linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Peter Zijlstra <peterz@infradead.org>
To: Alexander Lobakin <alexandr.lobakin@intel.com>
Cc: linux-hardening@vger.kernel.org, x86@kernel.org,
	Jesse Brandeburg <jesse.brandeburg@intel.com>,
	Kristen Carlson Accardi <kristen@linux.intel.com>,
	Kees Cook <keescook@chromium.org>,
	Miklos Szeredi <miklos@szeredi.hu>,
	Ard Biesheuvel <ardb@kernel.org>, Tony Luck <tony.luck@intel.com>,
	Bruce Schlobohm <bruce.schlobohm@intel.com>,
	Jessica Yu <jeyu@kernel.org>, kernel test robot <lkp@intel.com>,
	Miroslav Benes <mbenes@suse.cz>,
	Evgenii Shatokhin <eshatokhin@virtuozzo.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Michal Marek <michal.lkml@markovi.net>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Thomas Gleixner <tglx@linutronix.de>,
	Will Deacon <will@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Marios Pomonis <pomonis@google.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org,
	linux-arch@vger.kernel.org, live-patching@vger.kernel.org,
	llvm@lists.linux.dev
Subject: Re: [PATCH v8 00/14] Function Granular KASLR
Date: Fri, 3 Dec 2021 17:32:34 +0100	[thread overview]
Message-ID: <20211203163234.GJ16608@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20211203144136.82915-1-alexandr.lobakin@intel.com>

On Fri, Dec 03, 2021 at 03:41:36PM +0100, Alexander Lobakin wrote:
> From: Peter Zijlstra <peterz@infradead.org>
> Date: Fri, 3 Dec 2021 11:38:30 +0100
> 
> > On Thu, Dec 02, 2021 at 11:32:00PM +0100, Alexander Lobakin wrote:
> > 
> > > feat        make -j65 boot    vmlinux.o vmlinux  bzImage  bogoops/s
> > > Relocatable 4m38.478s 24.440s 72014208  58579520  9396192 57640.39
> > > KASLR       4m39.344s 24.204s 72020624  87805776  9740352 57393.80
> > > FG-K 16 fps 6m16.493s 25.429s 83759856  87194160 10885632 57784.76
> > > FG-K 8 fps  6m20.190s 25.094s 83759856  88741328 10985248 56625.84
> > > FG-K 1 fps  7m09.611s 25.922s 83759856  95681128 11352192 56953.99
> > 
> > :sadface: so at best it makes my kernel compiles ~50% slower. Who would
> > ever consider doing that? It's like retpolines weren't bad enough; lets
> > heap on the fail?
> 
> I was waiting for that :D
> 
> I know it's horrible for now, but there are some points to consider:
>  - folks who are placing hardening over everything don't mind
>    compile times most likely;
>  - linkers choking on huge LD scripts is actually a bug in their
>    code. They process 40k sections as orphans (without a generated
>    LD script) for a split second, so they're likely able to do the
>    same with it. Our position here is that after FG-KASLR landing
>    we'll report it and probably look into linkers' code to see if
>    that can be addressed (Kees et al are on this AFAIU);
>  - ClangLTO (at least "Fat", not sure about Thin as I didn't used
>    it) thinks on vmlinux.o for ~5 minutes on 8-core Skylake. Still,
>    it is here in mainline and is widely (relatively) used.
>    I know FG-KASLR stuff is way more exotic, but anyways.
>  - And the last one: I wouldn't consider FG-KASLR production ready
>    as Kees would like to see it. Apart from compilation time, you
>    get random performance {in,de}creases here-and-there all over
>    the kernel and modules you can't predict at all.
>    I guess it would become better later on when/if we introduce
>    profiling-based function placement (there are some discussions
>    around that and one related article is referred in the orig
>    cover letter), but dunno for now.
>    There's one issue in the current code as well -- PTI switching
>    code is in .entry.text which doesn't currently get randomized.
>    So it can probably be hunted using gadget collectors I guess?

Oooh, so those compile times are not, as one would expect the compile
times for a set .config but with different kernel, but instead for a
varying .config on the same kernel?

IOW, they don't represent the run-time overhead of this thing, but
merely the toolchain overhead of all this.

So what is the actual runtime overhead of all this?

      reply	other threads:[~2021-12-03 16:33 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-02 22:32 [PATCH v8 00/14] Function Granular KASLR Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 01/14] x86: Makefile: Add build and config option for CONFIG_FG_KASLR Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 02/14] x86/tools: Add relative relocs for randomized functions Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 03/14] x86: Add support for function granular KASLR Alexander Lobakin
2021-12-03  9:18   ` Peter Zijlstra
2021-12-03 13:57     ` Alexander Lobakin
2021-12-03 10:34   ` Peter Zijlstra
2021-12-02 22:32 ` [PATCH v8 04/14] linkage: add macros for putting ASM functions into own sections Alexander Lobakin
2021-12-03  9:31   ` Peter Zijlstra
2021-12-03 14:08     ` Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 05/14] x86: conditionally place regular ASM functions into separate sections Alexander Lobakin
2021-12-03  9:44   ` Peter Zijlstra
2021-12-03 14:10     ` Alexander Lobakin
2021-12-03 16:34       ` Peter Zijlstra
2021-12-03 16:51         ` H.J. Lu
2021-12-03 19:46         ` Nicolas Pitre
2021-12-04  8:31           ` Ard Biesheuvel
2021-12-04  8:55           ` Peter Zijlstra
2021-12-10 11:01     ` Alexander Lobakin
2021-12-10 13:20       ` Nicolas Pitre
2021-12-02 22:32 ` [PATCH v8 06/14] FG-KASLR: use a scripted approach to handle .text.* sections Alexander Lobakin
2021-12-03  9:54   ` Peter Zijlstra
2021-12-02 22:32 ` [PATCH v8 07/14] kallsyms: Hide layout Alexander Lobakin
2021-12-03 10:00   ` Peter Zijlstra
2021-12-03 10:03     ` Ard Biesheuvel
2021-12-07  5:31       ` Josh Poimboeuf
2021-12-02 22:32 ` [PATCH v8 08/14] livepatch: only match unique symbols when using FG-KASLR Alexander Lobakin
2021-12-03 10:05   ` Peter Zijlstra
2021-12-03 14:14     ` Alexander Lobakin
2021-12-06  6:03     ` Josh Poimboeuf
2021-12-02 22:32 ` [PATCH v8 09/14] x86/boot: allow FG-KASLR to be selected Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 10/14] arm64/crypto: conditionally place ASM functions into separate sections Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 11/14] module: Reorder functions Alexander Lobakin
2021-12-03 10:23   ` Peter Zijlstra
2021-12-02 22:32 ` [PATCH v8 12/14] module: use a scripted approach for FG-KASLR Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 13/14] Documentation: add documentation " Alexander Lobakin
2021-12-02 22:32 ` [PATCH v8 14/14] maintainers: add MAINTAINERS entry " Alexander Lobakin
2021-12-03 10:38 ` [PATCH v8 00/14] Function Granular KASLR Peter Zijlstra
2021-12-03 14:41   ` Alexander Lobakin
2021-12-03 16:32     ` Peter Zijlstra [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211203163234.GJ16608@worktop.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=alexandr.lobakin@intel.com \
    --cc=ardb@kernel.org \
    --cc=arnd@arndb.de \
    --cc=bp@alien8.de \
    --cc=bruce.schlobohm@intel.com \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=davem@davemloft.net \
    --cc=eshatokhin@virtuozzo.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=hpa@zytor.com \
    --cc=jesse.brandeburg@intel.com \
    --cc=jeyu@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=keescook@chromium.org \
    --cc=kristen@linux.intel.com \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=live-patching@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=llvm@lists.linux.dev \
    --cc=luto@kernel.org \
    --cc=masahiroy@kernel.org \
    --cc=mbenes@suse.cz \
    --cc=mhiramat@kernel.org \
    --cc=michal.lkml@markovi.net \
    --cc=miklos@szeredi.hu \
    --cc=mingo@redhat.com \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=pomonis@google.com \
    --cc=samitolvanen@google.com \
    --cc=tglx@linutronix.de \
    --cc=tony.luck@intel.com \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).