From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D053C433E1 for ; Thu, 20 Aug 2020 00:35:21 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 00D482078D for ; Thu, 20 Aug 2020 00:35:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="I44SqANg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 00D482078D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 82A786B00A5; Wed, 19 Aug 2020 20:35:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7DB016B00A7; Wed, 19 Aug 2020 20:35:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F1776B00AA; Wed, 19 Aug 2020 20:35:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0119.hostedemail.com [216.40.44.119]) by kanga.kvack.org (Postfix) with ESMTP id 5A1856B00A5 for ; Wed, 19 Aug 2020 20:35:20 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 1B80A362E for ; Thu, 20 Aug 2020 00:35:20 +0000 (UTC) X-FDA: 77169078000.16.glove50_0004f352702c Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id DABA1100E6903 for ; Thu, 20 Aug 2020 00:35:19 +0000 (UTC) X-HE-Tag: glove50_0004f352702c X-Filterd-Recvd-Size: 4746 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by imf01.hostedemail.com (Postfix) with ESMTP for ; Thu, 20 Aug 2020 00:35:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1597883718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=MWnHjLON1AfOs3QMZm9Z3/r0rb/4p0ijKhFTvUBOc+k=; b=I44SqANg7ABKcfJm5YCpUGvkLF6qSBfJMNnKng4tFslGd+bwkBx3fYMTSUmcCAYoH2r6KM VUsmanVlm2SJzp0ubasL2zCA/rnl425G2FdnLc50uq6wEpm75TTcZimV6KYycEbGnVc4/C M9FI4Vxwxp3gD9F9EMC+xT618XaQCNI= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-528-UT1BBBgIP9CizMew-ykbDQ-1; Wed, 19 Aug 2020 20:35:16 -0400 X-MC-Unique: UT1BBBgIP9CizMew-ykbDQ-1 Received: by mail-ed1-f71.google.com with SMTP id v11so214944edr.13 for ; Wed, 19 Aug 2020 17:35:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MWnHjLON1AfOs3QMZm9Z3/r0rb/4p0ijKhFTvUBOc+k=; b=IYeI8sbQoQeHF1QaFZiVsIQAlK8OTCanZGFxcTc6aBVDbct0YU40LRvlXiDx1O2XMU 2XucM3W103yGuINSasg2jNKjw7z/ViOR1C2+TNjOze4o6pbNVVbBq4KlNI99F4mwDDqn OrpQvG17z3S8qs13Vd08hCusZ8AdEgTiCqemwrIA6lzWRQ28CsSPZffSVAsKADyF/QZ1 FbnYKJEL45rD768yntOyCzMg9wnRTX1T2tR0t1naeNkQlnx6D246XNdZGe9OVHh/KQrZ PnRv0YJChCa8wftQB4nfHX/NW8JnFMTBoSNyVfltLWDqlaZto0FTndn630pqLOspSr2w EebQ== X-Gm-Message-State: AOAM533GxdVFjP+Wy7dAUz33gWfoMuN/pOBL/E5r9lPBY2e6DcrBV9hv k5FolAUWao2EKmqLaTPT7xfe3Ert1OWLUfJ33Tqzkn6vk2fvt3kEUu+FxePmFurw3olwptmbFQH cvj11s6+ascisQ2juV82q6lFQ7C4= X-Received: by 2002:a17:906:a0c5:: with SMTP id bh5mr865249ejb.120.1597883714930; Wed, 19 Aug 2020 17:35:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7eXB6HBV617/T7RupL6xoWk4Q/Xd1WoVjayR5ltC7LorRr4B5FkqEg13RK1ed3/MHQ5trENdPQOFI5AxyD+0= X-Received: by 2002:a17:906:a0c5:: with SMTP id bh5mr865230ejb.120.1597883714728; Wed, 19 Aug 2020 17:35:14 -0700 (PDT) MIME-Version: 1.0 References: <202008191626.1420C63231@keescook> In-Reply-To: <202008191626.1420C63231@keescook> From: Jirka Hladky Date: Thu, 20 Aug 2020 02:35:04 +0200 Message-ID: Subject: Re: init_on_alloc/init_on_free boot options To: Kees Cook Cc: Alexander Potapenko , kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-security-module@vger.kernel.org Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jhladky@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: DABA1100E6903 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam05 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Thanks a lot for the clarification! I was scratching my head if it makes sense to enable both options simultaneously. On Thu, Aug 20, 2020 at 1:36 AM Kees Cook wrote: > > On Thu, Aug 20, 2020 at 12:18:33AM +0200, Jirka Hladky wrote: > > Could you please help me to clarify the purpose of init_on_alloc=1 > > when init_on_free is enabled? > > It's to zero memory at allocation time. :) (They are independent > options.) > > > If I get it right, init_on_free=1 alone guarantees that the memory > > returned by the page allocator and SL[AU]B is initialized with zeroes. > > No, it's guarantees memory freed by the page/slab allocators are zeroed. > > > What is the purpose of init_on_alloc=1 in that case? We are zeroing > > memory twice, or am I missing something? > > If you have both enabled, yes, you will zero twice. (In theory, if you > have any kind of Use-After-Free/dangling pointers that get written > through after free and before alloc, those contents wouldn't strictly be > zero at alloc time without init_on_alloc. But that's pretty rare. > > I wouldn't expect many people to run with both options enabled; > init_on_alloc is more performance-friendly (i.e. cache-friendly), and > init_on_free minimizes the lifetime of stale data in memory. > > It appears that the shipping kernel defaults for several distros (Ubuntu, > Arch, Debian, others?) and devices (Android, Chrome OS, others?) are using > init_on_alloc=1. Will Fedora and/or RedHat be joining this trend? :) > > -- > Kees Cook > -- -Jirka