lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <553E00A5.370.3E3700BE@pageexec.freemail.hu>
Date:	Mon, 27 Apr 2015 11:25:57 +0200
From:	"PaX Team" <pageexec@...email.hu>
To:	Andi Kleen <andi@...stfloor.org>, Anisse Astier <anisse@...ier.eu>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	Mel Gorman <mgorman@...e.de>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	David Rientjes <rientjes@...gle.com>,
	Alan Cox <gnomes@...rguk.ukuu.org.uk>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Brad Spengler <spender@...ecurity.net>,
	Kees Cook <keescook@...omium.org>, linux-mm@...ck.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] mm/page_alloc.c: add config option to sanitize freed pages

On 27 Apr 2015 at 10:11, Anisse Astier wrote:

> >> +#ifdef CONFIG_SANITIZE_FREED_PAGES
> >> +     zero_pages(page, order);
> >> +#endif
> >
> > And not removing the clear on __GFP_ZERO by remembering that?
> >
> > That means all clears would be done twice.
> >
> > That patch is far too simple. Clearing is commonly the most
> > expensive kernel operation.
> >
> 
> I thought about this, but if you unconditionally remove the clear on
> __GFP_ZERO, you wouldn't be guaranteed to have a zeroed page when
> memory is first used (you would protect the kernel from its own info
> leaks though);

the PaX SANITIZE feature does exactly this in mm/page_alloc.c:prep_new_page:

#ifndef CONFIG_PAX_MEMORY_SANITIZE
	if (gfp_flags & __GFP_ZERO)
		prep_zero_page(page, order, gfp_flags);
#endif

> you'd need to clear memory on boot for example.

it happens automagically because on boot during the transition from the
boot allocator to the buddy one each page gets freed which will then go
through the page clearing path.

however there's a known problem/conflict with HIBERNATION (see
http://marc.info/?l=linux-pm&m=132871433416256&w=2) which i think would
have to be resolved before upstream acceptance.

cheers,
 PaX Team

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ