On 11 May 2015 at 9:59, Anisse Astier wrote: > > Otherwise it looks good to me... if the sanitization is considered > > useful. Did it catch some bugs in the past? > > > > I've read somewhere that users of grsecurity claim that it caught bugs > in some drivers, but I haven't verified that personally; it's probably > much less useful than kasan (or even the original grsec feature) as a > bug-catcher since it doesn't clear freed slab buffers. the PaX SANITIZE feature wasn't developed for catching use-after-free bugs but to help reduce data lifetime from the kernel while not killing too much performance (this is why i was reluctant to add a finer grained version to do slab object sanitization until Mathias Krause came up with a workable compromise). another reason page zeroing isn't good at catching these bugs is that the 0 fill value will produce NULL pointers which are often explicitly handled already. on the other hand changing the fill value would not allow the __GFP_ZERO performance optimization (the slab sanitization feature is a different story however, we have a non-0 fill value and it keeps triggering use-after-free bugs). -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>