Re: [PATCH 41/43] security: kmsan: fix interoperability with auto-initialization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 14, 2021 at 06:00:41PM +0100, Alexander Potapenko wrote:
> On Tue, Dec 14, 2021 at 5:38 PM Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > > @@ -124,6 +125,7 @@ choice
> > >       config INIT_STACK_ALL_ZERO
> > >               bool "zero-init everything (strongest and safest)"
> > >               depends on CC_HAS_AUTO_VAR_INIT_ZERO
> > > +             depends on !KMSAN
> >
> > So this means KMSAN is a developer debugging feature only and should
> > never be turned on on a real device/server that has users?
> 
> 100% correct. KMSAN is way slower than KASAN, it also eats 2/3 of your
> memory to store the metadata.
> I thought it was sort of self-evident, but I can surely mention this
> explicitly in the cover letter.

Please mention it here and in the Kconfig option for it as well (don't
know if it was there or not.)

Also you might want to print out very large "DO NOT USE THIS ON A REAL
MACHINE" to the kernel log when booting, like other kernel options are
starting to do that should not be enabled.

thanks,

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux