[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAG48ez04KBTTqPF9JMQu2uBde3SxUo-_=mwsxqr6B6+Fjyd57w@mail.gmail.com>
Date: Thu, 27 Mar 2025 20:23:50 +0100
From: Jann Horn <jannh@...gle.com>
To: Kees Cook <kees@...nel.org>
Cc: Vlastimil Babka <vbabka@...e.cz>, Christoph Lameter <cl@...ux.com>, Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>, Joonsoo Kim <iamjoonsoo.kim@....com>,
Andrew Morton <akpm@...ux-foundation.org>, Roman Gushchin <roman.gushchin@...ux.dev>,
Hyeonggon Yoo <42.hyeyoo@...il.com>, linux-mm@...ck.org, Miguel Ojeda <ojeda@...nel.org>,
Nathan Chancellor <nathan@...nel.org>, Marco Elver <elver@...gle.com>,
Nick Desaulniers <ndesaulniers@...gle.com>, Przemek Kitszel <przemyslaw.kitszel@...el.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH 4/5] slab: Set freed variables to NULL by default
On Sat, Mar 22, 2025 at 8:18 AM Kees Cook <kees@...nel.org> wrote:
> On Sat, Mar 22, 2025 at 02:50:15AM +0100, Jann Horn wrote:
> > On Fri, Mar 21, 2025 at 9:41 PM Kees Cook <kees@...nel.org> wrote:
> > > To defang a subset of "dangling pointer" use-after-free flaws[1], take the
> > > address of any lvalues passed to kfree() and set them to NULL after
> > > freeing.
> > >
> > > To do this manually, kfree_and_null() (and the "sensitive" variant)
> > > are introduced.
> >
> > Unless callers of kfree() are allowed to rely on this behavior, we
> > might want to have an option to use a poison value instead of NULL for
> > this in debug builds.
>
> Sure -- we have many to choose from. Is there a specific one you think
> would be good?
Forgot to reply to this, sorry. No, I don't have a particular one in mind.
Powered by blists - more mailing lists