Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752666AbbEGGes (ORCPT ); Thu, 7 May 2015 02:34:48 -0400 Received: from mail-wi0-f178.google.com ([209.85.212.178]:36701 "EHLO mail-wi0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752613AbbEGGen (ORCPT ); Thu, 7 May 2015 02:34:43 -0400 From: Anisse Astier Cc: Anisse Astier , Andrew Morton , Mel Gorman , "Kirill A. Shutemov" , David Rientjes , Alan Cox , Linus Torvalds , Peter Zijlstra , PaX Team , Brad Spengler , Kees Cook , Andi Kleen , "Rafael J. Wysocki" , Pavel Machek , Len Brown , linux-mm@kvack.org, linux-pm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 0/4] Sanitizing freed pages Date: Thu, 7 May 2015 08:34:08 +0200 Message-Id: <1430980452-2767-1-git-send-email-anisse@astier.eu> X-Mailer: git-send-email 1.9.3 To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3096 Lines: 71 Hi, I'm trying revive an old debate here[1], though with a simpler approach than was previously tried. This patch series implements a new option to sanitize freed pages, a (very) small subset of what is done in PaX/grsecurity[3], inspired by a previous submission [4]. The first patch is fairly independent, and could be taken as-is. The second is the meat and should be straight-forward to review. There are a few different uses that this can cover: - some cases of use-after-free could be detected (crashes), although this not as efficient as KAsan/kmemcheck - it can help with long-term memory consumption in an environment with multiple VMs and Kernel Same-page Merging on the host. [2] - finally, it can reduce infoleaks, although this is hard to measure. The approach is voluntarily kept as simple as possible. A single configuration option, no command line option, no sysctl nob. It can of course be changed, although I'd be wary of runtime-configuration options that could be used for races. I haven't been able to measure a meaningful performance difference when compiling a (in-cache) kernel; I'd be interested to see what difference it makes with your particular workload/hardware (I suspect mine is CPU-bound on this small laptop). Second patch fixes the hibernate use case which will load all the pages of the restored kernel, and then jump into it, leaving the loader kernel pages hanging around unclean. We use the free pages bitmap to know which pages should be cleaned after restore. Fourth patch is debug code that can be used to find issues if this feature fails on your system. It shouldn't necessarily be merged. Changes since v2: - reorder patches to fix hibernate first - update debug patch to use memchr_inv - cc linux-pm and maintainers Changes since v1: - fix some issues raised by David Rientjes, Andi Kleen and PaX Team. - add hibernate fix (third patch) - add debug code, this is "just in case" someone has an issue with this feature. Not sure if it should be merged. [1] https://lwn.net/Articles/334747/ [2] https://staff.aist.go.jp/k.suzaki/EuroSec12-SUZAKI-revised2.pdf [3] http://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sanitize_all_freed_memory [4] http://article.gmane.org/gmane.linux.kernel.mm/34398 Anisse Astier (4): mm/page_alloc.c: cleanup obsolete KM_USER* mm/page_alloc.c: add config option to sanitize freed pages PM / Hibernate: fix SANITIZE_FREED_PAGES mm: Add debug code for SANITIZE_FREED_PAGES kernel/power/hibernate.c | 7 ++++++- kernel/power/power.h | 4 ++++ kernel/power/snapshot.c | 24 ++++++++++++++++++++++ mm/Kconfig | 22 ++++++++++++++++++++ mm/page_alloc.c | 52 ++++++++++++++++++++++++++++++++++-------------- 5 files changed, 93 insertions(+), 16 deletions(-) -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/