Re: [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization
From: Christoph Lameter
Date: Tue Dec 22 2015 - 12:25:19 EST
On Tue, 22 Dec 2015, Dave Hansen wrote:
> Or are you just saying that we should use the poisoning *code* that we
> already have in slub? Using the _code_ looks like a really good idea,
> whether we're using it to write POISON_FREE, or 0's. Something like the
> attached patch?
Why would you use zeros? The point is just to clear the information right?
The regular poisoning does that.
---
b/mm/slub.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff -puN mm/slub.c~slub-poison-zeros mm/slub.c
--- a/mm/slub.c~slub-poison-zeros 2015-12-22 09:18:30.585371985 -0800
+++ b/mm/slub.c 2015-12-22 09:21:23.754174731 -0800
@@ -177,6 +177,7 @@ static inline bool kmem_cache_has_cpu_pa
/* Internal SLUB flags */
#define __OBJECT_POISON 0x80000000UL /* Poison object */
#define __CMPXCHG_DOUBLE 0x40000000UL /* Use cmpxchg_double */
+#define __OBJECT_POISON_ZERO 0x20000000UL /* Poison with zeroes */
#ifdef CONFIG_SMP
static struct notifier_block slab_notifier;
@@ -678,7 +679,10 @@ static void init_object(struct kmem_cach
u8 *p = object;
if (s->flags & __OBJECT_POISON) {
- memset(p, POISON_FREE, s->object_size - 1);
+ if (s->flags & __OBJECT_POISON_ZERO) {
+ memset(p, POISON_FREE, s->object_size - 1);
+ else
+ memset(p, 0, s->object_size - 1);
p[s->object_size - 1] = POISON_END;
}
@@ -2495,7 +2499,8 @@ redo:
stat(s, ALLOC_FASTPATH);
}
- if (unlikely(gfpflags & __GFP_ZERO) && object)
+ if (unlikely(gfpflags & __GFP_ZERO) && object &&
+ !(s->flags & __OBJECT_POISON_ZERO)) {
memset(object, 0, s->object_size);
slab_post_alloc_hook(s, gfpflags, object);
@@ -2839,7 +2844,8 @@ bool kmem_cache_alloc_bulk(struct kmem_c
local_irq_enable();
/* Clear memory outside IRQ disabled fastpath loop */
- if (unlikely(flags & __GFP_ZERO)) {
+ if (unlikely(flags & __GFP_ZERO) &&
+ !(s->flags & __OBJECT_POISON_ZERO)) {
int j;
for (j = 0; j < i; j++)
_