On Tue, Dec 22, 2015 at 12:48 PM, Vlastimil Babka <vbabka@xxxxxxx> wrote:
> On 22.12.2015 4:40, Laura Abbott wrote:
>> Each of the different allocators (SLAB/SLUB/SLOB) handles
>> clearing of objects differently depending on configuration.
>> Add common infrastructure for selecting sanitization levels
>> (off, slow path only, partial, full) and marking caches as
>> appropriate.
>>
>> All credit for the original work should be given to Brad Spengler and
>> the PaX Team.
>>
>> Signed-off-by: Laura Abbott <laura@xxxxxxxxxxxx>
>>
>> +#ifdef CONFIG_SLAB_MEMORY_SANITIZE
>> +#ifdef CONFIG_X86_64
>> +#define SLAB_MEMORY_SANITIZE_VALUE '\xfe'
>> +#else
>> +#define SLAB_MEMORY_SANITIZE_VALUE '\xff'
>> +#endif
>> +enum slab_sanitize_mode {
>> + /* No sanitization */
>> + SLAB_SANITIZE_OFF = 0,
>> +
>> + /* Partial sanitization happens only on the slow path */
>> + SLAB_SANITIZE_PARTIAL_SLOWPATH = 1,
>
> Can you explain more about this variant? I wonder who might find it useful
> except someone getting a false sense of security, but cheaper.
> It sounds like wanting the cake and eat it too :)
> I would be surprised if such IMHO half-solution existed in the original
> PAX_MEMORY_SANITIZE too?
>
> Or is there something that guarantees that the objects freed on hotpath won't
> stay there for long so the danger of leak is low? (And what about
> use-after-free?) It depends on further slab activity, no? (I'm not that familiar
> with SLUB, but I would expect the hotpath there being similar to SLAB freeing
> the object on per-cpu array_cache. But, it seems the PARTIAL_SLOWPATH is not
> implemented for SLAB, so there might be some fundamental difference I'm missing.)
Perhaps the partial sanitize could be a separate patch so it's
features were more logically separated?
-Kees
--
Kees Cook
Chrome OS & Brillo Security
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>