lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <1476458416-122131-1-git-send-email-dvyukov@google.com>
Date:   Fri, 14 Oct 2016 17:20:16 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     aryabinin@...tuozzo.com, akpm@...ux-foundation.org,
        glider@...gle.com, iamjoonsoo.kim@....com
Cc:     Dmitry Vyukov <dvyukov@...gle.com>, kasan-dev@...glegroups.com,
        sploving1@...il.com, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH] lib: bump stackdepot capacity from 16MB to 128MB

KASAN uses stackdepot to memorize stacks for all kmalloc/kfree calls.
Current stackdepot capacity is 16MB (1024 top level entries x
4 pages on second level). Size of each stack is (num_frames + 3) *
sizeof(long). Which gives us ~84K stacks. This capacity was chosen
empirically and it is enough to run kernel normally. However,
when lots of configs are enabled and a fuzzer tries to maximize
code coverage, it easily hits the limit within tens of minutes.
I've tested for long a time with number of top level entries bumped 4x
(4096). And I think I've seen overflow only once. But I don't have
all configs enabled and code coverage has not reached maximum yet.
So bump it 8x to 8192. Since we have two-level table, memory cost
of this is very moderate -- currently the top-level table is 8KB,
with this patch it is 64KB, which is negligible under KASAN.

Here is some approx math.
128MB allows us to memorize ~670K stacks (assuming stack is ~200b).
I've grepped kernel for kmalloc|kfree|kmem_cache_alloc|kmem_cache_free|
kzalloc|kstrdup|kstrndup|kmemdup and it gives ~60K matches.
Most of alloc/free call sites are reachable with only one stack.
But some utility functions can have large fanout. Assuming average
fanout is 5x, total number of alloc/free stacks is ~300K.

Signed-off-by: Dmitry Vyukov <dvyukov@...gle.com>
Cc: kasan-dev@...glegroups.com
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Alexander Potapenko <glider@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@....com>
Cc: sploving1@...il.com
Cc: linux-mm@...ck.org
Cc: linux-kernel@...r.kernel.org
---
 lib/stackdepot.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/stackdepot.c b/lib/stackdepot.c
index 60f77f1..4d830e2 100644
--- a/lib/stackdepot.c
+++ b/lib/stackdepot.c
@@ -50,7 +50,7 @@
 					STACK_ALLOC_ALIGN)
 #define STACK_ALLOC_INDEX_BITS (DEPOT_STACK_BITS - \
 		STACK_ALLOC_NULL_PROTECTION_BITS - STACK_ALLOC_OFFSET_BITS)
-#define STACK_ALLOC_SLABS_CAP 1024
+#define STACK_ALLOC_SLABS_CAP 8192
 #define STACK_ALLOC_MAX_SLABS \
 	(((1LL << (STACK_ALLOC_INDEX_BITS)) < STACK_ALLOC_SLABS_CAP) ? \
 	 (1LL << (STACK_ALLOC_INDEX_BITS)) : STACK_ALLOC_SLABS_CAP)
-- 
2.8.0.rc3.226.g39d4020

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ