From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BA00C433F5 for ; Mon, 9 May 2022 20:58:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6862B6B0072; Mon, 9 May 2022 16:58:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6358A6B0073; Mon, 9 May 2022 16:58:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D8BD6B0074; Mon, 9 May 2022 16:58:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 3745B6B0072 for ; Mon, 9 May 2022 16:58:52 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 0E15E214DB for ; Mon, 9 May 2022 20:58:52 +0000 (UTC) X-FDA: 79447418904.17.F417602 Received: from mail-oo1-f52.google.com (mail-oo1-f52.google.com [209.85.161.52]) by imf16.hostedemail.com (Postfix) with ESMTP id 1B5F71800B0 for ; Mon, 9 May 2022 20:58:42 +0000 (UTC) Received: by mail-oo1-f52.google.com with SMTP id q7-20020a4adc47000000b0035f4d798376so1950705oov.6 for ; Mon, 09 May 2022 13:58:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:user-agent:date:message-id :subject:to:cc; bh=yJKJ2ATgX9mu3/IffO/J0EaKq/jvo17mocUEhwCAE60=; b=XSieEDeLW/rwABKUVPDCvXH0w6sECAEnkGHzfrpHucsx1SHRgM/dcBpPOgHjWjsqCb leo0ETy5XMaX5kEfyv+oImCvgn/Nr2Cc8dOl33/gdLVYmaNnfeGnl1hjnE945VnzLQv+ BbtHxr0VqtYXncjJAAbHq+uy1Wp20P5IVOeeI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:in-reply-to:references:from :user-agent:date:message-id:subject:to:cc; bh=yJKJ2ATgX9mu3/IffO/J0EaKq/jvo17mocUEhwCAE60=; b=dUP9kHxORj4muIEHrCLZ8xmVOyeWegouhBsAqj18jBdjnR8FeusdHOhWI8j/kgLp/R o6uiZsn+qSW22m0p+sRgctx/r0cRNgMO1pq7V0cLPWzRz+t8KylIMvN9sRMOSocduAys KXf27j6FodPqrrmlf39SVZEtCujFkMQFfEcfDmgtt/y6az2dd9rcr0cACmrSPXlDSCUw EGs3//DrG/4jOn04iEDM7AkaMqvpjrBu36YjZPh5jvzNiwVm6/Hg8PViZ1A9UpCdv37P dC+SYg1DBOKAOGN5JkTXwo6BMIwbNI4wASOkyeqg+QJv1Cy82tEhFvPfoIGjTrm5NSwi 1VYg== X-Gm-Message-State: AOAM530dUMVyms+SifStbnxcV2W0e+TzF0Fc49bR5Gxa5ziBJXeWRd5C vEazPtq9x6+v/t0ADgtPRrVIpUri1FqwnGmJxBwyDg== X-Google-Smtp-Source: ABdhPJwgrl6Fn8gygCe1A38ovT3ghIsMz7Z+cffAmaDb1TNKssJHWbHAPz8jQeXiKh9qKc+zQcnEutlFHA7Nq+3CFlQ= X-Received: by 2002:a4a:6b49:0:b0:329:99cd:4fb8 with SMTP id h9-20020a4a6b49000000b0032999cd4fb8mr6472783oof.25.1652129930567; Mon, 09 May 2022 13:58:50 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Mon, 9 May 2022 16:58:49 -0400 MIME-Version: 1.0 In-Reply-To: <8e472c9e-2076-bc25-5912-8433adf7b579@arbitrary.ch> References: <8e472c9e-2076-bc25-5912-8433adf7b579@arbitrary.ch> From: Stephen Boyd User-Agent: alot/0.10 Date: Mon, 9 May 2022 16:58:49 -0400 Message-ID: Subject: Re: [PATCH] Decouple slub_debug= from no_hash_pointers again To: Peter Gerber , kernel-hardening@lists.openwall.com, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Kees Cook , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , linux-mm@kvack.org, Petr Mladek Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 1B5F71800B0 X-Stat-Signature: n1qa5gje1kfdtyrxx6uynurqxfz5nuss X-Rspam-User: Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=XSieEDeL; spf=pass (imf16.hostedemail.com: domain of swboyd@chromium.org designates 209.85.161.52 as permitted sender) smtp.mailfrom=swboyd@chromium.org; dmarc=pass (policy=none) header.from=chromium.org X-Rspamd-Server: rspam09 X-HE-Tag: 1652129922-904680 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Quoting Peter Gerber (2022-05-08 07:56:29) > While, as mentioned in 792702911f58, no_hash_pointers is what > one wants for debugging, this option is also used for hardening. > > Various places recommend or use slub_debug for hardening: > > a) The Kernel Self Protection Project lists slub_debug as > a recommended setting. [1] > b) Debian offers package hardening-runtime [2] which enables > slub_debug for hardening. > c) Security- and privacy-oriented Tails enables slub_debug > by default [3]. > > I understand that encountering hashed pointers during debugging > is most unwanted. Thus, I updated the documentation to make > it as clear as possible that no_hash_pointers is what one > wants when using slub_debug for debugging. I also added a > mentioned of the hardening use case in order to discourage > any other, well-meant, tries to disable hashing with slub_debug. Why not add a CONFIG_HARDENED_SLUB option that enables poisoning and also makes slub debugging not print any messages to the kernel log containing object internal details? Then it can be enabled in the kernel config to harden slub and if the flag is enabled we don't hash pointers based on 'slub_debug' existing on the commandline? And maybe add some commandline argument like 'slub_debug=H' for "hardened" so it can be turned off as well if it is built into the config.