| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Oct 2021 22:43:17 +0800
From: Xiongwei Song <sxwjean@...com>
To: linux-mm@...ck.org, x86@...nel.org
Cc: Xiongwei Song <sxwjean@...il.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Kees Cook <keescook@...omium.org>,
"H. Peter Anvin" <hpa@...or.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Arnd Bergmann <arnd@...db.de>,
Al Viro <viro@...iv.linux.org.uk>,
Gabriel Krisman Bertazi <krisman@...labora.com>,
Lai Jiangshan <laijs@...ux.alibaba.com>,
Huang Rui <ray.huang@....com>,
Yazen Ghannam <yazen.ghannam@....com>,
Kim Phillips <kim.phillips@....com>,
Oleg Nesterov <oleg@...hat.com>,
Balbir Singh <sblbir@...zon.com>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/6] Use generic code for randomization of virtual
address of x86
> On Oct 11, 2021, at 10:31 PM, sxwjean@...com wrote:
>
> From: Xiongwei Song <sxwjean@...il.com>
>
> Hello,
>
> This patchset are to use generic code for randomization of virtual address
> of x86. Since the basic code logic of x86 is same as generic code, so no
> need to implement these functions on x86.
>
> Patch 1~3 are prepared to change the generic code to apply to x86.
>
> Patch 4 is to switch to generic arch_pick_mmap_layout() with
> ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT enabled. Also provided basically
> test and the result was put in commit message too.
>
> Patch 5~6 are used to handle the legacy things.
>
> Test programs(to verify if the entropy of return value of mmap is kept
> after applying the patchset):
> - C code for mmap test:
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/mman.h>
>
> int main(int argc, char *argv[])
> {
> unsigned long *addr;
>
> addr = mmap(NULL, 4096, PROT_READ, MAP_SHARED|MAP_ANONYMOUS, -1, 0);
> if (addr == MAP_FAILED) {
> printf("NULL\n");
> } else {
> printf("%lx\n", (unsigned long)addr);
> munmap(addr, 4096);
> }
>
> return 0;
> }
>
> - Shell script for collecting output of C progarm above and give a
> statistics:
> #!/bin/bash
> declare -a COUNT
>
> if [ "$1" == "" ]; then
> echo "Please give a test number!"
> exit 1
> fi
> number=$1
>
> for ((i=0; i<$number; i++))
> do
> addr=$(mmaptest)
> addr=$(((16#$addr&0xf000000000)>>36))
> COUNT[$addr]=$((COUNT[$addr]+1))
> done
>
> echo " Virtual Address Range | hit times "
> echo "----------------------------------------"
> for ((i=0; i<16; i++))
> do
> j=`echo "obase=16; $i" | bc`
> echo "0x7f${j,,}000000000 - 0x7f${j,,}ffffff000 | ${COUNT[i]}"
> done
>
> Run 10 thousands times C progam, collect the output with shell script, get
> the test results below:
> Before the patchset:
> Virtual Address Range | hit times
> ----------------------------------------
> 0x7f0000000000 - 0x7f0ffffff000 | 655
> 0x7f1000000000 - 0x7f1ffffff000 | 617
> 0x7f2000000000 - 0x7f2ffffff000 | 636
> 0x7f3000000000 - 0x7f3ffffff000 | 625
> 0x7f4000000000 - 0x7f4ffffff000 | 651
> 0x7f5000000000 - 0x7f5ffffff000 | 591
> 0x7f6000000000 - 0x7f6ffffff000 | 623
> 0x7f7000000000 - 0x7f7ffffff000 | 627
> 0x7f8000000000 - 0x7f8ffffff000 | 638
> 0x7f9000000000 - 0x7f9ffffff000 | 586
> 0x7fa000000000 - 0x7faffffff000 | 637
> 0x7fb000000000 - 0x7fbffffff000 | 607
> 0x7fc000000000 - 0x7fcffffff000 | 618
> 0x7fd000000000 - 0x7fdffffff000 | 656
> 0x7fe000000000 - 0x7feffffff000 | 614
> 0x7ff000000000 - 0x7ffffffff000 | 619
>
> After the patchset:
> Virtual Address Range | hit times
> ----------------------------------------
> 0x7f0000000000 - 0x7f0ffffff000 | 661
> 0x7f1000000000 - 0x7f1ffffff000 | 645
> 0x7f2000000000 - 0x7f2ffffff000 | 609
> 0x7f3000000000 - 0x7f3ffffff000 | 594
> 0x7f4000000000 - 0x7f4ffffff000 | 616
> 0x7f5000000000 - 0x7f5ffffff000 | 622
> 0x7f6000000000 - 0x7f6ffffff000 | 617
> 0x7f7000000000 - 0x7f7ffffff000 | 582
> 0x7f8000000000 - 0x7f8ffffff000 | 618
> 0x7f9000000000 - 0x7f9ffffff000 | 629
> 0x7fa000000000 - 0x7faffffff000 | 635
> 0x7fb000000000 - 0x7fbffffff000 | 625
> 0x7fc000000000 - 0x7fcffffff000 | 614
> 0x7fd000000000 - 0x7fdffffff000 | 610
> 0x7fe000000000 - 0x7feffffff000 | 648
> 0x7ff000000000 - 0x7ffffffff000 | 675
Hi Kees,
Sorry, I have no idea about the entropy measure tools, so I designed a test program
myself. I’m not sure if my test is enough. Or could you please share a better method to
measure entropy?
Regards,
Xiongwei
Powered by blists - more mailing lists