On 16.08.2020 22:59, Pavel Machek wrote: > On Sat 2020-08-15 19:54:55, Matthew Wilcox wrote: >> On Thu, Aug 13, 2020 at 06:19:21PM +0300, Alexander Popov wrote: >>> +config SLAB_QUARANTINE >>> + bool "Enable slab freelist quarantine" >>> + depends on !KASAN && (SLAB || SLUB) >>> + help >>> + Enable slab freelist quarantine to break heap spraying technique >>> + used for exploiting use-after-free vulnerabilities in the kernel >>> + code. If this feature is enabled, freed allocations are stored >>> + in the quarantine and can't be instantly reallocated and >>> + overwritten by the exploit performing heap spraying. >>> + This feature is a part of KASAN functionality. >> >> After this patch, it isn't part of KASAN any more ;-) >> >> The way this is written is a bit too low level. Let's write it in terms >> that people who don't know the guts of the slab allocator or security >> terminology can understand: >> >> Delay reuse of freed slab objects. This makes some security >> exploits harder to execute. It reduces performance slightly >> as objects will be cache cold by the time they are reallocated, >> and it costs a small amount of memory. > > Written this way, it invites questions: > > Does it introduce any new deadlocks in near out-of-memory situations? Linux kernel with enabled KASAN is heavily tested by syzbot. I think Dmitry and Andrey can give good answers to your question. Some time ago I was doing Linux kernel fuzzing with syzkaller on low memory virtual machines (with KASAN and LOCKUP_DETECTOR enabled). I gave less than 1G to each debian stretch VM. I didn't get any special deadlock caused by OOM. Best regards, Alexander
