On Sat 2020-08-15 19:54:55, Matthew Wilcox wrote: > On Thu, Aug 13, 2020 at 06:19:21PM +0300, Alexander Popov wrote: > > +config SLAB_QUARANTINE > > + bool "Enable slab freelist quarantine" > > + depends on !KASAN && (SLAB || SLUB) > > + help > > + Enable slab freelist quarantine to break heap spraying technique > > + used for exploiting use-after-free vulnerabilities in the kernel > > + code. If this feature is enabled, freed allocations are stored > > + in the quarantine and can't be instantly reallocated and > > + overwritten by the exploit performing heap spraying. > > + This feature is a part of KASAN functionality. > > After this patch, it isn't part of KASAN any more ;-) > > The way this is written is a bit too low level. Let's write it in terms > that people who don't know the guts of the slab allocator or security > terminology can understand: > > Delay reuse of freed slab objects. This makes some security > exploits harder to execute. It reduces performance slightly > as objects will be cache cold by the time they are reallocated, > and it costs a small amount of memory. Written this way, it invites questions: Does it introduce any new deadlocks in near out-of-memory situations? Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature