| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Mar 2022 15:08:03 +0100
From: Marco Elver <elver@...gle.com>
To: Tianchen Ding <dtcccc@...ux.alibaba.com>
Cc: Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
kasan-dev@...glegroups.com, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/2] kfence: Allow re-enabling KFENCE after system startup
On Mon, 7 Mar 2022 at 08:45, Tianchen Ding <dtcccc@...ux.alibaba.com> wrote:
>
> If once KFENCE is disabled by:
> echo 0 > /sys/module/kfence/parameters/sample_interval
> KFENCE could never be re-enabled until next rebooting.
>
> Allow re-enabling it by writing a positive num to sample_interval.
>
> Signed-off-by: Tianchen Ding <dtcccc@...ux.alibaba.com>
Reviewed-by: Marco Elver <elver@...gle.com>
> ---
> mm/kfence/core.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
> diff --git a/mm/kfence/core.c b/mm/kfence/core.c
> index 13128fa13062..caa4e84c8b79 100644
> --- a/mm/kfence/core.c
> +++ b/mm/kfence/core.c
> @@ -38,14 +38,17 @@
> #define KFENCE_WARN_ON(cond) \
> ({ \
> const bool __cond = WARN_ON(cond); \
> - if (unlikely(__cond)) \
> + if (unlikely(__cond)) { \
> WRITE_ONCE(kfence_enabled, false); \
> + disabled_by_warn = true; \
> + } \
> __cond; \
> })
>
> /* === Data ================================================================= */
>
> static bool kfence_enabled __read_mostly;
> +static bool disabled_by_warn __read_mostly;
>
> unsigned long kfence_sample_interval __read_mostly = CONFIG_KFENCE_SAMPLE_INTERVAL;
> EXPORT_SYMBOL_GPL(kfence_sample_interval); /* Export for test modules. */
> @@ -55,6 +58,7 @@ EXPORT_SYMBOL_GPL(kfence_sample_interval); /* Export for test modules. */
> #endif
> #define MODULE_PARAM_PREFIX "kfence."
>
> +static int kfence_enable_late(void);
> static int param_set_sample_interval(const char *val, const struct kernel_param *kp)
> {
> unsigned long num;
> @@ -65,10 +69,11 @@ static int param_set_sample_interval(const char *val, const struct kernel_param
>
> if (!num) /* Using 0 to indicate KFENCE is disabled. */
> WRITE_ONCE(kfence_enabled, false);
> - else if (!READ_ONCE(kfence_enabled) && system_state != SYSTEM_BOOTING)
> - return -EINVAL; /* Cannot (re-)enable KFENCE on-the-fly. */
>
> *((unsigned long *)kp->arg) = num;
> +
> + if (num && !READ_ONCE(kfence_enabled) && system_state != SYSTEM_BOOTING)
> + return disabled_by_warn ? -EINVAL : kfence_enable_late();
> return 0;
> }
>
> @@ -787,6 +792,16 @@ void __init kfence_init(void)
> (void *)(__kfence_pool + KFENCE_POOL_SIZE));
> }
>
> +static int kfence_enable_late(void)
> +{
> + if (!__kfence_pool)
> + return -EINVAL;
> +
> + WRITE_ONCE(kfence_enabled, true);
> + queue_delayed_work(system_unbound_wq, &kfence_timer, 0);
> + return 0;
> +}
> +
> void kfence_shutdown_cache(struct kmem_cache *s)
> {
> unsigned long flags;
> --
> 2.27.0
>
Powered by blists - more mailing lists