[RFC][PATCH 4/7] slob: Add support for sanitization

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Laura Abbott <laura@labbott.name>
To: Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>
Cc: Laura Abbott <laura@labbott.name>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Kees Cook <keescook@chromium.org>,
	kernel-hardening@lists.openwall.com
Subject: [RFC][PATCH 4/7] slob: Add support for sanitization
Date: Mon, 21 Dec 2015 19:40:38 -0800	[thread overview]
Message-ID: <1450755641-7856-5-git-send-email-laura@labbott.name> (raw)
In-Reply-To: <1450755641-7856-1-git-send-email-laura@labbott.name>


The SLOB allocator does not clear objects on free. This is a security
risk since sensitive data may exist long past its expected life
span. Add support for clearing objects on free.

All credit for the original work should be given to Brad Spengler and
the PaX Team.

Signed-off-by: Laura Abbott <laura@labbott.name>
---
 mm/slob.c | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/mm/slob.c b/mm/slob.c
index 17e8f8c..37a4ecb 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -334,10 +334,21 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
 	return b;
 }
 
+static void slob_sanitize(struct kmem_cache *c, slob_t *b, int size)
+{
+#ifdef CONFIG_SLAB_MEMORY_SANITIZE
+	if (c && (c->flags & SLAB_NO_SANITIZE))
+		return;
+
+	if (sanitize_slab)
+		memset(b, SLAB_MEMORY_SANITIZE_VALUE, size);
+#endif
+}
+
 /*
  * slob_free: entry point into the slob allocator.
  */
-static void slob_free(void *block, int size)
+static void slob_free(struct kmem_cache *c, void *block, int size)
 {
 	struct page *sp;
 	slob_t *prev, *next, *b = (slob_t *)block;
@@ -365,6 +376,8 @@ static void slob_free(void *block, int size)
 		return;
 	}
 
+	slob_sanitize(c, block, size);
+
 	if (!slob_page_free(sp)) {
 		/* This slob page is about to become partially free. Easy! */
 		sp->units = units;
@@ -495,7 +508,7 @@ void kfree(const void *block)
 	if (PageSlab(sp)) {
 		int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
 		unsigned int *m = (unsigned int *)(block - align);
-		slob_free(m, *m + align);
+		slob_free(NULL, m, *m + align);
 	} else
 		__free_pages(sp, compound_order(sp));
 }
@@ -579,10 +592,10 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
 EXPORT_SYMBOL(kmem_cache_alloc_node);
 #endif
 
-static void __kmem_cache_free(void *b, int size)
+static void __kmem_cache_free(struct kmem_cache *c, void *b, int size)
 {
 	if (size < PAGE_SIZE)
-		slob_free(b, size);
+		slob_free(c, b, size);
 	else
 		slob_free_pages(b, get_order(size));
 }
@@ -592,7 +605,7 @@ static void kmem_rcu_free(struct rcu_head *head)
 	struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
 	void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
 
-	__kmem_cache_free(b, slob_rcu->size);
+	__kmem_cache_free(NULL, b, slob_rcu->size);
 }
 
 void kmem_cache_free(struct kmem_cache *c, void *b)
@@ -604,7 +617,7 @@ void kmem_cache_free(struct kmem_cache *c, void *b)
 		slob_rcu->size = c->size;
 		call_rcu(&slob_rcu->head, kmem_rcu_free);
 	} else {
-		__kmem_cache_free(b, c->size);
+		__kmem_cache_free(NULL, b, c->size);
 	}
 
 	trace_kmem_cache_free(_RET_IP_, b);
-- 
2.5.0

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

next prev parent reply	other threads:[~2015-12-22  3:41 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-22  3:40 [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX Laura Abbott
2015-12-22  3:40 ` [RFC][PATCH 1/7] mm/slab_common.c: Add common support for slab saniziation Laura Abbott
2015-12-22 20:48   ` Vlastimil Babka
2016-01-06  0:17     ` Kees Cook
2016-01-06  2:06       ` Laura Abbott
2016-01-06  0:19   ` Kees Cook
2015-12-22  3:40 ` [RFC][PATCH 2/7] slub: Add support for sanitization Laura Abbott
2015-12-22  3:40 ` [RFC][PATCH 3/7] slab: " Laura Abbott
2015-12-22  3:40 ` Laura Abbott [this message]
2015-12-22  3:40 ` [RFC][PATCH 5/7] mm: Mark several cases as SLAB_NO_SANITIZE Laura Abbott
2016-01-06  0:21   ` Kees Cook
2016-01-06  2:11     ` Laura Abbott
2015-12-22  3:40 ` [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization Laura Abbott
2015-12-22  9:33   ` [kernel-hardening] " Mathias Krause
2015-12-22 17:51     ` Laura Abbott
2015-12-22 18:37       ` Mathias Krause
2015-12-22 19:18         ` Laura Abbott
2015-12-22 20:01         ` Christoph Lameter
2015-12-22 20:06           ` Mathias Krause
2015-12-22 14:57   ` Dave Hansen
2015-12-22 16:25     ` Christoph Lameter
2015-12-22 17:22       ` Dave Hansen
2015-12-22 17:24         ` Christoph Lameter
2015-12-22 17:28           ` Dave Hansen
2015-12-22 18:08             ` Christoph Lameter
2015-12-22 18:19               ` Dave Hansen
2015-12-22 19:13                 ` Laura Abbott
2015-12-22 19:32                   ` Dave Hansen
2016-01-06  0:29                   ` Kees Cook
2016-01-06  2:46                     ` Laura Abbott
2015-12-22  3:40 ` [RFC][PATCH 7/7] lkdtm: Add READ_AFTER_FREE test Laura Abbott
2016-01-06  0:15   ` Kees Cook
2016-01-06  2:49     ` Laura Abbott
2015-12-22 16:08 ` [RFC][PATCH 0/7] Sanitization of slabs based on grsecurity/PaX Christoph Lameter
2015-12-22 16:15   ` [kernel-hardening] " Dave Hansen
2015-12-22 16:38   ` Daniel Micay
2015-12-22 20:04   ` Laura Abbott
2016-01-06  0:09     ` Kees Cook
2016-01-06  3:17       ` Laura Abbott
2016-01-07 16:26         ` Christoph Lameter
2016-01-08  1:23           ` Laura Abbott
2016-01-08 14:07             ` Christoph Lameter
2016-01-14  3:49               ` Laura Abbott
2016-01-21  3:35                 ` Laura Abbott
2016-01-21 15:39                   ` Christoph Lameter

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:17e8f8c dfblob:37a4ecb )
 OR (
bs:"[RFC][PATCH 4/7] slob: Add support for sanitization" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1450755641-7856-5-git-send-email-laura@labbott.name \
    --to=laura@labbott.name \
    --cc=akpm@linux-foundation.org \
    --cc=cl@linux.com \
    --cc=iamjoonsoo.kim@lge.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=penberg@kernel.org \
    --cc=rientjes@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).