[PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP

Mark Rutland mark.rutland at arm.com
Tue Apr 9 09:32:35 UTC 2019 

On Mon, Apr 08, 2019 at 07:04:18PM +0200, Alexander Potapenko wrote:
> This config option enables CONFIG_SLUB_DEBUG and CONFIG_PAGE_POISONING
> without the need to pass any boot parameters.
> 
> No performance optimizations are done at the moment to reduce double
> initialization of memory regions.
> 
> Signed-off-by: Alexander Potapenko <glider at google.com>
> Cc: Masahiro Yamada <yamada.masahiro at socionext.com>
> Cc: James Morris <jmorris at namei.org>
> Cc: "Serge E. Hallyn" <serge at hallyn.com>
> Cc: Nick Desaulniers <ndesaulniers at google.com>
> Cc: Kostya Serebryany <kcc at google.com>
> Cc: Dmitry Vyukov <dvyukov at google.com>
> Cc: Kees Cook <keescook at chromium.org>
> Cc: Sandeep Patil <sspatil at android.com>
> Cc: linux-security-module at vger.kernel.org
> Cc: linux-kbuild at vger.kernel.org
> Cc: kernel-hardening at lists.openwall.com
> ---
>  v3:
>   - addressed comments by Masahiro Yamada (Kconfig fixes)
> ---
>  mm/page_poison.c         |  5 +++++
>  mm/slub.c                |  2 ++
>  security/Kconfig.initmem | 11 +++++++++++
>  3 files changed, 18 insertions(+)
> 
> diff --git a/mm/page_poison.c b/mm/page_poison.c
> index 21d4f97cb49b..a1985f33f635 100644
> --- a/mm/page_poison.c
> +++ b/mm/page_poison.c
> @@ -12,9 +12,14 @@ static bool want_page_poisoning __read_mostly;
>  
>  static int __init early_page_poison_param(char *buf)
>  {
> +#ifdef CONFIG_INIT_ALL_HEAP
> +	want_page_poisoning = true;
> +	return 0;
> +#else
>  	if (!buf)
>  		return -EINVAL;
>  	return strtobool(buf, &want_page_poisoning);
> +#endif
>  }
>  early_param("page_poison", early_page_poison_param);

IIUC this is only called if page_poison is passed on the command line,
so want_page_poisoning won't be set automatically unless that's passed.

Presumably you want to initialize it at definition with:

static bool want_page_poisoning __read_mostly = IS_ENABLED(CONFIG_INIT_ALL_HEAP);

with:

#ifndef CONFIG_INIT_ALL_HEAP
static int __init early_page_poison_param(char *buf)
{
	...
}
early_param("page_poison", early_page_poison_param);
#endif

... so that it can't be disabled?

Thanks,
Mark.

More information about the Linux-security-module-archive mailing list