lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20231028204046.11258-1-yjnworkstation@gmail.com>
Date:   Sat, 28 Oct 2023 22:40:46 +0200
From:   York Jasper Niebuhr <yjnworkstation@...il.com>
To:     akpm@...ux-foundation.org
Cc:     linux-kernel@...r.kernel.org,
        York Jasper Niebuhr <yjnworkstation@...il.com>
Subject: [PATCH] Added empty sys_ememz

---
 arch/x86/entry/syscalls/syscall_32.tbl |  1 +
 arch/x86/entry/syscalls/syscall_64.tbl |  1 +
 include/linux/syscalls.h               |  1 +
 include/uapi/asm-generic/unistd.h      |  5 ++++-
 kernel/sys_ni.c                        |  3 +++
 mm/Kconfig                             |  7 +++++++
 mm/ememz.c                             | 18 ++++++++++++++++++
 7 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 mm/ememz.c

diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
index 2d0b1bd866ea..7803b2303da4 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
@@ -457,3 +457,4 @@
 450	i386	set_mempolicy_home_node		sys_set_mempolicy_home_node
 451	i386	cachestat		sys_cachestat
 452	i386	fchmodat2		sys_fchmodat2
+453	i386	ememz			sys_ememz
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
index 1d6eee30eceb..39530de435e1 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
@@ -375,6 +375,7 @@
 451	common	cachestat		sys_cachestat
 452	common	fchmodat2		sys_fchmodat2
 453	64	map_shadow_stack	sys_map_shadow_stack
+454	common	ememz			sys_ememz
 
 #
 # Due to a historical design error, certain syscalls are numbered differently
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 22bc6bc147f8..4127689798e2 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -940,6 +940,7 @@ asmlinkage long sys_cachestat(unsigned int fd,
 		struct cachestat_range __user *cstat_range,
 		struct cachestat __user *cstat, unsigned int flags);
 asmlinkage long sys_map_shadow_stack(unsigned long addr, unsigned long size, unsigned int flags);
+asmlinkage long sys_ememz(int flags);
 
 /*
  * Architecture-specific system calls
diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h
index abe087c53b4b..63ec7611af63 100644
--- a/include/uapi/asm-generic/unistd.h
+++ b/include/uapi/asm-generic/unistd.h
@@ -823,8 +823,11 @@ __SYSCALL(__NR_cachestat, sys_cachestat)
 #define __NR_fchmodat2 452
 __SYSCALL(__NR_fchmodat2, sys_fchmodat2)
 
+#define __NR_ememz 453
+__SYSCALL(__NR_ememz, sys_ememz)
+
 #undef __NR_syscalls
-#define __NR_syscalls 453
+#define __NR_syscalls 454
 
 /*
  * 32 bit systems traditionally used different
diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
index e137c1385c56..108ff4c6113c 100644
--- a/kernel/sys_ni.c
+++ b/kernel/sys_ni.c
@@ -253,6 +253,9 @@ COND_SYSCALL(pkey_free);
 /* memfd_secret */
 COND_SYSCALL(memfd_secret);
 
+/* ememz */
+COND_SYSCALL(ememz);
+
 /*
  * Architecture specific weak syscall entries.
  */
diff --git a/mm/Kconfig b/mm/Kconfig
index 264a2df5ecf5..dd4d505cf52e 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -1260,4 +1260,11 @@ config LOCK_MM_AND_FIND_VMA
 
 source "mm/damon/Kconfig"
 
+config EMEMZ_SYSCALL
+        bool "Ememz syscall" if EXPERT
+        default y
+        help
+          sys_ememz is a system call to flag a process' memory to be filled
+          with zeros on exit.
+
 endmenu
diff --git a/mm/ememz.c b/mm/ememz.c
new file mode 100644
index 000000000000..d7765375122a
--- /dev/null
+++ b/mm/ememz.c
@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/syscalls.h>
+
+#ifdef CONFIG_EMEMZ_SYSCALL
+/*
+ * Set task_struct flag to fill any memory associated with process on
+ * exit to zero.
+ */
+SYSCALL_DEFINE1(ememz, int, flags)
+{
+	if (flags & ~(0))
+		return -EINVAL;
+
+	// Set flag atomically
+	return 0;
+}
+#endif
-- 
2.34.1

Hi,
I am looking for a more fine grained alternative with less system
overhead to CONFIG_INIT_ON_FREE_DEFAULT_ON. My idea was to add a system
call (ememz) to set a flag in the task_struct that causes initialization
of all a process' pages on exit. Are there already any other
alternatives I should consider and is this the proper way to go on with
it? Any suggestions are welcome.

Signed-off-by: York Jasper Niebuhr <yjnworkstation@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ