[PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Christopher Lameter
cl at linux.com
Fri Apr 26 14:14:47 UTC 2019
On Thu, 18 Apr 2019, Alexander Potapenko wrote:
> This option adds the possibility to initialize newly allocated pages and
> heap objects with zeroes. This is needed to prevent possible information
> leaks and make the control-flow bugs that depend on uninitialized values
> more deterministic.
>
> Initialization is done at allocation time at the places where checks for
> __GFP_ZERO are performed. We don't initialize slab caches with
> constructors to preserve their semantics. To reduce runtime costs of
> checking cachep->ctor we replace a call to memset with a call to
> cachep->poison_fn, which is only executed if the memory block needs to
> be initialized.
Just check for a ctor and then zero or use whatever pattern ? Why add a
new function?
More information about the Linux-security-module-archive
mailing list