Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2769144pxb;
        Tue, 9 Mar 2021 10:20:02 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx0NcglPaUD8ZpdaX2KT7PCpnKoYCMTJU6c/wWaa1nPrKuqtID8LhxV/NWY9q8zl/Nbt+IM
X-Received: by 2002:a17:906:3b41:: with SMTP id h1mr20878483ejf.506.1615314002584;
        Tue, 09 Mar 2021 10:20:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1615314002; cv=none;
        d=google.com; s=arc-20160816;
        b=KPriLa/dmQnga3+RYXZGPNKpWEbE77dhxby9UBQKRrgE7LY8Z2xrU3LNLbsxREka6r
         5SSLTWCpjvWRUha7bT19VZCrzmpRNdm9o8V/XOdxRBW56PSIWbncvD2//ZxSSX5itNrT
         uxcf+DBRsoF3nk8S1UQ+BMz3YbAaktG3HTM8SCtiKjgAZCqhq/3fgMEqR8VfPvajL6Fs
         AR0Ew7mgm13PSJq7Oyh6upcKhdTZxPWK+EprYtnmjHXTnNz3lABPUmOZrn/CrVuMGRhB
         rFA8egGOlfsKZ6cZUJljNrNsQiZive9S+sNSZPMeipSexR5Mn4snJRfclHpRDLMdMpD/
         i6iQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=A1pSSIZ5wV2a8pxUdEbhjJE2DWZSvQ1kKaHTVmN8fzE=;
        b=uHCygB+xsbCNb/F8xerQAAZSyXdmxAfgSv2c5peEcIp0x/uui3s5spnhRs9YsCHeaH
         tDSGKyv2+B6w66DtVziyVkJk2SdAD3Cf6VlSdRcPWEETfqwkdy7XV9ntImrul4nKqLRh
         CI+5iZg2LBrCckzUYBVPYDY3ycMDh4PIRGyYv8jaMkIq+gVY9Ta72++W2nEx2N0zCHzl
         qRcymMq+FVJNwN7MzsuxaHpBupvUdMJtPGCNllHgeiQWg+xGYMjKOVsHoCqloyA6CFiz
         DIPThYCTgh7GRoEOSpwPIVu2ZYqp5fptQKZhqrX1dOy2nNwQiF9fV7/f4etuQVvFYsX0
         sDaQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u4si9998287ejy.135.2021.03.09.10.19.39;
        Tue, 09 Mar 2021 10:20:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229916AbhCISSf (ORCPT <rfc822;lyj496332184@gmail.com>
        + 99 others); Tue, 9 Mar 2021 13:18:35 -0500
Received: from mx2.suse.de ([195.135.220.15]:38190 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231131AbhCISSe (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Mar 2021 13:18:34 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id B503FAEC4;
        Tue,  9 Mar 2021 18:18:33 +0000 (UTC)
Subject: Re: [PATCH] mm/slub: Add slub_debug option to panic on memory
 corruption
To:     Georgi Djakov <georgi.djakov@linaro.org>, linux-mm@kvack.org,
        akpm@linux-foundation.org, cl@linux.com, penberg@kernel.org,
        rientjes@google.com, iamjoonsoo.kim@lge.com
Cc:     corbet@lwn.net, linux-doc@vger.kernel.org,
        linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>
References: <20210309134720.29052-1-georgi.djakov@linaro.org>
 <390d8a2f-ead9-48a9-99eb-65c73bd18422@suse.cz>
 <6bfebf01-5f52-49bd-380b-04785c474c81@linaro.org>
From:   Vlastimil Babka <vbabka@suse.cz>
Message-ID: <8fd43de6-71e4-cfe7-8208-32753cf1c363@suse.cz>
Date:   Tue, 9 Mar 2021 19:18:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <6bfebf01-5f52-49bd-380b-04785c474c81@linaro.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 3/9/21 7:14 PM, Georgi Djakov wrote:
> Hi Vlastimil,
> 
> Thanks for the comment!
> 
> On 3/9/21 17:09, Vlastimil Babka wrote:
>> On 3/9/21 2:47 PM, Georgi Djakov wrote:
>>> Being able to stop the system immediately when a memory corruption
>>> is detected is crucial to finding the source of it. This is very
>>> useful when the memory can be inspected with kdump or other tools.
>>
>> Is this in some testing scenarios where you would also use e.g. panic_on_warn?
>> We could hook to that. If not, we could introduce a new
>> panic_on_memory_corruption that would apply also for debug_pagealloc and whatnot?
> 
> I would prefer that we not tie it with panic_on_warn - there might be lots of
> new code in multiple subsystems, so hitting some WARNing while testing is not
> something unexpected.
> 
> Introducing an additional panic_on_memory_corruption would work, but i noticed
> that we already have slub_debug and thought to re-use that. But indeed, аdding
> an option to panic in for example bad_page() sounds also useful, if that's what
> you suggest.

Yes, that would be another example.
Also CCing Kees for input, as besides the "kdump ASAP for debugging" case, I can
imagine security hardening folks could be interested in the "somebody might have
just failed to pwn the kernel, better panic than let them continue" angle. But
I'm naive wrt security, so it might be a stupid idea :)

Vlastimil


> Thanks,
> Georgi