[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ede9pula.fsf@oldenburg.str.redhat.com>
Date: Mon, 22 Jan 2024 10:48:17 +0100
From: Florian Weimer <fweimer@...hat.com>
To: Matthew Wilcox <willy@...radead.org>
Cc: mail@...otw.com, linux-hardening@...r.kernel.org, Jakub Wilk
<jwilk@...lk.net>, Salvatore Bonaccorso <carnil@...ian.org>, Linux
Memory Management List <linux-mm@...ck.org>, William Kucharski
<william.kucharski@...cle.com>
Subject: Re: Limited/Broken functionality of ASLR for Libs >= 2MB
* Matthew Wilcox:
> I received a suggestion off-list that we only do the PMD alignment on
> 64-bit, which seems quite reasonable to me. After all, I don't care
> about performance on 32-bit just as much as I don't care about security
> on 32-bit.
Perhaps we can we repurpose MAP_DENYWRITE to disable this?
For shared objects as loaded by a dynamic linker, the alignment is
pointless in many cases even if the original mapping is quite a bit
larger than 2 MiB because the individual LOAD segments and their
protection settings are smaller than 2 MiB, so hugepages cannot be used
in the end after all. The dynamic linker knows the LOAD segments, so it
can drop MAP_DENYWRITE if it determines that hugepages could be
beneficial. (Current glibc sets MAP_DENYWRITE for historic reasons.)
On the other hand, I wouldn't object to more explicit control over mmap
pointer alignment, either, for anonymous mappings as well.
There are some binutils versions that produce 2 MiB aligned file layout
on x86-64, but that change was reverted, presumably because kernel
hugepage support for non-anonymous memory wasn't available. But there
are likely some iffy details that make these binaries unusable for
hugepages in practice, like lack of hugepage alignment at the end of
LOAD segments. Unfortunately, BFD ld tends to produce approximate
PT_LOAD and PT_GNU_RELRO and relies on the dynamic loader to round
things up and down in somewhat questionable ways.
Thanks,
Florian
Powered by blists - more mailing lists