lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9a2b88de-3c01-21d0-69ff-08643f7c4b68@suse.cz>
Date:   Tue, 27 Oct 2020 10:58:16 +0100
From:   Vlastimil Babka <vbabka@...e.cz>
To:     David Hildenbrand <david@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-mm@...ck.org, linux-kernel@...r.kernel.org,
        Alexander Potapenko <glider@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Michal Hocko <mhocko@...nel.org>,
        Mateusz Nosek <mateusznosek0@...il.com>
Subject: Re: [PATCH 1/3] mm, page_alloc: do not rely on the order of
 page_poison and init_on_alloc/free parameters

On 10/27/20 10:03 AM, David Hildenbrand wrote:
> On 26.10.20 18:33, Vlastimil Babka wrote:
>> Enabling page_poison=1 together with init_on_alloc=1 or init_on_free=1 produces
>> a warning in dmesg that page_poison takes precendence. However, as these
>> warnings are printed in early_param handlers for init_on_alloc/free, they are
>> not printed if page_poison is enabled later on the command line (handlers are
>> called in the order of their parameters), or when init_on_alloc/free is always
>> enabled by the respective config option - before the page_poison early param
>> handler is called, it is not considered to be enabled. This is inconsistent.
>> 
>> We can remove the dependency on order by making the init_on_* parameters only
>> set a boolean variable, and postponing the evaluation after all early params
>> have been processed. Introduce a new init_mem_debugging() function for that,
>> and move the related debug_pagealloc processing there as well.
> 
> init_mem_debugging() is somewhat sub-optimal - init_on_alloc=1 or
> init_on_free=1 are rather security hardening mechanisms.

Well yeah, init_mem_debugging_and_hardening()?

> ... I wondered if this could be the place to initialize any kind of mm
> parameters in the future. Like init_mem_params() or so.

Maybe. In practice you often find out that different things have to be hooked in 
different points of the init process, and a single function might not be enough. 
I tried to group stuff that's really inter-related and can be initialized at the 
same time.

>> 
>> As a result init_mem_debugging() knows always accurately if init_on_* and/or
>> page_poison options were enabled. Thus we can also optimize want_init_on_alloc()
>> and want_init_on_free(). We don't need to check page_poisoning_enabled() there,
>> we can instead not enable the init_on_* tracepoint at all, if page poisoning is
>> enabled. This results in a simpler and more effective code.
> 
> LGTM
> 
> Reviewed-by: David Hildenbrand <david@...hat.com>

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ