On Wed, Feb 08, 2023 at 11:45:14AM +0100, Vlastimil Babka wrote: > But I wonder also what kernel hardening folks think here - are the hardened > kernels usually built with DEBUG_VM or debug_pagealloc enabled, or would you > like to hook some other kernel option for keeping the checks on page/alloc > free active? And should those checks be done on every alloc/free, including > pcplist cached allocations? What we're depending on for heap-related (i.e. both page allocator and slab) hardening currently is: - CONFIG_SLAB_FREELIST_HARDENED - pointer obfuscation (SLUB) -- freelist_ptr(), set_freepointer() - pool membership verification (SLUB and SLAB) -- cache_from_obj() - consecutive double free detection (SLUB and SLAB) -- __free_one() - allocation order randomization - CONFIG_SLAB_FREELIST_RANDOM (SLUB and SLAB) - CONFIG_SHUFFLE_PAGE_ALLOCATOR (page allocator) - memory wiping (both slab and page allocator) - init_on_alloc / CONFIG_INIT_ON_ALLOC_DEFAULT_ON - init_on_free / CONFIG_INIT_ON_FREE_DEFAULT_ON I'd be nice to gain slab redzone verification, but that seems expensive enough that anyone interested in that level of hardening has likely turned on full KASAN. -- Kees Cook
