From: Anisse Astier <anisse@astier.eu>
To: unlisted-recipients:; (no To-header on input)
Cc: Anisse Astier <anisse@astier.eu>,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Kees Cook <keescook@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
linux-mm@kvack.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages
Date: Thu, 14 May 2015 16:19:47 +0200 [thread overview]
Message-ID: <1431613188-4511-3-git-send-email-anisse@astier.eu> (raw)
In-Reply-To: <1431613188-4511-1-git-send-email-anisse@astier.eu>
This new config option will sanitize all freed pages. This is a pretty
low-level change useful to track some cases of use-after-free, help
kernel same-page merging in VM environments, and counter a few info
leaks.
Signed-off-by: Anisse Astier <anisse@astier.eu>
---
mm/Kconfig | 12 ++++++++++++
mm/page_alloc.c | 12 ++++++++++++
2 files changed, 24 insertions(+)
diff --git a/mm/Kconfig b/mm/Kconfig
index 390214d..e9fb3bd 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -635,3 +635,15 @@ config MAX_STACK_SIZE_MB
changed to a smaller value in which case that is used.
A sane initial value is 80 MB.
+
+config SANITIZE_FREED_PAGES
+ bool "Sanitize memory pages after free"
+ default n
+ help
+ This option is used to make sure all pages freed are zeroed. This is
+ quite low-level and doesn't handle your slab buffers.
+ It has various applications, from preventing some info leaks to
+ helping kernel same-page merging in virtualised environments.
+ Depending on your workload it will greatly reduce performance.
+
+ If unsure, say N.
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 4d5ce6e..c29e3a0 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -795,6 +795,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
+
+#ifdef CONFIG_SANITIZE_FREED_PAGES
+ for (i = 0; i < (1 << order); i++)
+ clear_highpage(page + i);
+#endif
+
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
@@ -960,9 +966,15 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
kernel_map_pages(page, 1 << order, 1);
kasan_alloc_pages(page, order);
+#ifndef CONFIG_SANITIZE_FREED_PAGES
+ /* SANITIZE_FREED_PAGES relies implicitly on the fact that pages are
+ * cleared before use, so we don't need gfp zero in the default case
+ * because all pages go through the free_pages_prepare code path when
+ * switching from bootmem to the default allocator */
if (gfp_flags & __GFP_ZERO)
for (i = 0; i < (1 << order); i++)
clear_highpage(page + i);
+#endif
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
--
1.9.3
WARNING: multiple messages have this Message-ID (diff)
From: Anisse Astier <anisse@astier.eu>
Cc: Anisse Astier <anisse@astier.eu>,
Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mgorman@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Kees Cook <keescook@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
linux-mm@kvack.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages
Date: Thu, 14 May 2015 16:19:47 +0200 [thread overview]
Message-ID: <1431613188-4511-3-git-send-email-anisse@astier.eu> (raw)
In-Reply-To: <1431613188-4511-1-git-send-email-anisse@astier.eu>
This new config option will sanitize all freed pages. This is a pretty
low-level change useful to track some cases of use-after-free, help
kernel same-page merging in VM environments, and counter a few info
leaks.
Signed-off-by: Anisse Astier <anisse@astier.eu>
---
mm/Kconfig | 12 ++++++++++++
mm/page_alloc.c | 12 ++++++++++++
2 files changed, 24 insertions(+)
diff --git a/mm/Kconfig b/mm/Kconfig
index 390214d..e9fb3bd 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -635,3 +635,15 @@ config MAX_STACK_SIZE_MB
changed to a smaller value in which case that is used.
A sane initial value is 80 MB.
+
+config SANITIZE_FREED_PAGES
+ bool "Sanitize memory pages after free"
+ default n
+ help
+ This option is used to make sure all pages freed are zeroed. This is
+ quite low-level and doesn't handle your slab buffers.
+ It has various applications, from preventing some info leaks to
+ helping kernel same-page merging in virtualised environments.
+ Depending on your workload it will greatly reduce performance.
+
+ If unsure, say N.
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 4d5ce6e..c29e3a0 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -795,6 +795,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
+
+#ifdef CONFIG_SANITIZE_FREED_PAGES
+ for (i = 0; i < (1 << order); i++)
+ clear_highpage(page + i);
+#endif
+
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
@@ -960,9 +966,15 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
kernel_map_pages(page, 1 << order, 1);
kasan_alloc_pages(page, order);
+#ifndef CONFIG_SANITIZE_FREED_PAGES
+ /* SANITIZE_FREED_PAGES relies implicitly on the fact that pages are
+ * cleared before use, so we don't need gfp zero in the default case
+ * because all pages go through the free_pages_prepare code path when
+ * switching from bootmem to the default allocator */
if (gfp_flags & __GFP_ZERO)
for (i = 0; i < (1 << order); i++)
clear_highpage(page + i);
+#endif
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
--
1.9.3
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-05-14 14:20 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 14:19 [PATCH v4 0/3] Sanitizing freed pages Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 1/3] PM / Hibernate: prepare for SANITIZE_FREED_PAGES Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-16 0:28 ` Rafael J. Wysocki
2015-05-16 0:28 ` Rafael J. Wysocki
2015-05-18 10:23 ` Anisse Astier
2015-05-18 10:23 ` Anisse Astier
2015-05-19 23:46 ` Rafael J. Wysocki
2015-05-19 23:46 ` Rafael J. Wysocki
2015-05-20 11:45 ` PaX Team
2015-05-20 11:45 ` PaX Team
2015-05-20 12:07 ` Anisse Astier
2015-05-20 12:07 ` Anisse Astier
2015-05-21 1:11 ` Rafael J. Wysocki
2015-05-21 1:11 ` Rafael J. Wysocki
2015-05-20 11:57 ` Anisse Astier
2015-05-20 11:57 ` Anisse Astier
2015-05-14 14:19 ` Anisse Astier [this message]
2015-05-14 14:19 ` [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages Anisse Astier
2015-05-18 11:21 ` Pavel Machek
2015-05-18 11:21 ` Pavel Machek
2015-05-18 12:41 ` Anisse Astier
2015-05-18 12:41 ` Anisse Astier
2015-05-18 13:02 ` Pavel Machek
2015-05-18 13:02 ` Pavel Machek
2015-05-18 13:04 ` Anisse Astier
2015-05-18 13:04 ` Anisse Astier
2015-05-19 1:58 ` yalin wang
2015-05-20 12:27 ` Anisse Astier
2015-05-20 12:27 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 3/3] mm: Add debug code for SANITIZE_FREED_PAGES Anisse Astier
2015-05-14 14:19 ` Anisse Astier
2015-05-19 12:46 ` [PATCH v4 0/3] Sanitizing freed pages Mel Gorman
2015-05-19 12:46 ` Mel Gorman
2015-05-19 13:35 ` One Thousand Gnomes
2015-05-19 13:35 ` One Thousand Gnomes
2015-05-19 13:56 ` Mel Gorman
2015-05-19 13:56 ` Mel Gorman
2015-05-19 20:59 ` PaX Team
2015-05-19 20:59 ` PaX Team
2015-05-20 12:24 ` Anisse Astier
2015-05-20 12:24 ` Anisse Astier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431613188-4511-3-git-send-email-anisse@astier.eu \
--to=anisse@astier.eu \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=pageexec@freemail.hu \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=spender@grsecurity.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.