Provide init_on_alloc and init_on_free boot options.
These are aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic.
Enabling either of the options guarantees that the memory returned by the
page allocator and SL[AOU]B is initialized with zeroes.
Enabling init_on_free also guarantees that pages and heap objects are
initialized right after they're freed, so it won't be possible to access
stale data by using a dangling pointer.
As suggested by Michal Hocko, right now we don't let the heap users to
disable initialization for certain allocations. There's not enough
evidence that doing so can speed up real-life cases, and introducing
ways to opt-out may result in things going out of control.
Alexander Potapenko (3):
mm: security: introduce init_on_alloc=1 and init_on_free=1 boot
options
mm: init: report memory auto-initialization features at boot time
lib: introduce test_meminit module
.../admin-guide/kernel-parameters.txt | 8 +
drivers/infiniband/core/uverbs_ioctl.c | 2 +-
include/linux/mm.h | 22 ++
init/main.c | 24 ++
kernel/kexec_core.c | 2 +-
lib/Kconfig.debug | 8 +
lib/Makefile | 1 +
lib/test_meminit.c | 208 ++++++++++++++++++
mm/dmapool.c | 2 +-
mm/page_alloc.c | 63 +++++-
mm/slab.c | 16 +-
mm/slab.h | 16 ++
mm/slob.c | 22 +-
mm/slub.c | 27 ++-
net/core/sock.c | 2 +-
security/Kconfig.hardening | 14 ++
16 files changed, 416 insertions(+), 21 deletions(-)
create mode 100644 lib/test_meminit.c
---
v3: dropped __GFP_NO_AUTOINIT patches
--
2.21.0.1020.gf2820cf01a-goog
