| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jun 2016 20:21:22 +0200 From: Alexander Potapenko <glider@...gle.com> To: Andrey Ryabinin <aryabinin@...tuozzo.com> Cc: Andrey Konovalov <adech.fo@...il.com>, Christoph Lameter <cl@...ux.com>, Dmitriy Vyukov <dvyukov@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, Joonsoo Kim <iamjoonsoo.kim@....com>, Joonsoo Kim <js1304@...il.com>, Kostya Serebryany <kcc@...gle.com>, Kuthonuzo Luruo <kuthonuzo.luruo@....com>, kasan-dev <kasan-dev@...glegroups.com>, Linux Memory Management List <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v3] mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB On Fri, Jun 17, 2016 at 5:12 PM, Andrey Ryabinin <aryabinin@...tuozzo.com> wrote: > > > On 06/17/2016 05:27 PM, Alexander Potapenko wrote: >> On Wed, Jun 15, 2016 at 6:50 PM, Andrey Ryabinin >> <aryabinin@...tuozzo.com> wrote: >>> >>> >>> On 06/15/2016 06:26 PM, Alexander Potapenko wrote: >>>> For KASAN builds: >>>> - switch SLUB allocator to using stackdepot instead of storing the >>>> allocation/deallocation stacks in the objects; >>>> - define SLAB_RED_ZONE, SLAB_POISON, SLAB_STORE_USER to zero, >>>> effectively disabling these debug features, as they're redundant in >>>> the presence of KASAN; >>> >>> So, why we forbid these? If user wants to set these, why not? If you don't want it, just don't turn them on, that's it. >> SLAB_RED_ZONE simply doesn't work with KASAN. > > Why? This sounds like a bug. I'm looking now. There are some issues with the left redzone being added, which messes up the offsets. I'd say it's no surprise that different debugging tools do not work together, like e.g. KASAN and kmemcheck are not expected to. >> With additional efforts it may work, but I don't think we really need >> that. Extra red zones will just bloat the heap, and won't give any >> interesting signal except "someone corrupted this object from >> non-instrumented code". >> SLAB_POISON doesn't crash on simple tests, but I am not sure there are >> no corner cases which I haven't checked, so I thought it's safer to >> disable it. >> As I said before, we can make SLAB_STORE_USER use stackdepot in a >> later CL, thus we disable it now. >> > > This doesn't explain why we need this. What's the problem you are trying to solve by this? And why it is ok to silently ignore user requests? Agreed, there's no point in redefining the flag constants. > You think that these options are redundant, I get it. Well, then just don't turn them on. > But, when a user requests for something, he expects that such request will be fulfilled, not just ignored. Yes, I'd better just document the incompatibility between the different operation modes (if I don't solve the problem). >>> And sometimes POISON/REDZONE might be actually useful. KASAN doesn't catch everything, >>> e.g. corruption may happen in assembly code, or DMA by some device. >>> >>> -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg
Powered by blists - more mailing lists