lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251125184416.1493908-1-joshua.hahnjy@gmail.com>
Date: Tue, 25 Nov 2025 10:44:15 -0800
From: Joshua Hahn <joshua.hahnjy@...il.com>
To: Mike Rapoport <rppt@...nel.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	Vlastimil Babka <vbabka@...e.cz>,
	Jonathan Corbet <corbet@....net>,
	linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux-mm@...ck.org,
	kernel-team@...a.com
Subject: Re: [PATCH v2 1/2] mm/mm_init: Introduce a boot parameter for check_pages

On Tue, 25 Nov 2025 12:23:14 +0200 Mike Rapoport <rppt@...nel.org> wrote:

> On Mon, Nov 24, 2025 at 02:54:06PM -0800, Joshua Hahn wrote:
> > Use-after-free and double-free bugs can be very difficult to track down.
> > The kernel is good at tracking these and preventing bad pages from being
> > used/created through simple checks gated behind "check_pages_enabled".
> > 
> > Currently, the only ways to enable this flag is by building with
> > CONFIG_DEBUG_VM, or as a side effect of other checks such as
> > init_on_{alloc, free}, page_poisoning, or debug_pagealloc among others.
> > These solutions are powerful, but may often be too coarse in balancing
> > the performance vs. safety that a user may want, particularly in
> > latency-sensitive production environments.
> > 
> > Introduce a new boot parameter "check_pages", which enables page checking
> > with no other side effects. It takes kstrbool-able inputs as an argument
> > (i.e. 0/1, true/false, on/off, ...). This patch is backwards-compatible;
> > setting CONFIG_DEBUG_VM still enables page checking.
> > 
> > Signed-off-by: Joshua Hahn <joshua.hahnjy@...il.com>

...

Hello Mike, thank you for your review!

> > +static bool _check_pages_enabled_early __initdata;
> 
> No need in the leading underscore.

Gotcha, no preference here on my end at all, so I'm happy to drop the leading
underscore. I was just modeling the variable after _init_on_alloc_enabled_early
and _init_on_free_enabled_early, but it seems like those are the only ones
that do have this leading underscore anyways.

> > +
> > +static int __init early_check_pages(char *buf)
> > +{
> > +	return kstrtobool(buf, &_check_pages_enabled_early);
> > +}
> > +early_param("check_pages", early_check_pages);
> > +
> >  /*
> >   * Enable static keys related to various memory debugging and hardening options.
> >   * Some override others, and depend on early params that are evaluated in the
> > @@ -2591,7 +2599,8 @@ static void __init mem_debugging_and_hardening_init(void)
> >  	 * of struct pages being allocated or freed. With CONFIG_DEBUG_VM it's
> >  	 * enabled already.
> >  	 */
> > -	if (!IS_ENABLED(CONFIG_DEBUG_VM) && want_check_pages)
> > +	if (!IS_ENABLED(CONFIG_DEBUG_VM) && (_check_pages_enabled_early ||
> > +					     want_check_pages))
> 
> You can initialize want_check_pages to check_pages_enabled_early, would be
> clearer IMO.

Yup, totally makes sense as well. I'll include this change in v3.
Thank you for all your feedback, I hope you have a great day!

Joshua

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ