lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Oct 2020 10:58:57 +0100
From:   David Hildenbrand <david@...hat.com>
To:     Vlastimil Babka <vbabka@...e.cz>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     linux-mm@...ck.org, linux-kernel@...r.kernel.org,
        Alexander Potapenko <glider@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Michal Hocko <mhocko@...nel.org>,
        Mateusz Nosek <mateusznosek0@...il.com>
Subject: Re: [PATCH 1/3] mm, page_alloc: do not rely on the order of
 page_poison and init_on_alloc/free parameters

On 27.10.20 10:58, Vlastimil Babka wrote:
> On 10/27/20 10:03 AM, David Hildenbrand wrote:
>> On 26.10.20 18:33, Vlastimil Babka wrote:
>>> Enabling page_poison=1 together with init_on_alloc=1 or init_on_free=1 produces
>>> a warning in dmesg that page_poison takes precendence. However, as these
>>> warnings are printed in early_param handlers for init_on_alloc/free, they are
>>> not printed if page_poison is enabled later on the command line (handlers are
>>> called in the order of their parameters), or when init_on_alloc/free is always
>>> enabled by the respective config option - before the page_poison early param
>>> handler is called, it is not considered to be enabled. This is inconsistent.
>>>
>>> We can remove the dependency on order by making the init_on_* parameters only
>>> set a boolean variable, and postponing the evaluation after all early params
>>> have been processed. Introduce a new init_mem_debugging() function for that,
>>> and move the related debug_pagealloc processing there as well.
>>
>> init_mem_debugging() is somewhat sub-optimal - init_on_alloc=1 or
>> init_on_free=1 are rather security hardening mechanisms.
> 
> Well yeah, init_mem_debugging_and_hardening()?

Would work for me.

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ