From: Laura Abbott <labbott@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Laura Abbott <labbott@fedoraproject.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Vlastimil Babka <vbabka@suse.cz>, Michal Hocko <mhocko@suse.com>,
Kees Cook <keescook@chromium.org>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] Re: [PATCHv4 2/2] mm/page_poisoning.c: Allow for zero poisoning
Date: Mon, 7 Mar 2016 16:33:00 -0800 [thread overview]
Message-ID: <56DE1DBC.5050403@redhat.com> (raw)
In-Reply-To: <20160304160751.05931d89f451626b58073489@linux-foundation.org>
On 03/04/2016 04:07 PM, Andrew Morton wrote:
> On Fri, 4 Mar 2016 15:50:48 -0800 Laura Abbott <labbott@fedoraproject.org> wrote:
>
>>
>> By default, page poisoning uses a poison value (0xaa) on free. If this
>> is changed to 0, the page is not only sanitized but zeroing on alloc
>> with __GFP_ZERO can be skipped as well. The tradeoff is that detecting
>> corruption from the poisoning is harder to detect. This feature also
>> cannot be used with hibernation since pages are not guaranteed to be
>> zeroed after hibernation.
>>
>> Credit to Grsecurity/PaX team for inspiring this work
>>
>> --- a/kernel/power/hibernate.c
>> +++ b/kernel/power/hibernate.c
>> @@ -1158,6 +1158,22 @@ static int __init kaslr_nohibernate_setup(char *str)
>> return nohibernate_setup(str);
>> }
>>
>> +static int __init page_poison_nohibernate_setup(char *str)
>> +{
>> +#ifdef CONFIG_PAGE_POISONING_ZERO
>> + /*
>> + * The zeroing option for page poison skips the checks on alloc.
>> + * since hibernation doesn't save free pages there's no way to
>> + * guarantee the pages will still be zeroed.
>> + */
>> + if (!strcmp(str, "on")) {
>> + pr_info("Disabling hibernation due to page poisoning\n");
>> + return nohibernate_setup(str);
>> + }
>> +#endif
>> + return 1;
>> +}
>
> It seems a bit unfriendly to silently accept the boot option but not
> actually do anything with it. Perhaps a `#else pr_info("sorry")' is
> needed.
>
> But I bet we made the same mistake in 1000 other places.
>
> What happens if page_poison_nohibernate_setup() simply doesn't exist
> when CONFIG_PAGE_POISONING_ZERO=n? It looks like
> kernel/params.c:parse_args() says "Unknown parameter".
>
>
I didn't see that behavior when I tested, even with nonsense parameters.
It looks like it might fall back to some other behavior before giving
-ENOENT?
It's also worth noting the page_poison= option is also parsed in
mm/page_poison.c to do other on/off of the poisoning feature. The
option code supported it and it seemed to match better with what the
existing hibernate code was doing with turning off options.
Thanks,
Laura
next prev parent reply other threads:[~2016-03-08 0:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-04 23:50 [kernel-hardening] [PATCHv4 0/2] Sanitization of buddy pages Laura Abbott
2016-03-04 23:50 ` [kernel-hardening] [PATCHv4 1/2] mm/page_poison.c: Enable PAGE_POISONING as a separate option Laura Abbott
2016-03-05 0:17 ` [kernel-hardening] " kbuild test robot
2016-03-04 23:50 ` [kernel-hardening] [PATCHv4 2/2] mm/page_poisoning.c: Allow for zero poisoning Laura Abbott
2016-03-05 0:07 ` [kernel-hardening] " Andrew Morton
2016-03-08 0:33 ` Laura Abbott [this message]
2016-03-09 21:00 ` [kernel-hardening] Re: [PATCHv4 0/2] Sanitization of buddy pages Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DE1DBC.5050403@redhat.com \
--to=labbott@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=labbott@fedoraproject.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.com \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox