lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aAYTTjImzLM9qSo3@harry>
Date: Mon, 21 Apr 2025 18:43:42 +0900
From: Harry Yoo <harry.yoo@...cle.com>
To: Kees Cook <kees@...nel.org>
Cc: Petr Mladek <pmladek@...e.com>,
        Sergio Perez Gonzalez <sperezglz@...il.com>,
        Vlastimil Babka <vbabka@...e.cz>, David Rientjes <rientjes@...gle.com>,
        Bagas Sanjaya <bagasdotme@...il.com>, Jonathan Corbet <corbet@....net>,
        Steven Rostedt <rostedt@...dmis.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Christoph Lameter <cl@...ux.com>, Pekka Enberg <penberg@...nel.org>,
        Joonsoo Kim <iamjoonsoo.kim@....com>,
        Roman Gushchin <roman.gushchin@...ux.dev>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        Tamir Duberstein <tamird@...il.com>, Miguel Ojeda <ojeda@...nel.org>,
        Alice Ryhl <aliceryhl@...gle.com>, linux-doc@...r.kernel.org,
        linux-mm@...ck.org, Thomas Huth <thuth@...hat.com>,
        "Borislav Petkov (AMD)" <bp@...en8.de>,
        Ard Biesheuvel <ardb@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andreas Hindborg <a.hindborg@...nel.org>,
        Stephen Boyd <swboyd@...omium.org>, linux-kernel@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH v2] slab: Decouple slab_debug and no_hash_pointers

On Fri, Apr 18, 2025 at 01:13:20PM -0700, Kees Cook wrote:
> On Thu, Apr 17, 2025 at 11:15:11PM +0900, Harry Yoo wrote:
> > On Tue, Apr 15, 2025 at 10:02:33AM -0700, Kees Cook wrote:
> > > Some system owners use slab_debug=FPZ (or similar) as a hardening option,
> > > but do not want to be forced into having kernel addresses exposed due
> > > to the implicit "no_hash_pointers" boot param setting.[1]
> > 
> > Is this behavior documented somewhere or it's only in the code?
> > I couldn't find anything other than the code.
> 
> Hmm, that's an excellent point. I don't see any mention of it in
> kernel-parameters.txt. Perhaps this?
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 4568572205ee..982e6511a225 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -6483,6 +6483,10 @@
>  			Documentation/mm/slub.rst.
>  			(slub_debug legacy name also accepted for now)
>  
> +			Using this option implies the "no_hash_pointers"
> +			option which can be undone by adding the
> +			"hash_pointers=always" option.
> +

Looks good to me as it correctly states current behavior.

>  	slab_max_order= [MM]
>  			Determines the maximum allowed order for slabs.
>  			A high setting may cause OOMs due to memory
> 
> > 
> > > Introduce the "hash_pointers" boot param, which defaults to "auto"
> > > (the current behavior), but also includes "always" (forcing on hashing
> > > even when "slab_debug=..." is defined), and "never". The existing
> > > "no_hash_pointers" boot param becomes an alias for "hash_pointers=never".
> > > 
> > > This makes it possible to boot with "slab_debug=FPZ hash_pointers=always".
> > > 
> > > Link: https://urldefense.com/v3/__https://github.com/KSPP/linux/issues/368__;!!ACWV5N9M2RV99hQ!No7Nk2rrOwtdh-XVVxppszL38saNKUNOLWogxasxGNiGfiS7gTVkUmDrw8J_YVAsbujlEb3hfb30$   [1]
> > > Fixes: 792702911f58 ("slub: force on no_hash_pointers when slub_debug is enabled")
> > > Co-developed-by: Sergio Perez Gonzalez <sperezglz@...il.com>
> > > Signed-off-by: Sergio Perez Gonzalez <sperezglz@...il.com>
> > > Acked-by: Vlastimil Babka <vbabka@...e.cz>
> > > Acked-by: David Rientjes <rientjes@...gle.com>
> > > Reviewed-by: Bagas Sanjaya <bagasdotme@...il.com>
> > > Signed-off-by: Kees Cook <kees@...nel.org>
> > > ---
> > 
> > Reviewed-by: Harry Yoo <harry.yoo@...cle.com>
> > 
> > By the way, while this patch does not change existing behavior of
> > slub_debug implying no_hash_pointers, kmem_cache_init() is not the only
> > place that enables slub_debug_enabled static key.
> > 
> > Maybe we should update __kmem_cache_create_args() too?
> > (in a separate patch)
> 
> The state of pointer hashing should not change after boot. (It is
> intentionally designed to use __ro_after_init.)

Okay. In security perspective that makes sense.

IIRC the only case that dynamically creates debug caches is rcutorture
so probably doesn't matter that much.

-- 
Cheers,
Harry / Hyeonggon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ