!12571 v2 Randomized Kmalloc 5.10 Backport V2

# CONFIG_SLAB_FREELIST_HARDENED is not set

CONFIG_SHUFFLE_PAGE_ALLOCATOR=y

CONFIG_SLUB_CPU_PARTIAL=y

# CONFIG_RANDOM_KMALLOC_CACHES is not set

CONFIG_SYSTEM_DATA_VERIFICATION=y

CONFIG_PROFILING=y

CONFIG_TRACEPOINTS=y

# CONFIG_SLAB_FREELIST_HARDENED is not set

CONFIG_SHUFFLE_PAGE_ALLOCATOR=y

CONFIG_SLUB_CPU_PARTIAL=y

# CONFIG_RANDOM_KMALLOC_CACHES is not set

CONFIG_SYSTEM_DATA_VERIFICATION=y

CONFIG_PROFILING=y

CONFIG_TRACEPOINTS=y

#define PCPU_BITMAP_BLOCK_BITS		(PCPU_BITMAP_BLOCK_SIZE >>	\

					 PCPU_MIN_ALLOC_SHIFT)

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

#define PERCPU_DYNAMIC_SIZE_SHIFT      12

#else

#define PERCPU_DYNAMIC_SIZE_SHIFT      10

#endif

/*

 * Percpu allocator can serve percpu allocations before slab is

 * initialized which allows slab to depend on the percpu allocator.

 * larger than PERCPU_DYNAMIC_EARLY_SIZE.

 */

#define PERCPU_DYNAMIC_EARLY_SLOTS	128

#define PERCPU_DYNAMIC_EARLY_SIZE	(12 << 10)

#define PERCPU_DYNAMIC_EARLY_SIZE	(12 << PERCPU_DYNAMIC_SIZE_SHIFT)

/*

 * PERCPU_DYNAMIC_RESERVE indicates the amount of free area to piggy

 * intelligent way to determine this would be nice.

 */

#if BITS_PER_LONG > 32

#define PERCPU_DYNAMIC_RESERVE		(28 << 10)

#define PERCPU_DYNAMIC_RESERVE		(28 << PERCPU_DYNAMIC_SIZE_SHIFT)

#else

#define PERCPU_DYNAMIC_RESERVE		(20 << 10)

#define PERCPU_DYNAMIC_RESERVE		(20 << PERCPU_DYNAMIC_SIZE_SHIFT)

#endif

extern void *pcpu_base_addr;

#include <linux/types.h>

#include <linux/workqueue.h>

#include <linux/percpu-refcount.h>

#include <linux/hash.h>

/*

/* Avoid kmemleak tracing */

#define SLAB_NOLEAKTRACE	((slab_flags_t __force)0x00800000U)

/*

 * Prevent merging with compatible kmem caches. This flag should be used

 * cautiously. Valid use cases:

 *

 * - caches created for self-tests (e.g. kunit)

 * - general caches created and used by a subsystem, only when a

 *   (subsystem-specific) debug option is enabled

 * - performance critical caches, should be very rare and consulted with slab

 *   maintainers, and not used together with CONFIG_SLUB_TINY

 */

#define SLAB_NO_MERGE		((slab_flags_t __force)0x01000000U)

/* Fault injection mark */

#ifdef CONFIG_FAILSLAB

# define SLAB_FAILSLAB		((slab_flags_t __force)0x02000000U)

#define SLAB_OBJ_MIN_SIZE      (KMALLOC_MIN_SIZE < 16 ? \

                               (KMALLOC_MIN_SIZE) : 16)

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

#define RANDOM_KMALLOC_CACHES_NR	15 // # of cache copies

#else

#define RANDOM_KMALLOC_CACHES_NR	0

#endif

/*

 * Whenever changing this, take care of that kmalloc_type() and

 * create_kmalloc_caches() still work as intended.

 */

enum kmalloc_cache_type {

	KMALLOC_NORMAL = 0,

	/*

	 * This config control, not present in Linux mainline, is just for

	 * kABI maintenance.

	 */

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

	KMALLOC_RANDOM_START = KMALLOC_NORMAL,

	KMALLOC_RANDOM_END = KMALLOC_RANDOM_START + RANDOM_KMALLOC_CACHES_NR,

#endif

	KMALLOC_RECLAIM,

#ifdef CONFIG_ZONE_DMA

	KMALLOC_DMA,

extern struct kmem_cache *

kmalloc_caches[NR_KMALLOC_TYPES][KMALLOC_SHIFT_HIGH + 1];

static __always_inline enum kmalloc_cache_type kmalloc_type(gfp_t flags)

extern unsigned long random_kmalloc_seed;

static __always_inline enum kmalloc_cache_type kmalloc_type(gfp_t flags, unsigned long caller)

{

#ifdef CONFIG_ZONE_DMA

	/*

	 * with a single branch for both flags.

	 */

	if (likely((flags & (__GFP_DMA | __GFP_RECLAIMABLE)) == 0))

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

		/* RANDOM_KMALLOC_CACHES_NR (=15) copies + the KMALLOC_NORMAL */

		return KMALLOC_RANDOM_START + hash_64(caller ^ random_kmalloc_seed,

						      ilog2(RANDOM_KMALLOC_CACHES_NR + 1));

#else

		return KMALLOC_NORMAL;

#endif

	/*

	 * At least one of the flags has to be set. If both are, __GFP_DMA

	 */

	return flags & __GFP_DMA ? KMALLOC_DMA : KMALLOC_RECLAIM;

#else

	return flags & __GFP_RECLAIMABLE ? KMALLOC_RECLAIM : KMALLOC_NORMAL;

	return flags & __GFP_RECLAIMABLE ? KMALLOC_RECLAIM :

#ifdef CONFIG_RANDOM_KMALLOC_CACHES

		KMALLOC_RANDOM_START + hash_64(caller ^ random_kmalloc_seed,

					       ilog2(RANDOM_KMALLOC_CACHES_NR + 1));

#else

		KMALLOC_NORMAL;

#endif

#endif

}

			return ZERO_SIZE_PTR;

		return kmem_cache_alloc_trace(

				kmalloc_caches[kmalloc_type(flags)][index],

				kmalloc_caches[kmalloc_type(flags, _RET_IP_)][index],

				flags, size);

#endif

	}

			return ZERO_SIZE_PTR;

		return kmem_cache_alloc_node_trace(

				kmalloc_caches[kmalloc_type(flags)][i],

				kmalloc_caches[kmalloc_type(flags, _RET_IP_)][i],

						flags, node, size);

	}

#endif

	  which requires the taking of locks that may cause latency spikes.

	  Typically one would choose no for a realtime system.

config RANDOM_KMALLOC_CACHES

	default n

	depends on SLUB && !SLUB_TINY

	bool "Randomize slab caches for normal kmalloc"

	help

	  A hardening feature that creates multiple copies of slab caches for

	  normal kmalloc allocation and makes kmalloc randomly pick one based

	  on code address, which makes the attackers more difficult to spray

	  vulnerable memory objects on the heap for the purpose of exploiting

	  memory vulnerabilities.

	  Currently the number of copies is set to 16, a reasonably large value

	  that effectively diverges the memory objects allocated for different

	  subsystems or modules into different caches, at the expense of a

	  limited degree of memory and CPU overhead that relates to hardware and

	  system workload.

config MMAP_ALLOW_UNINITIALIZED

	bool "Allow mmapped anonymous memory to be uninitialized"

	depends on EXPERT && !MMU