[PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Jann Horn
jannh at google.com
Mon Apr 8 17:39:18 UTC 2019
On Mon, Apr 8, 2019 at 7:20 PM Alexander Potapenko <glider at google.com> wrote:
> This config option enables CONFIG_SLUB_DEBUG and CONFIG_PAGE_POISONING
> without the need to pass any boot parameters.
>
> No performance optimizations are done at the moment to reduce double
> initialization of memory regions.
[...]
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 21d4f97cb49b..a1985f33f635 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -12,9 +12,14 @@ static bool want_page_poisoning __read_mostly;
>
> static int __init early_page_poison_param(char *buf)
> {
> +#ifdef CONFIG_INIT_ALL_HEAP
> + want_page_poisoning = true;
> + return 0;
> +#else
> if (!buf)
> return -EINVAL;
> return strtobool(buf, &want_page_poisoning);
> +#endif
> }
> early_param("page_poison", early_page_poison_param);
>
> diff --git a/mm/slub.c b/mm/slub.c
> index 1b08fbcb7e61..00e0197d3f35 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1287,6 +1287,8 @@ static int __init setup_slub_debug(char *str)
> if (*str == ',')
> slub_debug_slabs = str + 1;
> out:
> + if (IS_ENABLED(CONFIG_INIT_ALL_HEAP))
> + slub_debug |= SLAB_POISON;
> return 1;
> }
I don't understand how this is supposed to work. As far as I can tell,
the "slub_debug |= SLAB_POISON;" only happens if you actually pass in
a "slub_debug" boot parameter? Same thing for "want_page_poisoning =
true;".
Also, didn't Laura suggest in
https://www.openwall.com/lists/kernel-hardening/2019/04/08/4 that a
different approach might be more sensible to reduce the performance
hit?
More information about the Linux-security-module-archive
mailing list