From: Kees Cook <keescook@chromium.org>
To: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Christoph Lameter <cl@linux.com>,
Dmitry Vyukov <dvyukov@google.com>,
James Morris <jmorris@namei.org>, Jann Horn <jannh@google.com>,
Kostya Serebryany <kcc@google.com>,
Laura Abbott <labbott@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Matthew Wilcox <willy@infradead.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Randy Dunlap <rdunlap@infradead.org>,
Sandeep Patil <sspatil@android.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Souptick Joarder <jrdr.linux@gmail.com>,
Marco Elver <elver@google.com>,
Kaiwan N Billimoria <kaiwan@kaiwantech.com>,
kernel-hardening@lists.openwall.com, linux-mm@kvack.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v6 2/3] mm: init: report memory auto-initialization features at boot time
Date: Fri, 7 Jun 2019 08:34:54 -0700 [thread overview]
Message-ID: <201906070822.CEF77C844E@keescook> (raw)
In-Reply-To: <20190606164845.179427-3-glider@google.com>
On Thu, Jun 06, 2019 at 06:48:44PM +0200, Alexander Potapenko wrote:
> Print the currently enabled stack and heap initialization modes.
>
> Stack initialization is enabled by a config flag, while heap
> initialization is configured at boot time with defaults being set
> in the config. It's more convenient for the user to have all information
> about these hardening measures in one place.
Perhaps for clarity, add this to the end of the sentence:
"... at boot, so the user can reason about the expected behavior of
the running system."
> The possible options for stack are:
> - "all" for CONFIG_INIT_STACK_ALL;
> - "byref_all" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL;
> - "byref" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF;
> - "__user" for CONFIG_GCC_PLUGIN_STRUCTLEAK_USER;
> - "off" otherwise.
>
> Depending on the values of init_on_alloc and init_on_free boottime
> options we also report "heap alloc" and "heap free" as "on"/"off".
>
> In the init_on_free mode initializing pages at boot time may take some
> time, so print a notice about that as well.
Perhaps give an example too:
This depends on how much memory is installed, the memory bandwidth, etc.
On a relatively modern x86 system, it takes about 0.75s/GB to wipe all
memory:
[ 0.418722] mem auto-init: stack:byref_all, heap alloc:off, heap free:on
[ 0.419765] mem auto-init: clearing system memory may take some time...
[ 12.376605] Memory: 16408564K/16776672K available (14339K kernel code, 1397K rwdata, 3756K rodata, 1636K init, 11460K bss, 368108K reserved, 0K cma-reserved)
More notes below...
>
> Signed-off-by: Alexander Potapenko <glider@google.com>
> Suggested-by: Kees Cook <keescook@chromium.org>
> To: Andrew Morton <akpm@linux-foundation.org>
> To: Christoph Lameter <cl@linux.com>
> Cc: Dmitry Vyukov <dvyukov@google.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: Jann Horn <jannh@google.com>
> Cc: Kostya Serebryany <kcc@google.com>
> Cc: Laura Abbott <labbott@redhat.com>
> Cc: Mark Rutland <mark.rutland@arm.com>
> Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> Cc: Matthew Wilcox <willy@infradead.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Randy Dunlap <rdunlap@infradead.org>
> Cc: Sandeep Patil <sspatil@android.com>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: Souptick Joarder <jrdr.linux@gmail.com>
> Cc: Marco Elver <elver@google.com>
> Cc: Kaiwan N Billimoria <kaiwan@kaiwantech.com>
> Cc: kernel-hardening@lists.openwall.com
> Cc: linux-mm@kvack.org
> Cc: linux-security-module@vger.kernel.org
> ---
> v6:
> - update patch description, fixed message about clearing memory
> ---
> init/main.c | 24 ++++++++++++++++++++++++
> 1 file changed, 24 insertions(+)
>
> diff --git a/init/main.c b/init/main.c
> index 66a196c5e4c3..e68ef1f181f9 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -520,6 +520,29 @@ static inline void initcall_debug_enable(void)
> }
> #endif
>
> +/* Report memory auto-initialization states for this boot. */
> +void __init report_meminit(void)
Sorry I missed this before: it should be a static function.
> +{
> + const char *stack;
> +
> + if (IS_ENABLED(CONFIG_INIT_STACK_ALL))
> + stack = "all";
> + else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL))
> + stack = "byref_all";
> + else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF))
> + stack = "byref";
> + else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER))
> + stack = "__user";
> + else
> + stack = "off";
> +
> + pr_info("mem auto-init: stack:%s, heap alloc:%s, heap free:%s\n",
> + stack, want_init_on_alloc(GFP_KERNEL) ? "on" : "off",
> + want_init_on_free() ? "on" : "off");
> + if (want_init_on_free())
> + pr_info("mem auto-init: clearing system memory may take some time...\n");
> +}
> +
> /*
> * Set up kernel memory allocators
> */
> @@ -530,6 +553,7 @@ static void __init mm_init(void)
> * bigger than MAX_ORDER unless SPARSEMEM.
> */
> page_ext_init_flatmem();
> + report_meminit();
> mem_init();
> kmem_cache_init();
> pgtable_init();
> --
> 2.22.0.rc1.311.g5d7573a151-goog
>
But other than that:
Acked-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
next prev parent reply other threads:[~2019-06-07 15:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190606164845.179427-1-glider@google.com>
2019-06-06 16:48 ` [PATCH v6 1/3] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options Alexander Potapenko
2019-06-07 15:42 ` Kees Cook
2019-06-21 1:37 ` Kees Cook
2019-06-25 15:42 ` Alexander Potapenko
2019-06-06 16:48 ` [PATCH v6 2/3] mm: init: report memory auto-initialization features at boot time Alexander Potapenko
2019-06-07 15:34 ` Kees Cook [this message]
2019-06-06 16:48 ` [PATCH v6 3/3] lib: introduce test_meminit module Alexander Potapenko
2019-06-07 15:35 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201906070822.CEF77C844E@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=jrdr.linux@gmail.com \
--cc=kaiwan@kaiwantech.com \
--cc=kcc@google.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=ndesaulniers@google.com \
--cc=rdunlap@infradead.org \
--cc=serge@hallyn.com \
--cc=sspatil@android.com \
--cc=willy@infradead.org \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.