[PATCH v3 2/2] initmem: introduce CONFIG_INIT_ALL_HEAP
Alexander Potapenko
glider at google.com
Tue Apr 9 09:53:44 UTC 2019
On Tue, Apr 9, 2019 at 11:32 AM Mark Rutland <mark.rutland at arm.com> wrote:
>
> On Mon, Apr 08, 2019 at 07:04:18PM +0200, Alexander Potapenko wrote:
> > This config option enables CONFIG_SLUB_DEBUG and CONFIG_PAGE_POISONING
> > without the need to pass any boot parameters.
> >
> > No performance optimizations are done at the moment to reduce double
> > initialization of memory regions.
> >
> > Signed-off-by: Alexander Potapenko <glider at google.com>
> > Cc: Masahiro Yamada <yamada.masahiro at socionext.com>
> > Cc: James Morris <jmorris at namei.org>
> > Cc: "Serge E. Hallyn" <serge at hallyn.com>
> > Cc: Nick Desaulniers <ndesaulniers at google.com>
> > Cc: Kostya Serebryany <kcc at google.com>
> > Cc: Dmitry Vyukov <dvyukov at google.com>
> > Cc: Kees Cook <keescook at chromium.org>
> > Cc: Sandeep Patil <sspatil at android.com>
> > Cc: linux-security-module at vger.kernel.org
> > Cc: linux-kbuild at vger.kernel.org
> > Cc: kernel-hardening at lists.openwall.com
> > ---
> > v3:
> > - addressed comments by Masahiro Yamada (Kconfig fixes)
> > ---
> > mm/page_poison.c | 5 +++++
> > mm/slub.c | 2 ++
> > security/Kconfig.initmem | 11 +++++++++++
> > 3 files changed, 18 insertions(+)
> >
> > diff --git a/mm/page_poison.c b/mm/page_poison.c
> > index 21d4f97cb49b..a1985f33f635 100644
> > --- a/mm/page_poison.c
> > +++ b/mm/page_poison.c
> > @@ -12,9 +12,14 @@ static bool want_page_poisoning __read_mostly;
> >
> > static int __init early_page_poison_param(char *buf)
> > {
> > +#ifdef CONFIG_INIT_ALL_HEAP
> > + want_page_poisoning = true;
> > + return 0;
> > +#else
> > if (!buf)
> > return -EINVAL;
> > return strtobool(buf, &want_page_poisoning);
> > +#endif
> > }
> > early_param("page_poison", early_page_poison_param);
>
> IIUC this is only called if page_poison is passed on the command line,
> so want_page_poisoning won't be set automatically unless that's passed.
>
> Presumably you want to initialize it at definition with:
>
> static bool want_page_poisoning __read_mostly = IS_ENABLED(CONFIG_INIT_ALL_HEAP);
Yes, I've misunderstood how boot parameters work.
Thanks for the suggestions!
We'd better look into wiping allocations without POISON_SLAB though.
> with:
>
> #ifndef CONFIG_INIT_ALL_HEAP
> static int __init early_page_poison_param(char *buf)
> {
> ...
> }
> early_param("page_poison", early_page_poison_param);
> #endif
>
> ... so that it can't be disabled?
>
> Thanks,
> Mark.
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
More information about the Linux-security-module-archive
mailing list