lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <877fku553z.fsf@rustcorp.com.au>
Date:	Sat, 05 Dec 2015 07:00:24 +1030
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Ingo Molnar <mingo@...nel.org>,
	Steven Rostedt <rostedt@...dmis.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
	Xunlei Pang <xlpang@...hat.com>
Subject: Re: [RFC][PATCH] Add __GFP_ZERO to alloc_cpumask_var_node() if ptr is zero

Ingo Molnar <mingo@...nel.org> writes:
> * Steven Rostedt <rostedt@...dmis.org> wrote:
>
>> On Fri, 04 Dec 2015 12:05:12 +1030
>> Rusty Russell <rusty@...tcorp.com.au> wrote:
>> 
>> > This is clever, but I would advise against such subtle code.  We will never be 
>> > able to remove this code once it is in.
>> > 
>> > Would suggest making the non-CPUMASK_OFFSTACK stubs write garbage into the 
>> > cpumasks instead, iff !(flags & __GFP_ZERO).
>>
>> I actually thought of the same thing, but thought it was a bit harsh. If others 
>> think that's a better solution, then I'll submit a patch to do that.
>
> That just makes things more fragile - 'garbage' will spread the breakage, and if 
> the breakage is subtle, it will spread subtle breakage.
>
> So why not use a kzmalloc_node() [equivalent] call instead of kmalloc_node(), to 
> make sure it's all zeroed instead of uninitialized?

OTOH, why not make *every* kmalloc a kzmalloc?

The issue here is not that the issue is subtle (not using a zeroing
allocator is a pretty clear bug), it's that it's papered over by the
normal config.

If we had a config option already to garbage-fill allocations, it'd be a
simple solution.

I don't think there are great answers here.  But adding more subtle
zeroing semantics feels wrong, even if it will mostly Just Work.

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ