From: Marco Elver <elver@google.com>
To: stable <stable@vger.kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>
Cc: Alexander Potapenko <glider@google.com>,
kasan-dev <kasan-dev@googlegroups.com>
Subject: [5.15.y] kfence: default to dynamic branch instead of static keys mode
Date: Tue, 9 Nov 2021 18:19:54 +0100 [thread overview]
Message-ID: <YYqtuk4r2F9Pal+4@elver.google.com> (raw)
Dear stable maintainers,
We propose picking the following 2 patches to 5.15.y:
07e8481d3c38 kfence: always use static branches to guard kfence_alloc()
4f612ed3f748 kfence: default to dynamic branch instead of static keys mode
, which had not been marked for stable initially, but upon re-evaluation
conclude that it will also avoid various unexpected behaviours [1], [2]
as the use of frequently-switched static keys (at least on x86) is more
trouble than it's worth.
[1] https://lkml.kernel.org/r/CANpmjNOw--ZNyhmn-GjuqU+aH5T98HMmBoCM4z=JFvajC913Qg@mail.gmail.com
[2] https://patchwork.kernel.org/project/linux-acpi/patch/2618833.mvXUDI8C0e@kreacher/
While optional, we recommend 07e8481d3c38 as well, as it avoids the
dynamic branch, now the default, if kfence is disabled at boot.
The main thing is to make the default less troublesome and be more
conservative. Those choosing to enable CONFIG_KFENCE_STATIC_KEYS can
still do so, but requires a deliberate opt-in via a config change.
Many thanks,
-- Marco
next reply other threads:[~2021-11-09 17:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 17:19 Marco Elver [this message]
2021-11-10 8:31 ` [5.15.y] kfence: default to dynamic branch instead of static keys mode Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYqtuk4r2F9Pal+4@elver.google.com \
--to=elver@google.com \
--cc=glider@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=kasan-dev@googlegroups.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox