linux/Documentation
Thomas Garnier 0483e1fa6e x86/mm: Implement ASLR for kernel memory regions
Randomizes the virtual address space of kernel memory regions for
x86_64. This first patch adds the infrastructure and does not randomize
any region. The following patches will randomize the physical memory
mapping, vmalloc and vmemmap regions.

This security feature mitigates exploits relying on predictable kernel
addresses. These addresses can be used to disclose the kernel modules
base addresses or corrupt specific structures to elevate privileges
bypassing the current implementation of KASLR. This feature can be
enabled with the CONFIG_RANDOMIZE_MEMORY option.

The order of each memory region is not changed. The feature looks at the
available space for the regions based on different configuration options
and randomizes the base and space between each. The size of the physical
memory mapping is the available physical memory. No performance impact
was detected while testing the feature.

Entropy is generated using the KASLR early boot functions now shared in
the lib directory (originally written by Kees Cook). Randomization is
done on PGD & PUD page table levels to increase possible addresses. The
physical memory mapping code was adapted to support PUD level virtual
addresses. This implementation on the best configuration provides 30,000
possible virtual addresses in average for each memory region.  An
additional low memory page is used to ensure each CPU can start with a
PGD aligned virtual address (for realmode).

x86/dump_pagetable was updated to correctly display each region.

Updated documentation on x86_64 memory layout accordingly.

Performance data, after all patches in the series:

Kernbench shows almost no difference (-+ less than 1%):

Before:

Average Optimal load -j 12 Run (std deviation): Elapsed Time 102.63 (1.2695)
User Time 1034.89 (1.18115) System Time 87.056 (0.456416) Percent CPU 1092.9
(13.892) Context Switches 199805 (3455.33) Sleeps 97907.8 (900.636)

After:

Average Optimal load -j 12 Run (std deviation): Elapsed Time 102.489 (1.10636)
User Time 1034.86 (1.36053) System Time 87.764 (0.49345) Percent CPU 1095
(12.7715) Context Switches 199036 (4298.1) Sleeps 97681.6 (1031.11)

Hackbench shows 0% difference on average (hackbench 90 repeated 10 times):

attemp,before,after 1,0.076,0.069 2,0.072,0.069 3,0.066,0.066 4,0.066,0.068
5,0.066,0.067 6,0.066,0.069 7,0.067,0.066 8,0.063,0.067 9,0.067,0.065
10,0.068,0.071 average,0.0677,0.0677

Signed-off-by: Thomas Garnier <thgarnie@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Alexander Kuleshov <kuleshovmail@gmail.com>
Cc: Alexander Popov <alpopov@ptsecurity.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: Baoquan He <bhe@redhat.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Jan Beulich <JBeulich@suse.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Lv Zheng <lv.zheng@intel.com>
Cc: Mark Salter <msalter@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Toshi Kani <toshi.kani@hpe.com>
Cc: Xiao Guangrong <guangrong.xiao@linux.intel.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: kernel-hardening@lists.openwall.com
Cc: linux-doc@vger.kernel.org
Link: http://lkml.kernel.org/r/1466556426-32664-6-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-07-08 17:33:46 +02:00
..
ABI USB fixes for 4.7-rc4 2016-06-18 06:06:49 -10:00
accounting taskstats: fix nl parsing in accounting/getdelays.c 2016-04-27 12:50:14 -04:00
acpi ACPI / tables: Convert initrd table override to table upgrade mechanism 2016-04-18 23:59:09 +02:00
aoe
arm Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
arm64 irqchip/gicv3-its: numa: Enable workaround for Cavium thunderx erratum 23144 2016-06-02 18:01:07 +01:00
auxdisplay
backlight
blackfin
block The most interesting thing (IMO) this time around is some beginning 2016-05-19 18:07:25 -07:00
blockdev zram: introduce per-device debug_stat sysfs node 2016-05-20 17:58:30 -07:00
bus-devices
cdrom
cgroup-v1 Documentation/memcg: update kmem limit doc as codes behavior 2016-05-14 10:12:45 -06:00
cma
connector samples: connector: from Documentation to samples directory 2016-04-28 07:47:35 -06:00
console
cpu-freq Documentation: cpufreq: intel_pstate: fix typo 2016-02-18 20:31:53 +01:00
cpuidle
cris
crypto crypto: doc - Use ahash 2016-02-06 15:33:11 +08:00
development-process
device-mapper dm stats: fix spelling mistake in Documentation 2016-05-05 15:25:54 -04:00
devicetree Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-06-11 11:24:54 -07:00
dmaengine Merge branch 'topic/async' into for-linus 2016-01-06 15:17:47 +05:30
DocBook doc: update/fixup dma-buf related DocBook 2016-05-31 22:16:53 +05:30
driver-model Staging and IIO driver update for 4.7-rc1 2016-05-20 22:20:48 -07:00
dvb [media] media: change email address 2016-01-25 12:01:08 -02:00
early-userspace
EDID
extcon
fault-injection net: Add support for CHANGEUPPER notifier error injection 2015-12-03 11:49:23 -05:00
fb Documentation: fb: fix spelling mistakes 2016-05-10 12:05:27 +03:00
features powerpc: Add HAVE_PERF_USER_STACK_DUMP support 2016-05-11 21:54:05 +10:00
filesystems devpts: Make each mount of devpts an independent filesystem. 2016-06-05 10:36:01 -07:00
firmware_class Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
fmc
fpga usage documentation for FPGA manager core 2015-10-07 18:07:20 +01:00
frv
gpio gpio: clarify open drain/source docs 2016-04-27 10:23:44 +02:00
hid
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2016-05-26 09:48:23 -07:00
i2c [media] rtl2832: change the i2c gate to be mux-locked 2016-05-04 22:40:02 +02:00
ia64
ide
iio iio: Documentation: Add IIO configfs documentation 2015-12-03 18:19:28 +00:00
infiniband Round two of 4.7 merge window patches 2016-05-28 11:04:16 -07:00
input Input: clarify we want BTN_TOOL_<name> on proximity 2016-04-06 10:23:09 -07:00
ioctl gpio: uapi: use 0xB4 as ioctl() major 2016-03-10 16:02:52 +07:00
isdn isdn: i4l: move active-isdn drivers to staging 2016-03-05 15:00:38 -08:00
ja_JP Documentatio: HOWTO: remove regression postings info from translations 2016-04-16 10:49:08 -06:00
kbuild kconfig-language: elaborate on the type of a choice 2016-05-10 17:30:14 +02:00
kdump kdump: fix dmesg gdbmacro to work with record based printk 2016-06-03 15:06:22 -07:00
ko_KR Documentation: HOWTO: update git home URL in translations 2016-04-16 10:49:18 -06:00
laptops Documentation: laptops: fix spelling mistake 2016-04-28 07:21:48 -06:00
leds leds: core: Fix brightness setting upon hardware blinking enabled 2016-06-08 11:47:06 +02:00
livepatch Merge branches 'for-4.7/core', 'for-4.7/livepatching-doc' and 'for-4.7/livepatching-ppc64' into for-linus 2016-05-17 12:06:35 +02:00
locking locking/Documentation/lockdep: Fix spelling mistakes 2016-04-28 10:40:57 +02:00
m68k
memory-devices
metag
mic Char/Misc patches for 4.6-rc1 2016-03-17 13:47:50 -07:00
mips
misc-devices Merge char-misc-next into staging-next 2016-02-22 14:46:24 -08:00
mmc Documentation: mmc: Add the introduction for mmc-utils 2016-03-31 00:54:22 -06:00
mn10300
mtd Documentation: mtd: improve nand_ecc.txt for readability and correctness 2015-11-17 17:05:14 -08:00
namespaces
netlabel
networking Documentation: ip-sysctl.txt: clarify secure_redirects 2016-05-29 22:40:53 -07:00
nfc
nios2
nvdimm libnvdimm: documentation clarifications 2015-11-12 09:55:23 -08:00
nvmem
parisc
PCI
pcmcia
phy
platform
power PM / runtime: Document steps for device removal 2016-04-05 03:46:59 +02:00
powerpc powerpc/eeh: rename EEH from "extended" to "enhanced" error handling 2016-04-11 20:30:42 +10:00
pps Documentation: pps: fix spelling mistake 2016-04-28 07:23:59 -06:00
prctl Documentation: Fix int/unsigned int comparison 2016-02-17 14:09:43 -07:00
pti
ptp Another relatively boring cycle for the docs tree: typo fixes, translation 2016-03-17 12:09:35 -07:00
rapidio rapidio: add mport char device driver 2016-03-22 15:36:02 -07:00
RCU The most interesting thing (IMO) this time around is some beginning 2016-05-19 18:07:25 -07:00
s390 s390/zcore: remove /sys/kernel/debug/zcore/mem 2015-11-27 09:24:12 +01:00
scheduler
scsi Merge remote-tracking branch 'mkp-scsi/4.7/scsi-fixes' into fixes 2016-06-18 11:59:01 -07:00
security KEYS: Add placeholder for KDF usage with DH 2016-06-03 16:14:34 +10:00
serial TTY and Serial driver update for 4.7-rc1 2016-05-20 20:57:27 -07:00
sh
sound ALSA: compress: fix some typo 2016-05-08 11:27:44 +02:00
spi spi: tools: move spidev_test metadata 2015-11-30 12:14:12 +00:00
sysctl Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-05-25 17:05:40 -07:00
target target: make close_session optional 2016-05-10 01:19:26 -07:00
thermal thermal: Syntactic and factual errors in the API document 2016-05-17 07:28:24 -07:00
timers Documentation: fix common spelling mistakes 2016-04-28 07:51:59 -06:00
tpm
trace Char / Misc driver update for 4.7-rc1 2016-05-20 21:20:31 -07:00
usb Hi Greg, below are changes for chipidea and OTG FSM, no major changes. 2016-05-04 10:25:58 -07:00
vDSO
video4linux The most interesting thing (IMO) this time around is some beginning 2016-05-19 18:07:25 -07:00
virtual kvm: introduce KVM_MAX_VCPU_ID 2016-05-11 22:37:54 +02:00
vm z3fold: the 3-fold allocator for compressed pages 2016-05-20 17:58:30 -07:00
w1 w1: add ability to set (SRAM) and store (EEPROM) configuration for temp sensors like DS18B20 2016-05-01 14:37:49 -07:00
watchdog Documentation: Add ebc-c384_wdt watchdog-parameters.txt entry 2016-05-14 18:28:29 +02:00
wimax
x86 x86/mm: Implement ASLR for kernel memory regions 2016-07-08 17:33:46 +02:00
xtensa
zh_CN Documentation:Update Documentation/zh_CN/arm64/booting.txt 2016-04-28 07:15:36 -06:00
00-INDEX
adding-syscalls.txt documentation: trivial typo: adding-syscalls.txt: s/statat/fstatat/ 2016-04-18 11:31:49 -06:00
applying-patches.txt
assoc_array.txt
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt
cgroup-v2.txt Merge branch 'for-4.6-ns' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2016-03-21 10:05:13 -07:00
Changes There is a nice new document from Neil on how pathname lookups work and 2015-11-05 15:59:24 -08:00
circular-buffers.txt
clk.txt
coccinelle.txt
CodeOfConflict
CodingStyle Documentation/CodingStyle: add space before parenthesis in example macro 2016-01-25 12:36:28 -07:00
cpu-hotplug.txt Documentation: cpu-hotplug: Fix sysfs mount instructions 2015-12-10 11:35:30 -07:00
cpu-load.txt
cputopology.txt
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt Documentation: update the devices.txt documentation 2016-03-29 10:11:44 -07:00
digsig.txt
DMA-API-HOWTO.txt dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
DMA-API.txt DMA-API: fix confusing sentence in Documentation/DMA-API.txt 2016-01-11 18:29:00 -07:00
DMA-attributes.txt ARM: 8506/1: common: DMA-mapping: add DMA_ATTR_ALLOC_SINGLE_PAGES attribute 2016-02-11 15:33:38 +00:00
dma-buf-sharing.txt dma-buf: Update docs for SYNC ioctl 2016-03-21 09:26:45 +01:00
DMA-ISA-LPC.txt
dontdiff Documentation: dontdiff: remove media from dontdiff 2015-11-11 10:08:07 -07:00
dynamic-debug-howto.txt
edac.txt EDAC: Remove references to bluesmoke.sourceforge.net 2015-11-26 14:46:06 +01:00
efi-stub.txt doc: efi-stub.txt: Fix arm64 paths 2015-12-14 15:24:03 +00:00
eisa.txt
email-clients.txt A few more documentation patches that wandered in and have no reason to 2015-11-13 09:19:05 -08:00
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt
gdb-kernel-debugging.txt scripts/gdb: add documentation example for radix tree 2016-05-23 17:04:14 -07:00
highuid.txt
HOWTO Documentation: Howto: Fixed subtitles style 2016-03-09 15:30:03 -07:00
hsi.txt
hw_random.txt
hwspinlock.txt
init.txt
initrd.txt
intel_txt.txt
Intel-IOMMU.txt iommu/vt-d: Fix link to Intel IOMMU Specification 2016-01-29 12:32:12 +01:00
io_ordering.txt
io-mapping.txt
iostats.txt
IPMI.txt ipmi watchdog : add panic_wdt_timeout parameter 2015-11-16 06:28:43 -06:00
IRQ-affinity.txt
IRQ-domain.txt Documentation/IRQ-domain.txt: Document irq_domain_create_{linear, tree} 2016-03-31 00:32:59 -06:00
IRQ.txt
irqflags-tracing.txt
isa.txt Documentation: Add ISA bus driver documentation 2016-05-02 09:32:04 -07:00
isapnp.txt
java.txt
kasan.txt mm, kasan: SLAB support 2016-03-25 16:37:42 -07:00
kcov.txt kernel: add kcov code coverage 2016-03-22 15:36:02 -07:00
kernel-doc-nano-HOWTO.txt
kernel-docs.txt Documentation: update Michael K. Johnson's work 2016-04-15 15:37:25 -06:00
kernel-parameters.txt x86/KASLR, x86/power: Remove x86 hibernation restrictions 2016-06-26 12:32:03 +02:00
kernel-per-CPU-kthreads.txt irq_poll: make blk-iopoll available outside the block layer 2015-12-11 11:52:24 -08:00
kmemcheck.txt
kmemleak.txt
kobject.txt
kprobes.txt
kref.txt
kselftest.txt Documentation: kselftest: Remove duplicate word 2016-03-09 15:33:38 -07:00
ldm.txt
local_ops.txt
lockup-watchdogs.txt kernel/watchdog.c: add sysctl knob hardlockup_panic 2015-11-05 19:34:48 -08:00
logo.gif
logo.txt
lzo.txt Documentation: lzo: fix spelling mistakes 2016-04-28 07:23:11 -06:00
magic-number.txt
mailbox.txt
Makefile [media] samples: v4l: from Documentation to samples directory 2016-05-09 18:34:37 -03:00
ManagementStyle
md-cluster.txt md-cluster: change array_sectors and update size are not supported 2016-05-04 12:39:35 -07:00
md.txt
memory-barriers.txt locking/Documentation: Clarify that ACQUIRE applies to loads, RELEASE applies to stores 2016-04-28 10:57:51 +02:00
memory-hotplug.txt memory_hotplug: introduce CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE 2016-05-19 19:12:14 -07:00
men-chameleon-bus.txt
module-signing.txt modsign: Fix documentation on module signing enforcement parameter. 2016-03-12 01:48:11 -07:00
mono.txt
nommu-mmap.txt
ntb.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt phy: core: Allow children node to be overridden 2016-04-29 16:39:39 +02:00
pi-futex.txt
pinctrl.txt
pnp.txt
preempt-locking.txt
printk-formats.txt mm, printk: introduce new format string for flags 2016-03-15 16:55:16 -07:00
pwm.txt pwm: Update documentation 2016-05-17 14:48:04 +02:00
ramoops.txt
rbtree.txt
remoteproc.txt
rfkill.txt rfkill: Add documentation about LED triggers 2016-02-24 09:13:12 +01:00
robust-futex-ABI.txt
robust-futexes.txt Documentation: robust-futexes: fix spelling mistakes 2016-04-28 07:26:41 -06:00
rpmsg.txt rpmsg: use module_rpmsg_driver in existing drivers and examples 2016-05-06 11:09:01 -07:00
rtc.txt rtc: implement a sysfs interface for clock offset 2016-03-14 17:08:16 +01:00
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules.txt: Remove extra space after Cc: 2015-11-20 16:54:57 -07:00
static-keys.txt
SubmitChecklist
SubmittingDrivers
SubmittingPatches SubmittingPatches: fix spelling of "git send-email" 2016-01-25 12:30:18 -07:00
svga.txt
sync_file.txt Documentation: add Sync File doc 2016-04-29 17:37:10 -07:00
sysfs-rules.txt
sysrq.txt Doc: correct the location of sysrq.c 2016-04-28 08:02:36 -06:00
this_cpu_ops.txt
ubsan.txt UBSAN: run-time undefined behavior sanity checker 2016-01-20 17:09:18 -08:00
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt
volatile-considered-harmful.txt
workqueue.txt
xillybus.txt Documentation: xillybus: fix spelling mistake 2016-04-28 07:44:54 -06:00
xz.txt
zorro.txt