From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C8F5C636D3 for ; Thu, 9 Feb 2023 00:35:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CB3E96B0071; Wed, 8 Feb 2023 19:35:25 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C64126B0072; Wed, 8 Feb 2023 19:35:25 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B2B906B0074; Wed, 8 Feb 2023 19:35:25 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A02506B0071 for ; Wed, 8 Feb 2023 19:35:25 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6CF1340600 for ; Thu, 9 Feb 2023 00:35:25 +0000 (UTC) X-FDA: 80445884610.01.16FAFAF Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by imf17.hostedemail.com (Postfix) with ESMTP id 8BE1740007 for ; Thu, 9 Feb 2023 00:35:22 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=TT7INl3U; spf=pass (imf17.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.46 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675902922; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=w3/tbsKAE6pHdBxaD3xoFp2iWmuueGZM8Ld1HBgpBx4=; b=hqz7HFbXp1RHEpxLy7lupqYRVsrAVGjLKvGAm7jT6d5EA5e1GtN+lRs981pHRoOqhQCq/w gJD0fGxAfIJGCicu693IpLNJ4H07mHhc1NUUuF/cfrBcBiOCQFDdHTNMybhVxCNH3HhKre pANcZhf/LSBA7tHLJrmeXiGYp/xqO14= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=TT7INl3U; spf=pass (imf17.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.46 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675902922; a=rsa-sha256; cv=none; b=FvNkFU2FahIalu9Rmc7hhL/XF6hcKRHtxeW7BGxPDWz0FBNSWWz3gOXp8NrHq4kGqUVsY7 9ykve2GDLdeaJzikLza0H2o7BV9cSkSzztG7Fo1QL/EJ7iwXk84qLaQGVuvdSXFgw0DvV0 t1n+CFz63BVM0fybVWRHaqd5MBu/CeU= Received: by mail-pj1-f46.google.com with SMTP id f16-20020a17090a9b1000b0023058bbd7b2so760941pjp.0 for ; Wed, 08 Feb 2023 16:35:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:subject:cc :to:from:date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=w3/tbsKAE6pHdBxaD3xoFp2iWmuueGZM8Ld1HBgpBx4=; b=TT7INl3UeTVm7i5ccOWOemNKA1TCJ56sZtnxxR4JLLKn1VTZ4dubReYPNA+0b1PIcP yJzQaguHkiTmZA3YRhyN7Q3ftZh1lXEGF6a5QoXz5S/I795cAFeBkusjPDLRiANeK06n 0FnyMhzulVrIBw73CXW/Y3YLxIXrdHEfAZIPE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:subject:cc :to:from:date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=w3/tbsKAE6pHdBxaD3xoFp2iWmuueGZM8Ld1HBgpBx4=; b=6k+B6yRmkhp7LSrV1Bb0D9XNocJKi5Zg8EJ7unG3XTWBa3Ojb3+x0a33p2/53q+4vc GgBRVReiYaFxiRCHndU4euNDpwXOkt9eBqiLom5Ox2mlpaLInEBFaN5iT27TvYUNfjgb 5oRwZlV8KT6d6eDtAbZfM4Aid00feV0J08xJ/CrfX4RsuNns1DZ7mTu6UTOXlOrfLzSD r4gYvV56gYg0hiAxmpx2dqqUyDfQG6UaENzI3A65VBnsuADPKxIWVOjEQEwu61tA72+t Shht8svMy/8V5oHquUSkGMmRcXeeg+STJZI2TTlt+79Iaj5GTaPqNfsanVxrc3TaJ0Cs 5uYw== X-Gm-Message-State: AO0yUKWvrvEV4ABTFqqdoxc+i7NzUl29R1tx3D0WomogpxNO9ntt5BT9 2JcqTIcbWa9WeHZxxnBvA+vTGg== X-Google-Smtp-Source: AK7set+wKMq6T3qyb881FsIGkRTd5IAeXJrKAiit4gN6PbY0p0AdJjwp14n/PBLDuWVjxVDnkTuZSg== X-Received: by 2002:a17:902:e841:b0:196:2bf1:b690 with SMTP id t1-20020a170902e84100b001962bf1b690mr11005685plg.13.1675902921336; Wed, 08 Feb 2023 16:35:21 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id jw14-20020a170903278e00b001743ba85d39sm64721plb.110.2023.02.08.16.35.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Feb 2023 16:35:20 -0800 (PST) Message-ID: <63e43fc8.170a0220.954a3.026d@mx.google.com> X-Google-Original-Message-ID: <202302081634.@keescook> Date: Wed, 8 Feb 2023 16:35:19 -0800 From: Kees Cook To: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Vlastimil Babka , Stephen Boyd , concord@gentoo.org, Pekka Enberg , David Rientjes , Joonsoo Kim , Petr Mladek , linux-mm@kvack.org, stable@vger.kernel.org, Steven Rostedt , Sergey Senozhatsky , Andy Shevchenko , Rasmus Villemoes , Christoph Lameter , Andrew Morton , Roman Gushchin , Keith Busch , Jens Axboe , Bart Van Assche , Mikulas Patocka , Ard Biesheuvel , Mark Rutland , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] Revert "slub: force on no_hash_pointers when slub_debug is enabled" References: <20230208194712.never.999-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 8BE1740007 X-Stat-Signature: pfzibr9ais41kugkxinidfz4xksbqzkw X-HE-Tag: 1675902922-209161 X-HE-Meta: U2FsdGVkX1/jqG2dIclaLp7d91tlBiDi5BxLOnCnUInYTIW+RILqvrRTTe89QZNXLImIJOGLSmKnbzcpDTban4b//G3jb9qpQveKO0BGW2rc2Yv0qPZEHRutx6EEbrM5CWFmoNkvxtd0Fg6/owLojvNJYX3UfpO+y+RFACBH8x8v7Ejpypv85eTVe9MsnQpnm92IMoE4H0yazKpKFUpNvi/H0u0jO5zOpvzlOusOA6b2Vf0BQ2CmFG9D41w42BivXospzuUXjUkpxvzJs3DnxKx5UXs348JiVJf0HCknqKMlvk2qCen0wD0n9+2a+rvGBMTRCYspjI7C4HpT23vmUGhUlcueby5X91EdHD+CHx8Uv2n+ehHUoam7XBuFymyvNad6clzL6MXvQGmKSFPOLauPKWXgxhrU4WYyQh8XnLZ5+5eK+qFIEkXwrR0DATVaFM6fO8kizlf5A6bzQJv9oE7Oiy5AR2LY3yHYECDe+1GcZ41sPMV5Motr6s9trS/YShnHBggUJUngmSCItKTthIlA4+zQyyoi2WaF557ifuqKvteut/1g3YpX3SDKre4JIXfYGADyNLLPAKPQIsJ2v0mqlZ7k7hWrsqwnVylhjyi3RKKk+/AIsKAdXnCnOmveYOFp3qr/PA2sMD9+YqAPOHOGiLZtqAbgfzJs3J27ilWDeF7xVESEQe+wdG7hpQbjQ+1boHP70ekHtqrVNYF+nRlHrkehBglQ6+l8H3CIS1qXgVD2jWVh0QtevAvDP4G63r97em4wKAkhBtC/ff+BTLNZ7iseLYUAOSt4TA4eaLM+zjRyxOY9nrQdi15FVor2CsGg2lBkZOZ9fGk9kUVv6HFkKc1IlpAgARke5aReRcGqyswm1++AgMezMUVL14ZC9YznwLwAoZSj6PGohzCjtv0er6pS2tS5CPxCd1eVQVKzTS1k2A//KRmT3Xdv8+gYFBhvg8QXLr05KKTjXKQ WxhotEA8 dfia8ElBxG+jfkOb6cAR3Z+wsqqEyQgx/Zk6EvDlwRQyDMbi60fyP+FZn/khviOO4LapmMeMQ1AZubeAnUbyylI3EMN731V3nfx8yeR1HdZO00aLgx/vpkeeiQDJztLBDq8RsSVHt8jPaVDt753jryGKBbLjiZ7FqCr8SosaFpQK62gk0f6s8jnRs4wZVtseaJDE6fdd4wYPuERL+sbn8Pkbm+x+2/8VdXeZoP1qSRlhHraa4PAVfkKbDvAi+gUTQuDGchnRbN9sMqU3mvg/zGXbLNmwImeiKxEvlx5BjfiPF6EJEZ9VP719jKCuyFZv7JqluUz01HZTWPsZCZaXqVE61fO+GoPawnAbhIk58F227s7pHjYPapr/80mghq0PMH+WjntkgfQmv5iaa/RH7T20MTBUImapmWXzQV+MhlxMn6dosavGSYuP56hMw0Mps/ijzduZgSLvc62K44OSncpMJbVCR/dWe//iR25BCim0Hh60KZ2w1fT/JC/FqDR0EGuXRIZSMIn2LPW84eNHCILRYTSdwTdzXVHja7Bih1M4c2GPq0DPPL1SpSeU+4ZuUdirlgRbDFSJ3thU9pOXAeo2YpgEH4AFBSgBEuDl0VpRwR6mxNHBTsmnBi9PoVmmhfnLVATIB3NMeGy2tRyqonSI0qzOniejVSXm9WfuqjpY52GWH1n/ufUKkO+KwqVSmWWZzcloFL4NnZPMRChf/uielKeQFZjeS6Wh5vPOSa2dPc2Oy/jpbZ8cdzPbGUlo1Gdl1d3vzRyJjgF7Mr04rXEEU1oPM7/GGxpy8mJDaRioF0CABKleAhvhZnjVR1lzrTQAg X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Feb 08, 2023 at 11:58:54PM +0000, Hyeonggon Yoo wrote: > On Wed, Feb 08, 2023 at 11:47:17AM -0800, Kees Cook wrote: > > This reverts commit 792702911f581f7793962fbeb99d5c3a1b28f4c3. > > > > Linking no_hash_pointers() to slub_debug has had a chilling effect > > on using slub_debug features for security hardening, since system > > builders are forced to choose between redzoning and heap address location > > exposures. Instead, just require that the "no_hash_pointers" boot param > > needs to be used to expose pointers during slub_debug reports. > > > > Cc: Vlastimil Babka > > Cc: Stephen Boyd > > Cc: concord@gentoo.org > > Cc: Pekka Enberg > > Cc: David Rientjes > > Cc: Joonsoo Kim > > Cc: Petr Mladek > > Cc: linux-mm@kvack.org > > Cc: stable@vger.kernel.org > > Link: https://lore.kernel.org/lkml/202109200726.2EFEDC5@keescook/ > > Signed-off-by: Kees Cook > > in the commit message: > > > Obscuring the pointers that slub shows when debugging makes for some > > confusing slub debug messages: > > > > Padding overwritten. 0x0000000079f0674a-0x000000000d4dce17 > > > > Those addresses are hashed for kernel security reasons. If we're trying > > to be secure with slub_debug on the commandline we have some big > > problems given that we dump whole chunks of kernel memory to the kernel > > logs. > > it dumps parts of kernel memory anyway and I'm not sure if slub_debug is > supposed to be used for security hardening. > > what about introducing new boot parameter like, slub_hardening, > which does not print anything? But it would be parsed for the same options? Redzoning, for example, is the common thing used for folks interested in detecting memory corruption attacks, etc. -- Kees Cook