From owner-freebsd-arch@FreeBSD.ORG Wed Jul 23 00:45:47 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 55A7123E; Wed, 23 Jul 2014 00:45:47 +0000 (UTC) Received: from mail-qa0-x22c.google.com (mail-qa0-x22c.google.com [IPv6:2607:f8b0:400d:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D034029F6; Wed, 23 Jul 2014 00:45:46 +0000 (UTC) Received: by mail-qa0-f44.google.com with SMTP id f12so517952qad.31 for ; Tue, 22 Jul 2014 17:45:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=pCzA7sivE+EYhnyF8qO9LSNwLFeabMVSDhkDypDj888=; b=mXh4OERqFg+SGxARg4NmbEiBJeD8IRVwe6/DknBJFU4je0y41Exmzb6jMhZD/siOmc lJ55xTLwoeWqtVgQeZWN9BGf09AaUoRAq6IxrUP90Jzx0qQCfO9DiWLSZnrc7sJg565N G3DrN6R/XG/K/G89OTV5BIAskYo906GkFqAtgXnG1D2ZZsuCETDCYcNfMmnmShA9WK9A 7SyIyUXNJSsjQOFP4FKBX/RLKGV7MzZynSn0uzRQQB9VcRTmM11sIbKinu3ZyEp/Pv7P zTqOJsEKNMhwjC7iP09p3InmQovCHceg/+nV2GKl55699eMvhDnb30QNbPzNV5hxscsd LHNg== X-Received: by 10.140.27.144 with SMTP id 16mr691632qgx.18.1406076345663; Tue, 22 Jul 2014 17:45:45 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id w15sm1219200qay.34.2014.07.22.17.45.44 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Jul 2014 17:45:44 -0700 (PDT) Date: Tue, 22 Jul 2014 20:45:43 -0400 From: Shawn Webb To: Robert Watson Subject: Re: [RFC] ASLR Whitepaper and Candidate Final Patch Message-ID: <20140723004543.GH29618@pwnie.vrt.sourcefire.com> References: <96C72773-3239-427E-A90B-D05FF0F5B782@freebsd.org> <20140720201858.GB29618@pwnie.vrt.sourcefire.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6lXr1rPCNTf1w0X8" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: PaX Team , Pedro Giffuni , Oliver Pinter , Bryan Drewery , freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2014 00:45:47 -0000 --6lXr1rPCNTf1w0X8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jul 23, 2014 12:28 AM +0100, Robert Watson wrote: > On Sun, 20 Jul 2014, Shawn Webb wrote: >=20 > >> - It is yet undetermined what the performance effect will be, and it i= s not=20 > >> clear (but seems likely from past measurements) if there will be a=20 > >> performance hit even when ASLR is off. -Apparently there are applicati= ons=20 > >> that will segfault (?). > > > > So I have an old Dell Latitude E6500 that I bought at Defcon a year or > > so ago that I'm doing testing on. Even though it's quite an underpowered > > laptop, I'm running ZFS on it for BE support (in case one of our changes > > kills it). I'll run unixbench on it a few times to benchmark the ASLR > > patch. I'll test these three scenarios: > > 1) ASLR compiled in and enabled; > > 2) ASLR compiled in and disabled; > > 3) ASLR compiled out (GENERIC kernel). > > > > In each of these three scenarios, I'll have the kernel debugging featur= es=20 > > (WITNESS, INVARIANTS, etc.) turned off to better simulate a production= =20 > > system and to remove just one more variable in the tests. > > > > I'll run unixbench ten times under each scenario and I'll compute avera= ges. > > > > Since this is an older laptop (and it's running ZFS), these tests will = take=20 > > a couple days. I'll have an answer for you soon. >=20 > Hi Shawn: >=20 > Great news that this work is coming to fruition -- ASLR is long overdue. >=20 > Are you having any luck with performance measurements? Unixbench seems l= ike a=20 > good starting point, but I wonder if it would be useful to look, in=20 > particular, at memory-mapping intensive workloads that might be affected = as a=20 > result of changes in kernel VM data-structure use, or greater fragmentati= on of=20 > the address space. I'm not sure I have a specific application here in mi= nd --=20 > in the past I might have pointed out tools such as ElectricFence that ten= d to=20 > increase fragmentation themselves. The unixbench tests on that laptop have finished. However, I've been fighting a pesky migraine these last couple days, so I haven't had the opportunity to aggregate the results into a nice little spreadsheet. I'm hoping to finish it up by the end of the week. I'll take a look at ElectricFence this weekend. Additionally, I have a netbook somewhere. Once I find it and its power cord, I'll install FreeBSD/x86 and re-run the same tests on that. >=20 > Also, could you say a little more about the effects that the change might= have=20 > on transparent superpage use -- other than suitable alignment of large=20 > mappings, it's not clear to me what effect it might have. Since we're just modifying the hint passed to the underlying VM system, superpage support works as it should with ASLR enabled. The VM system will modify the hint in order to be able to use superpages. In those cases, we might lose a little bit of entropy. However, due to superpages (on amd64, at least) requring 2MB alignment, you'd lose some entropy no matter how ASLR was implemented--at the end of the day, you need that alignment for superpages to work. >=20 > I wonder if some equipment in the FreeBSD Netperf cluster might be used t= o=20 > help with performance characterisation -- in particular, very recent high= -end=20 > server hardware, and also, lower-end embedded-style systems that have mar= kedly=20 > different virtual-memory implementations in hardware and software. Often= =20 > those two classes of systems see markedly different performance-change=20 > characteristics as a result of greater cache-centrism and instruction-lev= el=20 > parallelism in the higher-end designs that can mask increases in instruct= ion=20 > count. Any additional testing would be very much welcome. Our ASLR implementation misbehaves on ARM, so testing on ARM-based embedded devices is pretty limited. My next goal is to figure out why it bugs out on ARM. Essentially, when a child process exits/dies and the parent process gets sent SIGCHLD, the parent process' pc register somehow gets set to 0xc0000000 and segfaults. Here's a screenshot of the process: https://twitter.com/lattera/status/490529645997998080 FreeBSD 11-CURRENT hasn't been stable at all on sparc64, even without the ASLR patches. I have an SunFire 280R box that I've attempted to test ASLR our on, but I couldn't get a stable enough installation of vanilla FreeBSD to work long enough to recompile world/kernel. And generating an installation ISO from my amd64 box doesn't work as the VTOC8 bootloader isn't recognized by the BIOS (not sure if that's what it's called in sparc land). >=20 > I think someone has already commented that Peter Holm's help might be=20 > enlisted; you have have seen his 'stress2' suite, which could help with= =20 > stability testing. I'll take a look at that, too. Thanks a lot for your suggestions and feedback. Thanks, Shawn --6lXr1rPCNTf1w0X8 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTzwW2AAoJEGqEZY9SRW7u/ZAP/3eiNNfWqYY5R/ZL+j98/amy GNeADbDO8OaPQRQaTYhQADU//XIbbf4mUFsj9SO9FPJxOka9h8UsBfNMF6jspnnw 2RAXvbnelXWlfLl1p+U0KE3umZUw1Ukm7IPs+KWwaaAlgaKcGEyOk9RQpzcNiqbD qDW5ubq8AGBvgSNWOOQGnc7G5IqegNScZxv78ZWwDV/c9I8g51sJySDEJjSE05bk QHSBDeNlg3+lJQH7NqRerH6GM532QueILCvVr5ARbiSvFufsYtvuHY3nI+eTnEko alNQVQ/ITmYZ/WWH0KP9sF8itS2+jcfuIo+LueETB11TBiRCtuneRtYBDNb/UaTs LDl1WcJ5RB0RoQpgUpPNSCkndhuilT7wARXKOYX3o9hWoEfu+xxkpmzo5aVVEs4t tjUfF3SuqiDTXXf6LvbQafpW1cX8gt1a6selBO7r417ANBdXpm1UN99kQrCfCBJj g4IDKBotb78xG4o+ES/YR6Je65O6CIRVt4tGZPSM5Ej4mdVIGjElTR05Wq7l5WmU utwJnWHSAwHnlFOSb8aR6TTF3OSxCdILS5gPeGbK6Jym9jcbjAv+PD6aeLMANUqn czC2gRLQ+Qpuu41o8Ti6AyN4toKJDFvP4RBQWK0xnGCaAtYU6SnW32TVpbhe0GrB 40+zyhUfD0Zy3phhq4vm =ErzN -----END PGP SIGNATURE----- --6lXr1rPCNTf1w0X8--