| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANpmjNMG+1Fiff+_PMFanRVc9SRoTKa-Z9SMM9eKTRL9MsoD0w@mail.gmail.com>
Date: Fri, 25 Sep 2020 13:31:48 +0200
From: Marco Elver <elver@...gle.com>
To: SeongJae Park <sjpark@...zon.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Alexander Potapenko <glider@...gle.com>,
Mark Rutland <mark.rutland@....com>,
Hillf Danton <hdanton@...a.com>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
Peter Zijlstra <peterz@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Linux Memory Management List <linux-mm@...ck.org>,
Eric Dumazet <edumazet@...gle.com>,
"H. Peter Anvin" <hpa@...or.com>, Christoph Lameter <cl@...ux.com>,
Will Deacon <will@...nel.org>,
Jonathan Corbet <corbet@....net>,
"the arch/x86 maintainers" <x86@...nel.org>,
kasan-dev <kasan-dev@...glegroups.com>,
Ingo Molnar <mingo@...hat.com>,
Vlastimil Babka <vbabka@...e.cz>,
David Rientjes <rientjes@...gle.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Kees Cook <keescook@...omium.org>,
"Paul E. McKenney" <paulmck@...nel.org>,
Jann Horn <jannh@...gle.com>,
Andrey Konovalov <andreyknvl@...gle.com>,
Borislav Petkov <bp@...en8.de>,
Andy Lutomirski <luto@...nel.org>,
Jonathan Cameron <Jonathan.Cameron@...wei.com>,
Thomas Gleixner <tglx@...utronix.de>,
Dmitry Vyukov <dvyukov@...gle.com>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Pekka Enberg <penberg@...nel.org>,
Joonsoo Kim <iamjoonsoo.kim@....com>
Subject: Re: [PATCH v3 01/10] mm: add Kernel Electric-Fence infrastructure
On Fri, 25 Sep 2020 at 13:24, 'SeongJae Park' via kasan-dev
<kasan-dev@...glegroups.com> wrote:
>
> On Mon, 21 Sep 2020 15:26:02 +0200 Marco Elver <elver@...gle.com> wrote:
>
> > From: Alexander Potapenko <glider@...gle.com>
> >
> > This adds the Kernel Electric-Fence (KFENCE) infrastructure. KFENCE is a
> > low-overhead sampling-based memory safety error detector of heap
> > use-after-free, invalid-free, and out-of-bounds access errors.
> >
> > KFENCE is designed to be enabled in production kernels, and has near
> > zero performance overhead. Compared to KASAN, KFENCE trades performance
> > for precision. The main motivation behind KFENCE's design, is that with
> > enough total uptime KFENCE will detect bugs in code paths not typically
> > exercised by non-production test workloads. One way to quickly achieve a
> > large enough total uptime is when the tool is deployed across a large
> > fleet of machines.
> >
> > KFENCE objects each reside on a dedicated page, at either the left or
> > right page boundaries. The pages to the left and right of the object
> > page are "guard pages", whose attributes are changed to a protected
> > state, and cause page faults on any attempted access to them. Such page
> > faults are then intercepted by KFENCE, which handles the fault
> > gracefully by reporting a memory access error. To detect out-of-bounds
> > writes to memory within the object's page itself, KFENCE also uses
> > pattern-based redzones. The following figure illustrates the page
> > layout:
> >
> > ---+-----------+-----------+-----------+-----------+-----------+---
> > | xxxxxxxxx | O : | xxxxxxxxx | : O | xxxxxxxxx |
> > | xxxxxxxxx | B : | xxxxxxxxx | : B | xxxxxxxxx |
> > | x GUARD x | J : RED- | x GUARD x | RED- : J | x GUARD x |
> > | xxxxxxxxx | E : ZONE | xxxxxxxxx | ZONE : E | xxxxxxxxx |
> > | xxxxxxxxx | C : | xxxxxxxxx | : C | xxxxxxxxx |
> > | xxxxxxxxx | T : | xxxxxxxxx | : T | xxxxxxxxx |
> > ---+-----------+-----------+-----------+-----------+-----------+---
> >
> > Guarded allocations are set up based on a sample interval (can be set
> > via kfence.sample_interval). After expiration of the sample interval, a
> > guarded allocation from the KFENCE object pool is returned to the main
> > allocator (SLAB or SLUB). At this point, the timer is reset, and the
> > next allocation is set up after the expiration of the interval.
> >
> > To enable/disable a KFENCE allocation through the main allocator's
> > fast-path without overhead, KFENCE relies on static branches via the
> > static keys infrastructure. The static branch is toggled to redirect the
> > allocation to KFENCE. To date, we have verified by running synthetic
> > benchmarks (sysbench I/O workloads) that a kernel compiled with KFENCE
> > is performance-neutral compared to the non-KFENCE baseline.
> >
> > For more details, see Documentation/dev-tools/kfence.rst (added later in
> > the series).
> >
> > Reviewed-by: Dmitry Vyukov <dvyukov@...gle.com>
> > Co-developed-by: Marco Elver <elver@...gle.com>
> > Signed-off-by: Marco Elver <elver@...gle.com>
> > Signed-off-by: Alexander Potapenko <glider@...gle.com>
> > ---
> > v3:
> > * Reports by SeongJae Park:
> > * Remove reference to Documentation/dev-tools/kfence.rst.
> > * Remove redundant braces.
> > * Use CONFIG_KFENCE_NUM_OBJECTS instead of ARRAY_SIZE(...).
> > * Align some comments.
> > * Add figure from Documentation/dev-tools/kfence.rst added later in
> > series to patch description.
> >
> > v2:
> > * Add missing __printf attribute to seq_con_printf, and fix new warning.
> > [reported by kernel test robot <lkp@...el.com>]
> > * Fix up some comments [reported by Jonathan Cameron].
> > * Remove 2 cases of redundant stack variable initialization
> > [reported by Jonathan Cameron].
> > * Fix printf format [reported by kernel test robot <lkp@...el.com>].
> > * Print (in kfence-#nn) after address, to more clearly establish link
> > between first and second stacktrace [reported by Andrey Konovalov].
> > * Make choice between KASAN and KFENCE clearer in Kconfig help text
> > [suggested by Dave Hansen].
> > * Document CONFIG_KFENCE_SAMPLE_INTERVAL=0.
> > * Shorten memory corruption report line length.
> > * Make /sys/module/kfence/parameters/sample_interval root-writable for
> > all builds (to enable debugging, automatic dynamic tweaking).
> > * Reports by Dmitry Vyukov:
> > * Do not store negative size for right-located objects
> > * Only cache-align addresses of right-located objects.
> > * Run toggle_allocation_gate() after KFENCE is enabled.
> > * Add empty line between allocation and free stacks.
> > * Add comment about SLAB_TYPESAFE_BY_RCU.
> > * Also skip internals for allocation/free stacks.
> > * s/KFENCE_FAULT_INJECTION/KFENCE_STRESS_TEST_FAULTS/ as FAULT_INJECTION
> > is already overloaded in different contexts.
> > * Parenthesis for macro variable.
> > * Lower max of KFENCE_NUM_OBJECTS config variable.
> > ---
> > MAINTAINERS | 11 +
> > include/linux/kfence.h | 174 ++++++++++
> > init/main.c | 2 +
> > lib/Kconfig.debug | 1 +
> > lib/Kconfig.kfence | 63 ++++
> > mm/Makefile | 1 +
> > mm/kfence/Makefile | 3 +
> > mm/kfence/core.c | 733 +++++++++++++++++++++++++++++++++++++++++
> > mm/kfence/kfence.h | 102 ++++++
> > mm/kfence/report.c | 219 ++++++++++++
> > 10 files changed, 1309 insertions(+)
> > create mode 100644 include/linux/kfence.h
> > create mode 100644 lib/Kconfig.kfence
> > create mode 100644 mm/kfence/Makefile
> > create mode 100644 mm/kfence/core.c
> > create mode 100644 mm/kfence/kfence.h
> > create mode 100644 mm/kfence/report.c
> >
> > diff --git a/MAINTAINERS b/MAINTAINERS
> > index b5cfab015bd6..863899ed9a29 100644
> > --- a/MAINTAINERS
> > +++ b/MAINTAINERS
> > @@ -9673,6 +9673,17 @@ F: include/linux/keyctl.h
> > F: include/uapi/linux/keyctl.h
> > F: security/keys/
> >
> > +KFENCE
> > +M: Alexander Potapenko <glider@...gle.com>
> > +M: Marco Elver <elver@...gle.com>
> > +R: Dmitry Vyukov <dvyukov@...gle.com>
> > +L: kasan-dev@...glegroups.com
> > +S: Maintained
> > +F: Documentation/dev-tools/kfence.rst
>
> This patch doesn't introduce this file yet, right? How about using a separate
> final patch for MAINTAINERS update?
Sure.
> Other than that,
>
> Reviewed-by: SeongJae Park <sjpark@...zon.de>
Thanks!
Powered by blists - more mailing lists