From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Borislav Petkov <bp@alien8.de>, Nadav Amit <nadav.amit@gmail.com>,
Kees Cook <keescook@chromium.org>,
Brian Gerst <brgerst@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Josh Poimboeuf <jpoimboe@redhat.com>, Jann Horn <jann@thejh.net>,
Heiko Carstens <heiko.carstens@de.ibm.com>
Subject: Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks
Date: Thu, 14 Jul 2016 10:34:11 +0200 [thread overview]
Message-ID: <20160714083411.GA15437@gmail.com> (raw)
In-Reply-To: <CALCETrW9B=MAGaLAV0Y86MQ2==pjoShHdOPNM_8ZR1OKZDy2ZQ@mail.gmail.com>
* Andy Lutomirski <luto@amacapital.net> wrote:
> On Wed, Jul 13, 2016 at 12:53 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> > * Andy Lutomirski <luto@kernel.org> wrote:
> >
> >> This allows x86_64 kernels to enable vmapped stacks. There are a
> >> couple of interesting bits.
> >
> >> --- a/arch/x86/Kconfig
> >> +++ b/arch/x86/Kconfig
> >> @@ -92,6 +92,7 @@ config X86
> >> select HAVE_ARCH_TRACEHOOK
> >> select HAVE_ARCH_TRANSPARENT_HUGEPAGE
> >> select HAVE_EBPF_JIT if X86_64
> >> + select HAVE_ARCH_VMAP_STACK if X86_64
> >
> > So what is the performance impact?
>
> Seems to be a very slight speedup (0.5 µs or so) on my silly benchmark
> (pthread_create, pthread_join in a loop). [...]
Music to my ears - although TBH there's probably two opposing forces: advantages
from the cache versus (possibly very minor, if measurable at all) disadvantages
from the 4K granularity.
> [...] It should be a small slowdown on workloads that create many threads all
> at once, thus defeating the stack cache. It should be a *large* speedup on any
> workload that would trigger compaction on clone() to satisfy the high-order
> allocation.
>
> >
> > Because I think we should consider enabling this feature by default on x86 - but
> > the way it's selected here it will be default-off.
> >
> > On the plus side: the debuggability and reliability improvements are real and
> > making it harder for exploits to use kernel stack overflows is a nice bonus as
> > well. There's two performance effects:
>
> Agreed. At the very least, I want to wait until after net-next gets
> pulled to flip the default to y. I'm also a bit concerned about more
> random driver issues that I haven't found yet. I suppose we could
> flip the default to y for a few -rc releases and see what, if
> anything, shakes loose.
So I'd prefer the following approach: to apply it to a v4.8-rc1 base in ~2 weeks
and keep it default-y for much of the next development cycle. If no serious
problems are found in those ~2 months then send it to Linus in that fashion. We
can still turn it off by default (or re-spin the whole approach) if it turns out
to be too risky.
Exposing it as default-n for even a small amount of time will massively reduce the
testing we'll get, as most people will just use the N setting (often without
noticing).
Plus this also gives net-next and other preparatory patches applied directly to
maintainer trees time to trickle upstream.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
Borislav Petkov <bp@alien8.de>, Nadav Amit <nadav.amit@gmail.com>,
Kees Cook <keescook@chromium.org>,
Brian Gerst <brgerst@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Josh Poimboeuf <jpoimboe@redhat.com>, Jann Horn <jann@thejh.net>,
Heiko Carstens <heiko.carstens@de.ibm.com>
Subject: [kernel-hardening] Re: [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks
Date: Thu, 14 Jul 2016 10:34:11 +0200 [thread overview]
Message-ID: <20160714083411.GA15437@gmail.com> (raw)
In-Reply-To: <CALCETrW9B=MAGaLAV0Y86MQ2==pjoShHdOPNM_8ZR1OKZDy2ZQ@mail.gmail.com>
* Andy Lutomirski <luto@amacapital.net> wrote:
> On Wed, Jul 13, 2016 at 12:53 AM, Ingo Molnar <mingo@kernel.org> wrote:
> >
> > * Andy Lutomirski <luto@kernel.org> wrote:
> >
> >> This allows x86_64 kernels to enable vmapped stacks. There are a
> >> couple of interesting bits.
> >
> >> --- a/arch/x86/Kconfig
> >> +++ b/arch/x86/Kconfig
> >> @@ -92,6 +92,7 @@ config X86
> >> select HAVE_ARCH_TRACEHOOK
> >> select HAVE_ARCH_TRANSPARENT_HUGEPAGE
> >> select HAVE_EBPF_JIT if X86_64
> >> + select HAVE_ARCH_VMAP_STACK if X86_64
> >
> > So what is the performance impact?
>
> Seems to be a very slight speedup (0.5 µs or so) on my silly benchmark
> (pthread_create, pthread_join in a loop). [...]
Music to my ears - although TBH there's probably two opposing forces: advantages
from the cache versus (possibly very minor, if measurable at all) disadvantages
from the 4K granularity.
> [...] It should be a small slowdown on workloads that create many threads all
> at once, thus defeating the stack cache. It should be a *large* speedup on any
> workload that would trigger compaction on clone() to satisfy the high-order
> allocation.
>
> >
> > Because I think we should consider enabling this feature by default on x86 - but
> > the way it's selected here it will be default-off.
> >
> > On the plus side: the debuggability and reliability improvements are real and
> > making it harder for exploits to use kernel stack overflows is a nice bonus as
> > well. There's two performance effects:
>
> Agreed. At the very least, I want to wait until after net-next gets
> pulled to flip the default to y. I'm also a bit concerned about more
> random driver issues that I haven't found yet. I suppose we could
> flip the default to y for a few -rc releases and see what, if
> anything, shakes loose.
So I'd prefer the following approach: to apply it to a v4.8-rc1 base in ~2 weeks
and keep it default-y for much of the next development cycle. If no serious
problems are found in those ~2 months then send it to Linus in that fashion. We
can still turn it off by default (or re-spin the whole approach) if it turns out
to be too risky.
Exposing it as default-n for even a small amount of time will massively reduce the
testing we'll get, as most people will just use the N setting (often without
noticing).
Plus this also gives net-next and other preparatory patches applied directly to
maintainer trees time to trickle upstream.
Thanks,
Ingo
next prev parent reply other threads:[~2016-07-14 8:34 UTC|newest]
Thread overview: 176+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-11 20:53 [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 01/32] bluetooth: Switch SMP to crypto_cipher_encrypt_one() Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-14 19:10 ` Andy Lutomirski
2016-07-14 19:10 ` [kernel-hardening] " Andy Lutomirski
2016-07-14 19:10 ` Andy Lutomirski
2016-07-14 20:30 ` Marcel Holtmann
2016-07-14 20:30 ` [kernel-hardening] " Marcel Holtmann
2016-07-14 20:30 ` Marcel Holtmann
2016-07-14 20:41 ` David Miller
2016-07-14 20:41 ` [kernel-hardening] " David Miller
2016-07-11 20:53 ` [PATCH v5 02/32] x86/mm/hotplug: Don't remove PGD entries in remove_pagetable() Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 03/32] x86/cpa: In populate_pgd, don't set the pgd entry until it's populated Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-22 4:43 ` [kernel-hardening] " Valdis.Kletnieks
2016-07-22 4:43 ` Valdis.Kletnieks
2016-07-22 5:34 ` [kernel-hardening] " Andy Lutomirski
2016-07-22 5:34 ` Andy Lutomirski
2016-07-22 5:34 ` Andy Lutomirski
2016-07-22 10:18 ` Mike Krinkin
2016-07-22 10:21 ` Ingo Molnar
2016-07-22 18:21 ` Andy Lutomirski
2016-07-22 18:21 ` Andy Lutomirski
2016-07-22 18:31 ` Andy Lutomirski
2016-07-22 18:31 ` Andy Lutomirski
2016-07-22 20:11 ` Ingo Molnar
2016-07-22 20:11 ` Ingo Molnar
2016-07-22 20:11 ` Ingo Molnar
2016-07-23 5:21 ` [kernel-hardening] " Valdis.Kletnieks
2016-07-23 5:21 ` Valdis.Kletnieks
2016-07-23 14:58 ` [kernel-hardening] " Nicolai Stange
2016-07-28 9:26 ` Valdis.Kletnieks
2016-07-28 9:26 ` Valdis.Kletnieks
2016-07-11 20:53 ` [PATCH v5 04/32] x86/mm: Remove kernel_unmap_pages_in_pgd() and efi_cleanup_page_tables() Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 05/32] mm: Track NR_KERNEL_STACK in KiB instead of number of stacks Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 06/32] mm: Fix memcg stack accounting for sub-page stacks Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 07/32] fork: Add generic vmalloced stack support Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 08/32] dma-api: Teach the "DMA-from-stack" check about vmapped stacks Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 09/32] x86/dumpstack: When OOPSing, rewind the stack before do_exit() Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 10/32] x86/dumpstack: Honor supplied @regs arg Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 11/32] x86/dumpstack: Try harder to get a call trace on stack overflow Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 12/32] x86/dumpstack/64: Handle faults when printing the "Stack:" part of an OOPS Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 13/32] x86/mm/64: In vmalloc_fault(), use CR3 instead of current->active_mm Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-12 17:51 ` [kernel-hardening] " Dave Hansen
2016-07-12 18:03 ` Andy Lutomirski
2016-07-12 18:03 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 14/32] x86/mm/64: Enable vmapped stacks Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-13 7:53 ` Ingo Molnar
2016-07-13 7:53 ` [kernel-hardening] " Ingo Molnar
2016-07-13 7:53 ` Ingo Molnar
2016-07-13 18:42 ` Andy Lutomirski
2016-07-13 18:42 ` [kernel-hardening] " Andy Lutomirski
2016-07-13 18:42 ` Andy Lutomirski
2016-07-14 8:34 ` Ingo Molnar [this message]
2016-07-14 8:34 ` [kernel-hardening] " Ingo Molnar
2016-07-14 8:34 ` Ingo Molnar
2016-07-14 16:51 ` Andy Lutomirski
2016-07-14 16:51 ` [kernel-hardening] " Andy Lutomirski
2016-07-14 16:51 ` Andy Lutomirski
2016-07-14 18:45 ` Ingo Molnar
2016-07-14 18:45 ` [kernel-hardening] " Ingo Molnar
2016-07-14 18:45 ` Ingo Molnar
2016-07-11 20:53 ` [PATCH v5 15/32] x86/mm: Improve stack-overflow #PF handling Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 16/32] x86: Move uaccess_err and sig_on_uaccess_err to thread_struct Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 17/32] x86: Move addr_limit " Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-12 11:57 ` Brian Gerst
2016-07-12 11:57 ` Brian Gerst
2016-07-12 11:57 ` [kernel-hardening] " Brian Gerst
2016-07-12 11:57 ` [PATCH v5 18/32] signal: Consolidate {TS, TLF}_RESTORE_SIGMASK code Brian Gerst
2016-07-12 11:57 ` [PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code Brian Gerst
2016-07-12 11:57 ` Brian Gerst
2016-07-12 11:57 ` Brian Gerst
2016-07-12 23:01 ` Andy Lutomirski
2016-07-12 23:01 ` [kernel-hardening] " Andy Lutomirski
2016-07-12 23:01 ` [PATCH v5 18/32] signal: Consolidate {TS, TLF}_RESTORE_SIGMASK code Andy Lutomirski
2016-07-12 23:01 ` [PATCH v5 18/32] signal: Consolidate {TS,TLF}_RESTORE_SIGMASK code Andy Lutomirski
2016-07-12 23:01 ` Andy Lutomirski
2016-07-12 23:01 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 19/32] x86/smp: Remove stack_smp_processor_id() Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 20/32] x86/smp: Remove unnecessary initialization of thread_info::cpu Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 21/32] x86/asm: Move 'status' from struct thread_info to struct thread_struct Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 22/32] kdb: Use task_cpu() instead of task_thread_info()->cpu Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 23/32] printk: When dumping regs, show the stack, not thread_info Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 24/32] x86/entry: Get rid of pt_regs_to_thread_info() Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 25/32] um: Stop conflating task_struct::stack with thread_info Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:53 ` [PATCH v5 26/32] sched: Allow putting thread_info into task_struct Andy Lutomirski
2016-07-11 20:53 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:53 ` Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 27/32] x86: Move " Andy Lutomirski
2016-07-11 20:54 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:54 ` Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 28/32] sched: Add try_get_task_stack() and put_task_stack() Andy Lutomirski
2016-07-11 20:54 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:54 ` Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 29/32] kthread: to_live_kthread() needs try_get_task_stack() Andy Lutomirski
2016-07-11 20:54 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:54 ` Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 30/32] x86/dumpstack: Pin the target stack in save_stack_trace_tsk() Andy Lutomirski
2016-07-11 20:54 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:54 ` Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 31/32] sched: Free the stack early if CONFIG_THREAD_INFO_IN_TASK Andy Lutomirski
2016-07-11 20:54 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:54 ` Andy Lutomirski
2016-07-11 20:54 ` [PATCH v5 32/32] fork: Cache two thread stacks per cpu if CONFIG_VMAP_STACK is set Andy Lutomirski
2016-07-11 20:54 ` [kernel-hardening] " Andy Lutomirski
2016-07-11 20:54 ` Andy Lutomirski
2016-07-12 8:56 ` [PATCH v5 00/32] virtually mapped stacks and thread_info cleanup Herbert Xu
2016-07-12 8:56 ` [kernel-hardening] " Herbert Xu
2016-07-12 8:56 ` Herbert Xu
2016-07-12 8:56 ` Herbert Xu
2016-07-13 8:54 ` Christian Borntraeger
2016-07-13 8:54 ` Christian Borntraeger
2016-07-13 8:54 ` [kernel-hardening] " Christian Borntraeger
2016-07-13 18:36 ` Andy Lutomirski
2016-07-13 18:36 ` Andy Lutomirski
2016-07-13 18:36 ` [kernel-hardening] " Andy Lutomirski
2016-07-13 18:53 ` Christian Borntraeger
2016-07-13 18:53 ` Christian Borntraeger
2016-07-13 18:53 ` [kernel-hardening] " Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160714083411.GA15437@gmail.com \
--to=mingo@kernel.org \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=heiko.carstens@de.ibm.com \
--cc=jann@thejh.net \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=nadav.amit@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.