On Tue, Jun 11, 2024 at 03:52:49PM -0700, Christoph Lameter (Ampere) wrote: > On Mon, 10 Jun 2024, Vlastimil Babka wrote: > > > Even if some security people enable parts of slub debugging for security > > people it is my impression they would rather panic/reboot or have memory > > leaked than trying to salvage the slab page? (CC Kees) > > In the past these resilience features have been used to allow the continued > operation of a broken kernel. > > So first the Kernel crashed with some obscure oops in the allocator due to > metadata corruption. > > One can then put a slub_debug option on the kernel command line which will > result in detailed error reports on what caused the corruption. It will also > activate resilience measures that will often allow the continued operation > until a fix becomes available. Sure, as long as it's up to the deployment. I just don't want padding errors unilaterally ignored. If it's useful, there's the CHECK_DATA_CORRUPTION() macro. That'll let a deployment escalate the issue from WARN to BUG, etc. -- Kees Cook
