From: Anisse Astier <anisse@astier.eu>
To: unlisted-recipients:; (no To-header on input)
Cc: Anisse Astier <anisse@astier.eu>,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Kees Cook <keescook@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
linux-mm@kvack.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 0/3] Sanitizing freed pages
Date: Thu, 14 May 2015 16:19:45 +0200 [thread overview]
Message-ID: <1431613188-4511-1-git-send-email-anisse@astier.eu> (raw)
Hi,
I'm trying revive an old debate here[1], though with a simpler approach than
was previously tried. This patch series implements a new option to sanitize
freed pages, a (very) small subset of what is done in PaX/grsecurity[3],
inspired by a previous submission [4].
There are a few different uses that this can cover:
- some cases of use-after-free could be detected (crashes), although this not
as efficient as KAsan/kmemcheck
- it can help with long-term memory consumption in an environment with
multiple VMs and Kernel Same-page Merging on the host. [2]
- finally, it can reduce infoleaks, although this is hard to measure.
The approach is voluntarily kept as simple as possible. A single configuration
option, no command line option, no sysctl nob. It can of course be changed,
although I'd be wary of runtime-configuration options that could be used for
races.
I haven't been able to measure a meaningful performance difference when
compiling a (in-cache) kernel; I'd be interested to see what difference it
makes with your particular workload/hardware (I suspect mine is CPU-bound on
this small laptop).
First patch fixes the hibernate use case which will load all the pages of the
restored kernel, and then jump into it, leaving the loader kernel pages hanging
around unclean. We use the free pages bitmap to know which pages should be
cleaned after restore.
Third patch is debug code that can be used to find issues if this feature fails
on your system. It shouldn't necessarily be merged.
Changes since v3:
- drop original first patch, it has been queued by Andrew in mmotm
- fix issue raised by Pavel Machek in hibernate patch
- checkpatch issue in third patch
Changes since v2:
- reorder patches to fix hibernate first
- update debug patch to use memchr_inv
- cc linux-pm and maintainers
Changes since v1:
- fix some issues raised by David Rientjes, Andi Kleen and PaX Team.
- add hibernate fix (third patch)
- add debug code, this is "just in case" someone has an issue with this
feature. Not sure if it should be merged.
[1] https://lwn.net/Articles/334747/
[2] https://staff.aist.go.jp/k.suzaki/EuroSec12-SUZAKI-revised2.pdf
[3] http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory
[4] http://article.gmane.org/gmane.linux.kernel.mm/34398
Anisse Astier (3):
PM / Hibernate: prepare for SANITIZE_FREED_PAGES
mm/page_alloc.c: add config option to sanitize freed pages
mm: Add debug code for SANITIZE_FREED_PAGES
kernel/power/hibernate.c | 4 +++-
kernel/power/power.h | 2 ++
kernel/power/snapshot.c | 26 ++++++++++++++++++++++++++
mm/Kconfig | 22 ++++++++++++++++++++++
mm/page_alloc.c | 30 ++++++++++++++++++++++++++++++
5 files changed, 83 insertions(+), 1 deletion(-)
--
1.9.3
WARNING: multiple messages have this Message-ID (diff)
From: Anisse Astier <anisse@astier.eu>
Cc: Anisse Astier <anisse@astier.eu>,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Kees Cook <keescook@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
linux-mm@kvack.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 0/3] Sanitizing freed pages
Date: Thu, 14 May 2015 16:19:45 +0200 [thread overview]
Message-ID: <1431613188-4511-1-git-send-email-anisse@astier.eu> (raw)
Hi,
I'm trying revive an old debate here[1], though with a simpler approach than
was previously tried. This patch series implements a new option to sanitize
freed pages, a (very) small subset of what is done in PaX/grsecurity[3],
inspired by a previous submission [4].
There are a few different uses that this can cover:
- some cases of use-after-free could be detected (crashes), although this not
as efficient as KAsan/kmemcheck
- it can help with long-term memory consumption in an environment with
multiple VMs and Kernel Same-page Merging on the host. [2]
- finally, it can reduce infoleaks, although this is hard to measure.
The approach is voluntarily kept as simple as possible. A single configuration
option, no command line option, no sysctl nob. It can of course be changed,
although I'd be wary of runtime-configuration options that could be used for
races.
I haven't been able to measure a meaningful performance difference when
compiling a (in-cache) kernel; I'd be interested to see what difference it
makes with your particular workload/hardware (I suspect mine is CPU-bound on
this small laptop).
First patch fixes the hibernate use case which will load all the pages of the
restored kernel, and then jump into it, leaving the loader kernel pages hanging
around unclean. We use the free pages bitmap to know which pages should be
cleaned after restore.
Third patch is debug code that can be used to find issues if this feature fails
on your system. It shouldn't necessarily be merged.
Changes since v3:
- drop original first patch, it has been queued by Andrew in mmotm
- fix issue raised by Pavel Machek in hibernate patch
- checkpatch issue in third patch
Changes since v2:
- reorder patches to fix hibernate first
- update debug patch to use memchr_inv
- cc linux-pm and maintainers
Changes since v1:
- fix some issues raised by David Rientjes, Andi Kleen and PaX Team.
- add hibernate fix (third patch)
- add debug code, this is "just in case" someone has an issue with this
feature. Not sure if it should be merged.
[1] https://lwn.net/Articles/334747/
[2] https://staff.aist.go.jp/k.suzaki/EuroSec12-SUZAKI-revised2.pdf
[3] http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory
[4] http://article.gmane.org/gmane.linux.kernel.mm/34398
Anisse Astier (3):
PM / Hibernate: prepare for SANITIZE_FREED_PAGES
mm/page_alloc.c: add config option to sanitize freed pages
mm: Add debug code for SANITIZE_FREED_PAGES
kernel/power/hibernate.c | 4 +++-
kernel/power/power.h | 2 ++
kernel/power/snapshot.c | 26 ++++++++++++++++++++++++++
mm/Kconfig | 22 ++++++++++++++++++++++
mm/page_alloc.c | 30 ++++++++++++++++++++++++++++++
5 files changed, 83 insertions(+), 1 deletion(-)
--
1.9.3
WARNING: multiple messages have this Message-ID (diff)
From: Anisse Astier <anisse@astier.eu>
Cc: Anisse Astier <anisse@astier.eu>,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Kees Cook <keescook@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
linux-mm@kvack.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 0/3] Sanitizing freed pages
Date: Thu, 14 May 2015 16:19:45 +0200 [thread overview]
Message-ID: <1431613188-4511-1-git-send-email-anisse@astier.eu> (raw)
Hi,
I'm trying revive an old debate here[1], though with a simpler approach than
was previously tried. This patch series implements a new option to sanitize
freed pages, a (very) small subset of what is done in PaX/grsecurity[3],
inspired by a previous submission [4].
There are a few different uses that this can cover:
- some cases of use-after-free could be detected (crashes), although this not
as efficient as KAsan/kmemcheck
- it can help with long-term memory consumption in an environment with
multiple VMs and Kernel Same-page Merging on the host. [2]
- finally, it can reduce infoleaks, although this is hard to measure.
The approach is voluntarily kept as simple as possible. A single configuration
option, no command line option, no sysctl nob. It can of course be changed,
although I'd be wary of runtime-configuration options that could be used for
races.
I haven't been able to measure a meaningful performance difference when
compiling a (in-cache) kernel; I'd be interested to see what difference it
makes with your particular workload/hardware (I suspect mine is CPU-bound on
this small laptop).
First patch fixes the hibernate use case which will load all the pages of the
restored kernel, and then jump into it, leaving the loader kernel pages hanging
around unclean. We use the free pages bitmap to know which pages should be
cleaned after restore.
Third patch is debug code that can be used to find issues if this feature fails
on your system. It shouldn't necessarily be merged.
Changes since v3:
- drop original first patch, it has been queued by Andrew in mmotm
- fix issue raised by Pavel Machek in hibernate patch
- checkpatch issue in third patch
Changes since v2:
- reorder patches to fix hibernate first
- update debug patch to use memchr_inv
- cc linux-pm and maintainers
Changes since v1:
- fix some issues raised by David Rientjes, Andi Kleen and PaX Team.
- add hibernate fix (third patch)
- add debug code, this is "just in case" someone has an issue with this
feature. Not sure if it should be merged.
[1] https://lwn.net/Articles/334747/
[2] https://staff.aist.go.jp/k.suzaki/EuroSec12-SUZAKI-revised2.pdf
[3] http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory
[4] http://article.gmane.org/gmane.linux.kernel.mm/34398
Anisse Astier (3):
PM / Hibernate: prepare for SANITIZE_FREED_PAGES
mm/page_alloc.c: add config option to sanitize freed pages
mm: Add debug code for SANITIZE_FREED_PAGES
kernel/power/hibernate.c | 4 +++-
kernel/power/power.h | 2 ++
kernel/power/snapshot.c | 26 ++++++++++++++++++++++++++
mm/Kconfig | 22 ++++++++++++++++++++++
mm/page_alloc.c | 30 ++++++++++++++++++++++++++++++
5 files changed, 83 insertions(+), 1 deletion(-)
--
1.9.3
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next reply other threads:[~2015-05-14 14:20 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 14:19 Anisse Astier [this message]
2015-05-14 14:19 ` [PATCH v4 0/3] Sanitizing freed pages Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 1/3] PM / Hibernate: prepare for SANITIZE_FREED_PAGES Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-16 0:28 ` Rafael J. Wysocki
2015-05-16 0:28 ` Rafael J. Wysocki
2015-05-18 10:23 ` Anisse Astier
2015-05-18 10:23 ` Anisse Astier
2015-05-19 23:46 ` Rafael J. Wysocki
2015-05-19 23:46 ` Rafael J. Wysocki
2015-05-20 11:45 ` PaX Team
2015-05-20 11:45 ` PaX Team
2015-05-20 12:07 ` Anisse Astier
2015-05-20 12:07 ` Anisse Astier
2015-05-21 1:11 ` Rafael J. Wysocki
2015-05-21 1:11 ` Rafael J. Wysocki
2015-05-20 11:57 ` Anisse Astier
2015-05-20 11:57 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-18 11:21 ` Pavel Machek
2015-05-18 11:21 ` Pavel Machek
2015-05-18 12:41 ` Anisse Astier
2015-05-18 12:41 ` Anisse Astier
2015-05-18 13:02 ` Pavel Machek
2015-05-18 13:02 ` Pavel Machek
2015-05-18 13:04 ` Anisse Astier
2015-05-18 13:04 ` Anisse Astier
2015-05-19 1:58 ` yalin wang
2015-05-20 12:27 ` Anisse Astier
2015-05-20 12:27 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 3/3] mm: Add debug code for SANITIZE_FREED_PAGES Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-19 12:46 ` [PATCH v4 0/3] Sanitizing freed pages Mel Gorman
2015-05-19 12:46 ` Mel Gorman
2015-05-19 13:35 ` One Thousand Gnomes
2015-05-19 13:35 ` One Thousand Gnomes
2015-05-19 13:56 ` Mel Gorman
2015-05-19 13:56 ` Mel Gorman
2015-05-19 20:59 ` PaX Team
2015-05-19 20:59 ` PaX Team
2015-05-20 12:24 ` Anisse Astier
2015-05-20 12:24 ` Anisse Astier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431613188-4511-1-git-send-email-anisse@astier.eu \
--to=anisse@astier.eu \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=pageexec@freemail.hu \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=spender@grsecurity.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.