From: Michal Hocko <mhocko@suse.com>
To: Joshua Hahn <joshua.hahnjy@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>, Mike Rapoport <rppt@kernel.org>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
kernel-team@meta.com
Subject: Re: [PATCH v2 2/2] mm/mm_init: decouple page checking and init_on_{alloc, free}
Date: Tue, 25 Nov 2025 09:45:38 +0100 [thread overview]
Message-ID: <aSVssg5c8mNvyLou@tiehlicka> (raw)
In-Reply-To: <20251124225408.2243564-2-joshua.hahnjy@gmail.com>
On Mon 24-11-25 14:54:07, Joshua Hahn wrote:
> init_on_alloc and init_on_free protect the kernel by initializing
> allocated and freed pages to 0 on allocation time / deletion.
> Commit 700d2e9a36b93601270c1e15550acde2521386c5 ("mm, page_alloc: reduce
> page alloc/free sanity checks") removed page checking from hot pcp
> drain and refill paths, and instead coupled it with CONFIG_DEBUG_VM,
> debug_pagealloc, page poisoning, and init_on_{alloc, free}.
>
> As the commit suggests, the first three turn the kernel into a debug
> kernel, while the last hardens the kernel against leaking sensitive memory.
> While enabling page checking is relatively low-cost and tying it
> together with page initialization is not unreasonable, it does feel like
> a bit of a side-effect, rather than an obvious consequence.
>
> With page checking now pulled out as a boot time parameter that can be
> set independently, let's decouple page checking and init_on_alloc and
> init_on_free.
>
> As a direct side effect, systems that have init_on_alloc or init_on_free
> will no longer have page checking enabled by default; they will either
> have to pass the check_pages boot parameter, build the kernel with
> CONFIG_DEBUG_VM, or enable debug_pagealloc / page poisoning.
How come this will not break existing users? What is an actual upside to
get for the risk involved?
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2025-11-25 8:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-24 22:54 [PATCH v2 1/2] mm/mm_init: Introduce a boot parameter for check_pages Joshua Hahn
2025-11-24 22:54 ` [PATCH v2 2/2] mm/mm_init: decouple page checking and init_on_{alloc, free} Joshua Hahn
2025-11-25 1:18 ` SeongJae Park
2025-11-25 18:59 ` Joshua Hahn
2025-11-25 8:45 ` Michal Hocko [this message]
2025-11-25 18:06 ` Vlastimil Babka
2025-11-25 18:58 ` Joshua Hahn
2025-11-25 1:10 ` [PATCH v2 1/2] mm/mm_init: Introduce a boot parameter for check_pages SeongJae Park
2025-11-25 8:44 ` Michal Hocko
2025-11-25 10:23 ` Mike Rapoport
2025-11-25 18:44 ` Joshua Hahn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSVssg5c8mNvyLou@tiehlicka \
--to=mhocko@suse.com \
--cc=akpm@linux-foundation.org \
--cc=joshua.hahnjy@gmail.com \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=rppt@kernel.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.