[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YbjVhSbd+wkvihfm@kroah.com>
Date: Tue, 14 Dec 2021 18:33:57 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Alexander Potapenko <glider@...gle.com>
Cc: Alexander Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
Andrey Konovalov <andreyknvl@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Arnd Bergmann <arnd@...db.de>, Borislav Petkov <bp@...en8.de>,
Christoph Hellwig <hch@....de>,
Christoph Lameter <cl@...ux.com>,
David Rientjes <rientjes@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Eric Dumazet <edumazet@...gle.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Ilya Leoshkevich <iii@...ux.ibm.com>,
Ingo Molnar <mingo@...hat.com>, Jens Axboe <axboe@...nel.dk>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Kees Cook <keescook@...omium.org>,
Marco Elver <elver@...gle.com>,
Matthew Wilcox <willy@...radead.org>,
"Michael S. Tsirkin" <mst@...hat.com>,
Pekka Enberg <penberg@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Petr Mladek <pmladek@...e.com>,
Steven Rostedt <rostedt@...dmis.org>,
Thomas Gleixner <tglx@...utronix.de>,
Vasily Gorbik <gor@...ux.ibm.com>,
Vegard Nossum <vegard.nossum@...cle.com>,
Vlastimil Babka <vbabka@...e.cz>, linux-mm@...ck.org,
linux-arch@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 41/43] security: kmsan: fix interoperability with
auto-initialization
On Tue, Dec 14, 2021 at 06:00:41PM +0100, Alexander Potapenko wrote:
> On Tue, Dec 14, 2021 at 5:38 PM Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
> >
> > > @@ -124,6 +125,7 @@ choice
> > > config INIT_STACK_ALL_ZERO
> > > bool "zero-init everything (strongest and safest)"
> > > depends on CC_HAS_AUTO_VAR_INIT_ZERO
> > > + depends on !KMSAN
> >
> > So this means KMSAN is a developer debugging feature only and should
> > never be turned on on a real device/server that has users?
>
> 100% correct. KMSAN is way slower than KASAN, it also eats 2/3 of your
> memory to store the metadata.
> I thought it was sort of self-evident, but I can surely mention this
> explicitly in the cover letter.
Please mention it here and in the Kconfig option for it as well (don't
know if it was there or not.)
Also you might want to print out very large "DO NOT USE THIS ON A REAL
MACHINE" to the kernel log when booting, like other kernel options are
starting to do that should not be enabled.
thanks,
greg k-h
Powered by blists - more mailing lists