On Tue, Apr 9, 2019 at 11:32 AM Mark Rutland <mark.rutland@xxxxxxx> wrote: > > On Mon, Apr 08, 2019 at 07:04:18PM +0200, Alexander Potapenko wrote: > > This config option enables CONFIG_SLUB_DEBUG and CONFIG_PAGE_POISONING > > without the need to pass any boot parameters. > > > > No performance optimizations are done at the moment to reduce double > > initialization of memory regions. > > > > Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx> > > Cc: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx> > > Cc: James Morris <jmorris@xxxxxxxxx> > > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > > Cc: Nick Desaulniers <ndesaulniers@xxxxxxxxxx> > > Cc: Kostya Serebryany <kcc@xxxxxxxxxx> > > Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > > Cc: Sandeep Patil <sspatil@xxxxxxxxxxx> > > Cc: linux-security-module@xxxxxxxxxxxxxxx > > Cc: linux-kbuild@xxxxxxxxxxxxxxx > > Cc: kernel-hardening@xxxxxxxxxxxxxxxxxx > > --- > > v3: > > - addressed comments by Masahiro Yamada (Kconfig fixes) > > --- > > mm/page_poison.c | 5 +++++ > > mm/slub.c | 2 ++ > > security/Kconfig.initmem | 11 +++++++++++ > > 3 files changed, 18 insertions(+) > > > > diff --git a/mm/page_poison.c b/mm/page_poison.c > > index 21d4f97cb49b..a1985f33f635 100644 > > --- a/mm/page_poison.c > > +++ b/mm/page_poison.c > > @@ -12,9 +12,14 @@ static bool want_page_poisoning __read_mostly; > > > > static int __init early_page_poison_param(char *buf) > > { > > +#ifdef CONFIG_INIT_ALL_HEAP > > + want_page_poisoning = true; > > + return 0; > > +#else > > if (!buf) > > return -EINVAL; > > return strtobool(buf, &want_page_poisoning); > > +#endif > > } > > early_param("page_poison", early_page_poison_param); > > IIUC this is only called if page_poison is passed on the command line, > so want_page_poisoning won't be set automatically unless that's passed. > > Presumably you want to initialize it at definition with: > > static bool want_page_poisoning __read_mostly = IS_ENABLED(CONFIG_INIT_ALL_HEAP); Yes, I've misunderstood how boot parameters work. Thanks for the suggestions! We'd better look into wiping allocations without POISON_SLAB though. > with: > > #ifndef CONFIG_INIT_ALL_HEAP > static int __init early_page_poison_param(char *buf) > { > ... > } > early_param("page_poison", early_page_poison_param); > #endif > > ... so that it can't be disabled? > > Thanks, > Mark. -- Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Straße, 33 80636 München Geschäftsführer: Paul Manicle, Halimah DeLaine Prado Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg