86 x86/mm: Implement ASLR for kernel memory regions 2016-07-08 17:33:46 +02:00
xtensa
zh_CN Documentation:Update Documentation/zh_CN/arm64/booting.txt 2016-04-28 07:15:36 -06:00
00-INDEX
adding-syscalls.txt documentation: trivial typo: adding-syscalls.txt: s/statat/fstatat/ 2016-04-18 11:31:49 -06:00
applying-patches.txt
assoc_array.txt
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
cgroup-v2.txt Merge branch 'for-4.6-ns' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2016-03-21 10:05:13 -07:00
Changes
circular-buffers.txt
clk.txt
coccinelle.txt
CodeOfConflict
CodingStyle
cpu-hotplug.txt
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt Documentation: update the devices.txt documentation 2016-03-29 10:11:44 -07:00
digsig.txt
DMA-API-HOWTO.txt
DMA-API.txt
DMA-attributes.txt
dma-buf-sharing.txt dma-buf: Update docs for SYNC ioctl 2016-03-21 09:26:45 +01:00
DMA-ISA-LPC.txt
dontdiff
dynamic-debug-howto.txt
edac.txt
efi-stub.txt
eisa.txt
email-clients.txt
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gdb-kernel-debugging.txt scripts/gdb: add documentation example for radix tree 2016-05-23 17:04:14 -07:00
highuid.txt
HOWTO
hsi.txt
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt
IRQ-domain.txt Documentation/IRQ-domain.txt: Document irq_domain_create_{linear, tree} 2016-03-31 00:32:59 -06:00
IRQ.txt
irqflags-tracing.txt
isa.txt Documentation: Add ISA bus driver documentation 2016-05-02 09:32:04 -07:00
isapnp.txt
java.txt
kasan.txt mm, kasan: SLAB support 2016-03-25 16:37:42 -07:00
kcov.txt kernel: add kcov code coverage 2016-03-22 15:36:02 -07:00
kernel-doc-nano-HOWTO.txt
kernel-docs.txt Documentation: update Michael K. Johnson's work 2016-04-15 15:37:25 -06:00
kernel-parameters.txt x86/KASLR, x86/power: Remove x86 hibernation restrictions 2016-06-26 12:32:03 +02:00
kernel-per-CPU-kthreads.txt
kmemcheck.txt
kmemleak.txt
kobject.txt
kprobes.txt
kref.txt
kselftest.txt
ldm.txt
local_ops.txt
lockup-watchdogs.txt
logo.gif
logo.txt
lzo.txt Documentation: lzo: fix spelling mistakes 2016-04-28 07:23:11 -06:00
magic-number.txt
mailbox.txt
Makefile [media] samples: v4l: from Documentation to samples directory 2016-05-09 18:34:37 -03:00
ManagementStyle
md-cluster.txt md-cluster: change array_sectors and update size are not supported 2016-05-04 12:39:35 -07:00
md.txt
memory-barriers.txt locking/Documentation: Clarify that ACQUIRE applies to loads, RELEASE applies to stores 2016-04-28 10:57:51 +02:00
memory-hotplug.txt memory_hotplug: introduce CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE 2016-05-19 19:12:14 -07:00
men-chameleon-bus.txt
module-signing.txt
mono.txt
nommu-mmap.txt
ntb.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt phy: core: Allow children node to be overridden 2016-04-29 16:39:39 +02:00
pi-futex.txt
pinctrl.txt
pnp.txt
preempt-locking.txt
printk-formats.txt
pwm.txt pwm: Update documentation 2016-05-17 14:48:04 +02:00
ramoops.txt
rbtree.txt
remoteproc.txt
rfkill.txt
robust-futex-ABI.txt
robust-futexes.txt Documentation: robust-futexes: fix spelling mistakes 2016-04-28 07:26:41 -06:00
rpmsg.txt rpmsg: use module_rpmsg_driver in existing drivers and examples 2016-05-06 11:09:01 -07:00
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
stable_api_nonsense.txt
stable_kernel_rules.txt
static-keys.txt
SubmitChecklist
SubmittingDrivers
SubmittingPatches
svga.txt
sync_file.txt Documentation: add Sync File doc 2016-04-29 17:37:10 -07:00
sysfs-rules.txt
sysrq.txt Doc: correct the location of sysrq.c 2016-04-28 08:02:36 -06:00
this_cpu_ops.txt
ubsan.txt
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt
xillybus.txt Documentation: xillybus: fix spelling mistake 2016-04-28 07:44:54 -06:00
xz.txt
zorro.txt