lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAG_fn=V+dpYJXjgdMJqxwOUk2+n5+m3pNxAGtGOA=EYr54tqOQ@mail.gmail.com>
Date:	Fri, 17 Jun 2016 20:21:22 +0200
From:	Alexander Potapenko <glider@...gle.com>
To:	Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc:	Andrey Konovalov <adech.fo@...il.com>,
	Christoph Lameter <cl@...ux.com>,
	Dmitriy Vyukov <dvyukov@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Joonsoo Kim <iamjoonsoo.kim@....com>,
	Joonsoo Kim <js1304@...il.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Kuthonuzo Luruo <kuthonuzo.luruo@....com>,
	kasan-dev <kasan-dev@...glegroups.com>,
	Linux Memory Management List <linux-mm@...ck.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3] mm, kasan: switch SLUB to stackdepot, enable memory
 quarantine for SLUB

On Fri, Jun 17, 2016 at 5:12 PM, Andrey Ryabinin
<aryabinin@...tuozzo.com> wrote:
>
>
> On 06/17/2016 05:27 PM, Alexander Potapenko wrote:
>> On Wed, Jun 15, 2016 at 6:50 PM, Andrey Ryabinin
>> <aryabinin@...tuozzo.com> wrote:
>>>
>>>
>>> On 06/15/2016 06:26 PM, Alexander Potapenko wrote:
>>>> For KASAN builds:
>>>>  - switch SLUB allocator to using stackdepot instead of storing the
>>>>    allocation/deallocation stacks in the objects;
>>>>  - define SLAB_RED_ZONE, SLAB_POISON, SLAB_STORE_USER to zero,
>>>>    effectively disabling these debug features, as they're redundant in
>>>>    the presence of KASAN;
>>>
>>> So, why we forbid these? If user wants to set these, why not? If you don't want it, just don't turn them on, that's it.
>> SLAB_RED_ZONE simply doesn't work with KASAN.
>
> Why? This sounds like a bug.
I'm looking now. There are some issues with the left redzone being
added, which messes up the offsets.
I'd say it's no surprise that different debugging tools do not work
together, like e.g. KASAN and kmemcheck are not expected to.
>> With additional efforts it may work, but I don't think we really need
>> that. Extra red zones will just bloat the heap, and won't give any
>> interesting signal except "someone corrupted this object from
>> non-instrumented code".
>> SLAB_POISON doesn't crash on simple tests, but I am not sure there are
>> no corner cases which I haven't checked, so I thought it's safer to
>> disable it.
>> As I said before, we can make SLAB_STORE_USER use stackdepot in a
>> later CL, thus we disable it now.
>>
>
> This doesn't explain why we need this. What's the problem you are trying to solve by this? And why it is ok to silently ignore user requests?
Agreed, there's no point in redefining the flag constants.
> You think that these options are redundant, I get it. Well, then just don't turn them on.
> But, when a user requests for something, he expects that such request will be fulfilled, not just ignored.
Yes, I'd better just document the incompatibility between the
different operation modes (if I don't solve the problem).
>>> And sometimes POISON/REDZONE might be actually useful. KASAN doesn't catch everything,
>>> e.g. corruption may happen in assembly code, or DMA by  some device.
>>>
>>>



-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ