[PATCH v6 2/3] mm: init: report memory auto-initialization features at boot time
Alexander Potapenko
glider at google.com
Thu Jun 6 16:48:44 UTC 2019
Print the currently enabled stack and heap initialization modes.
Stack initialization is enabled by a config flag, while heap
initialization is configured at boot time with defaults being set
in the config. It's more convenient for the user to have all information
about these hardening measures in one place.
The possible options for stack are:
- "all" for CONFIG_INIT_STACK_ALL;
- "byref_all" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL;
- "byref" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF;
- "__user" for CONFIG_GCC_PLUGIN_STRUCTLEAK_USER;
- "off" otherwise.
Depending on the values of init_on_alloc and init_on_free boottime
options we also report "heap alloc" and "heap free" as "on"/"off".
In the init_on_free mode initializing pages at boot time may take some
time, so print a notice about that as well.
Signed-off-by: Alexander Potapenko <glider at google.com>
Suggested-by: Kees Cook <keescook at chromium.org>
To: Andrew Morton <akpm at linux-foundation.org>
To: Christoph Lameter <cl at linux.com>
Cc: Dmitry Vyukov <dvyukov at google.com>
Cc: James Morris <jmorris at namei.org>
Cc: Jann Horn <jannh at google.com>
Cc: Kostya Serebryany <kcc at google.com>
Cc: Laura Abbott <labbott at redhat.com>
Cc: Mark Rutland <mark.rutland at arm.com>
Cc: Masahiro Yamada <yamada.masahiro at socionext.com>
Cc: Matthew Wilcox <willy at infradead.org>
Cc: Nick Desaulniers <ndesaulniers at google.com>
Cc: Randy Dunlap <rdunlap at infradead.org>
Cc: Sandeep Patil <sspatil at android.com>
Cc: "Serge E. Hallyn" <serge at hallyn.com>
Cc: Souptick Joarder <jrdr.linux at gmail.com>
Cc: Marco Elver <elver at google.com>
Cc: Kaiwan N Billimoria <kaiwan at kaiwantech.com>
Cc: kernel-hardening at lists.openwall.com
Cc: linux-mm at kvack.org
Cc: linux-security-module at vger.kernel.org
---
v6:
- update patch description, fixed message about clearing memory
---
init/main.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/init/main.c b/init/main.c
index 66a196c5e4c3..e68ef1f181f9 100644
--- a/init/main.c
+++ b/init/main.c
@@ -520,6 +520,29 @@ static inline void initcall_debug_enable(void)
}
#endif
+/* Report memory auto-initialization states for this boot. */
+void __init report_meminit(void)
+{
+ const char *stack;
+
+ if (IS_ENABLED(CONFIG_INIT_STACK_ALL))
+ stack = "all";
+ else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL))
+ stack = "byref_all";
+ else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF))
+ stack = "byref";
+ else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER))
+ stack = "__user";
+ else
+ stack = "off";
+
+ pr_info("mem auto-init: stack:%s, heap alloc:%s, heap free:%s\n",
+ stack, want_init_on_alloc(GFP_KERNEL) ? "on" : "off",
+ want_init_on_free() ? "on" : "off");
+ if (want_init_on_free())
+ pr_info("mem auto-init: clearing system memory may take some time...\n");
+}
+
/*
* Set up kernel memory allocators
*/
@@ -530,6 +553,7 @@ static void __init mm_init(void)
* bigger than MAX_ORDER unless SPARSEMEM.
*/
page_ext_init_flatmem();
+ report_meminit();
mem_init();
kmem_cache_init();
pgtable_init();
--
2.22.0.rc1.311.g5d7573a151-goog
More information about the Linux-security-module-archive
mailing list