On Mon, Mar 15, 2021 at 09:16:26AM -0700, Kees Cook wrote:
On Mon, Mar 15, 2021 at 01:24:10PM +0100, Uladzislau Rezki wrote:Probably we can randomize a base address only once when pcpu-allocator
On Mon, Mar 15, 2021 at 11:04:42AM +0200, Topi Miettinen wrote:
What's the problem with that? It seems to me that nothing relies on specificMy concern are:
addresses of the chunks, so it should be possible to randomize these too.
Also the alignment is honored.
- it is not a vmalloc allocator;
- per-cpu allocator allocates chunks, thus it might be it happens only once. It does not allocate it often;
That's actually the reason to randomize it: if it always ends up in the
same place at every boot, it becomes a stable target for attackers.
allocates a fist chunk during the boot.
It should be split as well as tested.- changing it will likely introduce issues you are not aware of;
- it is not supposed to be interacting with vmalloc allocator. Read the
comment under pcpu_get_vm_areas();
Therefore i propose just not touch it.
How about splitting it from this patch instead? Then it can get separate
testing, etc.
--
Vlad Rezki