From: Michal Hocko <mhocko@kernel.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Alexander Potapenko <glider@google.com>,
akpm@linux-foundation.org, cl@linux.com, dvyukov@google.com,
keescook@chromium.org, labbott@redhat.com, linux-mm@kvack.org,
linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: Re: [PATCH 1/3] mm: security: introduce the init_allocations=1 boot option
Date: Tue, 23 Apr 2019 10:31:48 +0200 [thread overview]
Message-ID: <20190423083148.GF25106@dhcp22.suse.cz> (raw)
In-Reply-To: <981d439a-1107-2730-f27e-17635ee4a125@intel.com>
On Thu 18-04-19 09:35:32, Dave Hansen wrote:
> On 4/18/19 8:42 AM, Alexander Potapenko wrote:
> > This option adds the possibility to initialize newly allocated pages and
> > heap objects with zeroes. This is needed to prevent possible information
> > leaks and make the control-flow bugs that depend on uninitialized values
> > more deterministic.
>
> Isn't it better to do this at free time rather than allocation time? If
> doing it at free, you can't even have information leaks for pages that
> are in the allocator.
I would tend to agree here. Free path is usually less performance sensitive
than the allocation. Those really hot paths tend to defer the work.
I am also worried that an opt-out gfp flag would tend to be used
incorrectly as the history has shown for others - e.g. __GFP_TEMPORARY.
So I would rather see this robust without a fine tuning unless there is
real use case that would suffer from this and we can think of a
background scrubbing or something similar.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2019-04-23 8:31 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 15:42 [PATCH 0/3] RFC: add init_allocations=1 boot option Alexander Potapenko
2019-04-18 15:42 ` [PATCH 1/3] mm: security: introduce the " Alexander Potapenko
2019-04-18 16:35 ` Dave Hansen
2019-04-18 16:43 ` Alexander Potapenko
2019-04-18 16:50 ` Alexander Potapenko
2019-04-23 8:31 ` Michal Hocko [this message]
2019-04-18 22:08 ` Randy Dunlap
2019-04-23 19:00 ` Kees Cook
2019-04-26 12:12 ` Alexander Potapenko
2019-04-23 20:36 ` Dave Hansen
2019-04-26 14:14 ` Christopher Lameter
[not found] ` <alpine.DEB.2.21.1904260911570.8340@nuc-kabylake>
2019-04-26 15:24 ` Christopher Lameter
2019-04-26 15:48 ` Alexander Potapenko
2019-04-18 15:42 ` [PATCH 2/3] gfp: mm: introduce __GFP_NOINIT Alexander Potapenko
2019-04-18 16:52 ` Dave Hansen
2019-04-23 19:14 ` Kees Cook
2019-04-23 20:40 ` Dave Hansen
2019-04-23 19:11 ` Kees Cook
2019-04-18 15:42 ` [PATCH 3/3] RFC: net: apply __GFP_NOINIT to AF_UNIX sk_buff allocations Alexander Potapenko
2019-04-23 19:17 ` Kees Cook
2019-04-18 15:44 ` [PATCH 0/3] RFC: add init_allocations=1 boot option Alexander Potapenko
2019-04-18 22:07 ` Randy Dunlap
2019-04-23 18:49 ` Kees Cook
2019-04-26 12:39 ` Alexander Potapenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190423083148.GF25106@dhcp22.suse.cz \
--to=mhocko@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=dave.hansen@intel.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).