From: Anisse Astier <anisse@astier.eu> To: unlisted-recipients:; (no To-header on input) Cc: Anisse Astier <anisse@astier.eu>, Andrew Morton <akpm@linux-foundation.org>, Mel Gorman <mgorman@suse.de>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, David Rientjes <rientjes@google.com>, Alan Cox <gnomes@lxorguk.ukuu.org.uk>, Linus Torvalds <torvalds@linux-foundation.org>, Peter Zijlstra <peterz@infradead.org>, PaX Team <pageexec@freemail.hu>, Brad Spengler <spender@grsecurity.net>, Kees Cook <keescook@chromium.org>, Andi Kleen <andi@firstfloor.org>, "Rafael J. Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>, linux-mm@kvack.org, linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages Date: Thu, 14 May 2015 16:19:47 +0200 [thread overview] Message-ID: <1431613188-4511-3-git-send-email-anisse@astier.eu> (raw) In-Reply-To: <1431613188-4511-1-git-send-email-anisse@astier.eu> This new config option will sanitize all freed pages. This is a pretty low-level change useful to track some cases of use-after-free, help kernel same-page merging in VM environments, and counter a few info leaks. Signed-off-by: Anisse Astier <anisse@astier.eu> --- mm/Kconfig | 12 ++++++++++++ mm/page_alloc.c | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/mm/Kconfig b/mm/Kconfig index 390214d..e9fb3bd 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -635,3 +635,15 @@ config MAX_STACK_SIZE_MB changed to a smaller value in which case that is used. A sane initial value is 80 MB. + +config SANITIZE_FREED_PAGES + bool "Sanitize memory pages after free" + default n + help + This option is used to make sure all pages freed are zeroed. This is + quite low-level and doesn't handle your slab buffers. + It has various applications, from preventing some info leaks to + helping kernel same-page merging in virtualised environments. + Depending on your workload it will greatly reduce performance. + + If unsure, say N. diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 4d5ce6e..c29e3a0 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -795,6 +795,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } + +#ifdef CONFIG_SANITIZE_FREED_PAGES + for (i = 0; i < (1 << order); i++) + clear_highpage(page + i); +#endif + arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); @@ -960,9 +966,15 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags, kernel_map_pages(page, 1 << order, 1); kasan_alloc_pages(page, order); +#ifndef CONFIG_SANITIZE_FREED_PAGES + /* SANITIZE_FREED_PAGES relies implicitly on the fact that pages are + * cleared before use, so we don't need gfp zero in the default case + * because all pages go through the free_pages_prepare code path when + * switching from bootmem to the default allocator */ if (gfp_flags & __GFP_ZERO) for (i = 0; i < (1 << order); i++) clear_highpage(page + i); +#endif if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -- 1.9.3
WARNING: multiple messages have this Message-ID (diff)
From: Anisse Astier <anisse@astier.eu> Cc: Anisse Astier <anisse@astier.eu>, Andrew Morton <akpm@linux-foundation.org>, Mel Gorman <mgorman@suse.de>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, David Rientjes <rientjes@google.com>, Alan Cox <gnomes@lxorguk.ukuu.org.uk>, Linus Torvalds <torvalds@linux-foundation.org>, Peter Zijlstra <peterz@infradead.org>, PaX Team <pageexec@freemail.hu>, Brad Spengler <spender@grsecurity.net>, Kees Cook <keescook@chromium.org>, Andi Kleen <andi@firstfloor.org>, "Rafael J. Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>, linux-mm@kvack.org, linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages Date: Thu, 14 May 2015 16:19:47 +0200 [thread overview] Message-ID: <1431613188-4511-3-git-send-email-anisse@astier.eu> (raw) In-Reply-To: <1431613188-4511-1-git-send-email-anisse@astier.eu> This new config option will sanitize all freed pages. This is a pretty low-level change useful to track some cases of use-after-free, help kernel same-page merging in VM environments, and counter a few info leaks. Signed-off-by: Anisse Astier <anisse@astier.eu> --- mm/Kconfig | 12 ++++++++++++ mm/page_alloc.c | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/mm/Kconfig b/mm/Kconfig index 390214d..e9fb3bd 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -635,3 +635,15 @@ config MAX_STACK_SIZE_MB changed to a smaller value in which case that is used. A sane initial value is 80 MB. + +config SANITIZE_FREED_PAGES + bool "Sanitize memory pages after free" + default n + help + This option is used to make sure all pages freed are zeroed. This is + quite low-level and doesn't handle your slab buffers. + It has various applications, from preventing some info leaks to + helping kernel same-page merging in virtualised environments. + Depending on your workload it will greatly reduce performance. + + If unsure, say N. diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 4d5ce6e..c29e3a0 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -795,6 +795,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } + +#ifdef CONFIG_SANITIZE_FREED_PAGES + for (i = 0; i < (1 << order); i++) + clear_highpage(page + i); +#endif + arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); @@ -960,9 +966,15 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags, kernel_map_pages(page, 1 << order, 1); kasan_alloc_pages(page, order); +#ifndef CONFIG_SANITIZE_FREED_PAGES + /* SANITIZE_FREED_PAGES relies implicitly on the fact that pages are + * cleared before use, so we don't need gfp zero in the default case + * because all pages go through the free_pages_prepare code path when + * switching from bootmem to the default allocator */ if (gfp_flags & __GFP_ZERO) for (i = 0; i < (1 << order); i++) clear_highpage(page + i); +#endif if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -- 1.9.3 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-05-14 14:20 UTC|newest] Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-05-14 14:19 [PATCH v4 0/3] Sanitizing freed pages Anisse Astier 2015-05-14 14:19 ` Anisse Astier 2015-05-14 14:19 ` Anisse Astier 2015-05-14 14:19 ` [PATCH v4 1/3] PM / Hibernate: prepare for SANITIZE_FREED_PAGES Anisse Astier 2015-05-14 14:19 ` Anisse Astier 2015-05-16 0:28 ` Rafael J. Wysocki 2015-05-16 0:28 ` Rafael J. Wysocki 2015-05-18 10:23 ` Anisse Astier 2015-05-18 10:23 ` Anisse Astier 2015-05-19 23:46 ` Rafael J. Wysocki 2015-05-19 23:46 ` Rafael J. Wysocki 2015-05-20 11:45 ` PaX Team 2015-05-20 11:45 ` PaX Team 2015-05-20 12:07 ` Anisse Astier 2015-05-20 12:07 ` Anisse Astier 2015-05-21 1:11 ` Rafael J. Wysocki 2015-05-21 1:11 ` Rafael J. Wysocki 2015-05-20 11:57 ` Anisse Astier 2015-05-20 11:57 ` Anisse Astier 2015-05-14 14:19 ` Anisse Astier [this message] 2015-05-14 14:19 ` [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages Anisse Astier 2015-05-18 11:21 ` Pavel Machek 2015-05-18 11:21 ` Pavel Machek 2015-05-18 12:41 ` Anisse Astier 2015-05-18 12:41 ` Anisse Astier 2015-05-18 13:02 ` Pavel Machek 2015-05-18 13:02 ` Pavel Machek 2015-05-18 13:04 ` Anisse Astier 2015-05-18 13:04 ` Anisse Astier 2015-05-19 1:58 ` yalin wang 2015-05-20 12:27 ` Anisse Astier 2015-05-20 12:27 ` Anisse Astier 2015-05-14 14:19 ` [PATCH v4 3/3] mm: Add debug code for SANITIZE_FREED_PAGES Anisse Astier 2015-05-14 14:19 ` Anisse Astier 2015-05-19 12:46 ` [PATCH v4 0/3] Sanitizing freed pages Mel Gorman 2015-05-19 12:46 ` Mel Gorman 2015-05-19 13:35 ` One Thousand Gnomes 2015-05-19 13:35 ` One Thousand Gnomes 2015-05-19 13:56 ` Mel Gorman 2015-05-19 13:56 ` Mel Gorman 2015-05-19 20:59 ` PaX Team 2015-05-19 20:59 ` PaX Team 2015-05-20 12:24 ` Anisse Astier 2015-05-20 12:24 ` Anisse Astier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1431613188-4511-3-git-send-email-anisse@astier.eu \ --to=anisse@astier.eu \ --cc=akpm@linux-foundation.org \ --cc=andi@firstfloor.org \ --cc=gnomes@lxorguk.ukuu.org.uk \ --cc=keescook@chromium.org \ --cc=kirill.shutemov@linux.intel.com \ --cc=len.brown@intel.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-pm@vger.kernel.org \ --cc=mgorman@suse.de \ --cc=pageexec@freemail.hu \ --cc=pavel@ucw.cz \ --cc=peterz@infradead.org \ --cc=rientjes@google.com \ --cc=rjw@rjwysocki.net \ --cc=spender@grsecurity.net \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.