| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Feb 2010 23:07:02 -0500 From: Siarhei Liakh <sliakh.lkml@...il.com> To: Andi Kleen <andi@...stfloor.org> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-next@...r.kernel.org, Arjan van de Ven <arjan@...radead.org>, James Morris <jmorris@...ei.org>, Andrew Morton <akpm@...ux-foundation.org>, Andi Kleen <ak@....de>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...e.hu>, Rusty Russell <rusty@...tcorp.com.au>, Stephen Rothwell <sfr@...b.auug.org.au>, Dave Jones <davej@...hat.com> Subject: Re: [PATCH v8] RO/NX protection for loadable kernel modules On Tue, Feb 2, 2010 at 6:05 PM, Andi Kleen <andi@...stfloor.org> wrote: > My current kernel has 52 modules loaded, most of them very small. > Assuming the additional alignment of the data section cost two more > pages on average (I think that's a good assumption), that's roughly > 424KB of additional memory, plus associated runtime costs in increased > TLB usage. You are right about the additional memory consumption with this option enabled. In worst case scenario, a one-page module will get split into 3 pages. This might be a significant and unwelcome increase in some cases (embedded systems come to mind) and that is why this is implemented as compile-time option. However, on a general run-of-the-mill system the impact is not that significant. Case in point: I run Ubuntu 9.04 amd x86_64 with stock kernel on a generic AMD box. There are 111 modules loaded for all the hardware in the box and all the functions that it provides (regular consumer-grade hardware, but definitely not a typical home desktop setup). In total, 111 modules consume 15590884 bytes, with no module less then 10KB. After eliminating top 3 memory hogs (nvidia@8MB, vboxdrv@...MB and snd_hda_intel@...MB) we left with 5007532 bytes, 108 modules and nfs leading the list at 300KB. Assuming the worst-case scenario of 2 additional pages per module, we get (5007532+108*8192)/5007532 = 1.18 - only 18%. In addition, most modules already have some unused space left at the end of the last page and some padding in the middle for page/cache-aligned data. With that in mind, it looks to me that typical overhead will be about 1 page per module (9% for the case above, although I have no solid statistics to back this up). > What would I get for that if I applied the patch and enabled the option? With this patch you get strict separation of code, RO-data and RW-data in LKMs. This will prevent all attempts (intentional or erroneous) to modify code and RO-data, while keeping all data non-executable. While not targeted to prevent any specific exploit, this patch does improve general kernel security. When combined with the other two patches I have submitted (RW+NX for first megabyte and NX for static kernel data), this patch set completely eliminates kernel pages with executable data and modifiable code. > Did you find any bugs with this option? Well, so far I did not find any bugs in the last version of the patch, but it definitely breaks any module that uses self-modifying code or data execution. An issue with ftrace have been reported earlier and fixed in V7. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists