On 4/18/19 8:42 AM, Alexander Potapenko wrote: > This option adds the possibility to initialize newly allocated pages and > heap objects with zeroes. This is needed to prevent possible information > leaks and make the control-flow bugs that depend on uninitialized values > more deterministic. > > Initialization is done at allocation time at the places where checks for > __GFP_ZERO are performed. We don't initialize slab caches with > constructors to preserve their semantics. To reduce runtime costs of > checking cachep->ctor we replace a call to memset with a call to > cachep->poison_fn, which is only executed if the memory block needs to > be initialized. > > For kernel testing purposes filling allocations with a nonzero pattern > would be more suitable, but may require platform-specific code. To have > a simple baseline we've decided to start with zero-initialization. > > No performance optimizations are done at the moment to reduce double > initialization of memory regions. > > Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx> > Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > Cc: Nick Desaulniers <ndesaulniers@xxxxxxxxxx> > Cc: Kostya Serebryany <kcc@xxxxxxxxxx> > Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Sandeep Patil <sspatil@xxxxxxxxxxx> > Cc: Laura Abbott <labbott@xxxxxxxxxx> > Cc: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> > Cc: Jann Horn <jannh@xxxxxxxxxx> > Cc: Mark Rutland <mark.rutland@xxxxxxx> > Cc: Qian Cai <cai@xxxxxx> > Cc: Vlastimil Babka <vbabka@xxxxxxx> > Cc: linux-mm@xxxxxxxxx > Cc: linux-security-module@xxxxxxxxxxxxxxx > Cc: kernel-hardening@xxxxxxxxxxxxxxxxxx > --- > drivers/infiniband/core/uverbs_ioctl.c | 2 +- > include/linux/mm.h | 8 ++++++++ > include/linux/slab_def.h | 1 + > include/linux/slub_def.h | 1 + > kernel/kexec_core.c | 2 +- > mm/dmapool.c | 2 +- > mm/page_alloc.c | 18 +++++++++++++++++- > mm/slab.c | 12 ++++++------ > mm/slab.h | 1 + > mm/slab_common.c | 15 +++++++++++++++ > mm/slob.c | 2 +- > mm/slub.c | 8 ++++---- > net/core/sock.c | 2 +- > 13 files changed, 58 insertions(+), 16 deletions(-) > Hi, Please document init_allocations=N in Documentation/admin-guide/kernel-parameters.txt. thanks. -- ~Randy
