lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <23A70A75-8016-4A80-9AEC-89B41F155104@me.com>
Date:   Mon, 11 Oct 2021 22:43:17 +0800
From:   Xiongwei Song <sxwjean@...com>
To:     linux-mm@...ck.org, x86@...nel.org
Cc:     Xiongwei Song <sxwjean@...il.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Kees Cook <keescook@...omium.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Arnd Bergmann <arnd@...db.de>,
        Al Viro <viro@...iv.linux.org.uk>,
        Gabriel Krisman Bertazi <krisman@...labora.com>,
        Lai Jiangshan <laijs@...ux.alibaba.com>,
        Huang Rui <ray.huang@....com>,
        Yazen Ghannam <yazen.ghannam@....com>,
        Kim Phillips <kim.phillips@....com>,
        Oleg Nesterov <oleg@...hat.com>,
        Balbir Singh <sblbir@...zon.com>,
        "David S. Miller" <davem@...emloft.net>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/6] Use generic code for randomization of virtual
 address of x86



> On Oct 11, 2021, at 10:31 PM, sxwjean@...com wrote:
> 
> From: Xiongwei Song <sxwjean@...il.com>
> 
> Hello,
> 
> This patchset are to use generic code for randomization of virtual address
> of x86. Since the basic code logic of x86 is same as generic code, so no
> need to implement these functions on x86.
> 
> Patch 1~3 are prepared to change the generic code to apply to x86.
> 
> Patch 4 is to switch to generic arch_pick_mmap_layout() with 
> ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT enabled. Also provided basically
> test and the result was put in commit message too.
> 
> Patch 5~6 are used to handle the legacy things.
> 
> Test programs(to verify if the entropy of return value of mmap is kept
> after applying the patchset):
> - C code for mmap test:
> 	#include <stdio.h>
> 	#include <stdlib.h>
> 	#include <sys/mman.h>
> 
> 	int main(int argc, char *argv[])
> 	{
> 		unsigned long *addr;
> 
> 		addr = mmap(NULL, 4096, PROT_READ, MAP_SHARED|MAP_ANONYMOUS, -1, 0);
> 		if (addr == MAP_FAILED) {
> 			printf("NULL\n");
> 		} else {
> 			printf("%lx\n", (unsigned long)addr);
> 			munmap(addr, 4096);
> 		}
> 
> 		return 0;
> 	}
> 
> - Shell script for collecting output of C progarm above and give a
>  statistics:
> 	#!/bin/bash
> 	declare -a COUNT
> 
> 	if [ "$1" == "" ]; then
> 	    echo "Please give a test number!"
> 	    exit 1
> 	fi
> 	number=$1
> 
> 	for ((i=0; i<$number; i++))
> 	do
> 	    addr=$(mmaptest)
> 	    addr=$(((16#$addr&0xf000000000)>>36))
> 	    COUNT[$addr]=$((COUNT[$addr]+1))
> 	done
> 
> 	echo "    Virtual Address Range     |   hit times   "
> 	echo "----------------------------------------"
> 	for ((i=0; i<16; i++))
> 	do
> 	    j=`echo "obase=16; $i" | bc`
> 	    echo "0x7f${j,,}000000000 - 0x7f${j,,}ffffff000 |   ${COUNT[i]}"
> 	done
> 
> Run 10 thousands times C progam, collect the output with shell script, get
> the test results below:
> 	Before the patchset:
>            Virtual Address Range       | hit times
>        ----------------------------------------
>        0x7f0000000000 - 0x7f0ffffff000 |   655 
>        0x7f1000000000 - 0x7f1ffffff000 |   617 
>        0x7f2000000000 - 0x7f2ffffff000 |   636 
>        0x7f3000000000 - 0x7f3ffffff000 |   625 
>        0x7f4000000000 - 0x7f4ffffff000 |   651 
>        0x7f5000000000 - 0x7f5ffffff000 |   591 
>        0x7f6000000000 - 0x7f6ffffff000 |   623 
>        0x7f7000000000 - 0x7f7ffffff000 |   627 
>        0x7f8000000000 - 0x7f8ffffff000 |   638 
>        0x7f9000000000 - 0x7f9ffffff000 |   586 
>        0x7fa000000000 - 0x7faffffff000 |   637 
>        0x7fb000000000 - 0x7fbffffff000 |   607 
>        0x7fc000000000 - 0x7fcffffff000 |   618 
>        0x7fd000000000 - 0x7fdffffff000 |   656 
>        0x7fe000000000 - 0x7feffffff000 |   614 
>        0x7ff000000000 - 0x7ffffffff000 |   619 
> 
> 	After the patchset:
>            Virtual Address Range       | hit times
>        ----------------------------------------
>        0x7f0000000000 - 0x7f0ffffff000 |   661 
>        0x7f1000000000 - 0x7f1ffffff000 |   645 
>        0x7f2000000000 - 0x7f2ffffff000 |   609 
>        0x7f3000000000 - 0x7f3ffffff000 |   594 
>        0x7f4000000000 - 0x7f4ffffff000 |   616 
>        0x7f5000000000 - 0x7f5ffffff000 |   622 
>        0x7f6000000000 - 0x7f6ffffff000 |   617 
>        0x7f7000000000 - 0x7f7ffffff000 |   582 
>        0x7f8000000000 - 0x7f8ffffff000 |   618 
>        0x7f9000000000 - 0x7f9ffffff000 |   629 
>        0x7fa000000000 - 0x7faffffff000 |   635 
>        0x7fb000000000 - 0x7fbffffff000 |   625 
>        0x7fc000000000 - 0x7fcffffff000 |   614 
>        0x7fd000000000 - 0x7fdffffff000 |   610 
>        0x7fe000000000 - 0x7feffffff000 |   648
>        0x7ff000000000 - 0x7ffffffff000 |   675

Hi Kees,

Sorry, I have no idea about the entropy measure tools, so I designed a test program
myself. I’m not sure if my test is enough. Or could you please share a better method to
measure entropy?

Regards,
Xiongwei


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ