On Thu, Jun 21, 2018 at 3:37 PM Jann Horn <jannh@xxxxxxxxxx> wrote: > > On Thu, Jun 21, 2018 at 12:34 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > On Wed, Jun 20, 2018 at 3:09 PM, Rick Edgecombe > > <rick.p.edgecombe@xxxxxxxxx> wrote: > > > This patch changes the module loading KASLR algorithm to randomize the position > > > of each module text section allocation with at least 18 bits of entropy in the > > > typical case. It used on x86_64 only for now. > > > > Very cool! Thanks for sending the series. :) > > > > > Today the RANDOMIZE_BASE feature randomizes the base address where the module > > > allocations begin with 10 bits of entropy. From here, a highly deterministic > > > algorithm allocates space for the modules as they are loaded and un-loaded. If > > > an attacker can predict the order and identities for modules that will be > > > loaded, then a single text address leak can give the attacker access to the > > > > nit: "text address" -> "module text address" > > > > > So the defensive strength of this algorithm in typical usage (<800 modules) for > > > x86_64 should be at least 18 bits, even if an address from the random area > > > leaks. > > > > And most systems have <200 modules, really. I have 113 on a desktop > > right now, 63 on a server. So this looks like a trivial win. [...] > Also: What's the impact on memory usage? Is this going to increase the > number of pagetables that need to be allocated by the kernel per > module_alloc() by 4K or 8K or so? Sorry, I meant increase the amount of memory used by pagetables by 4K or 8K, not the number of pagetables.