[PATCH 1/4] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
Kees Cook
keescook at chromium.org
Wed May 8 19:02:39 UTC 2019
On Wed, May 8, 2019 at 8:38 AM Alexander Potapenko <glider at google.com> wrote:
> The new options are needed to prevent possible information leaks and
> make control-flow bugs that depend on uninitialized values more
> deterministic.
I like having this available on both alloc and free. This makes it
much more configurable for the end users who can adapt to their work
loads, etc.
> Linux build with -j12, init_on_free=1: +24.42% sys time (st.err 0.52%)
> [...]
> Linux build with -j12, init_on_alloc=1: +0.57% sys time (st.err 0.40%)
Any idea why there is such a massive difference here? This seems to
high just for cache-locality effects of touching all the freed pages.
--
Kees Cook
More information about the Linux-security-module-archive
mailing list