From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCB67C433DB for ; Fri, 12 Mar 2021 13:11:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 6921F64FE0 for ; Fri, 12 Mar 2021 13:11:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6921F64FE0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 8C7808D0353; Fri, 12 Mar 2021 08:11:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 877948D0346; Fri, 12 Mar 2021 08:11:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 718898D0353; Fri, 12 Mar 2021 08:11:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0049.hostedemail.com [216.40.44.49]) by kanga.kvack.org (Postfix) with ESMTP id 535598D0346 for ; Fri, 12 Mar 2021 08:11:48 -0500 (EST) Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 0E201181E8E71 for ; Fri, 12 Mar 2021 13:11:48 +0000 (UTC) X-FDA: 77911259496.07.6FCD478 Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) by imf01.hostedemail.com (Postfix) with ESMTP id E4FB82000382 for ; Fri, 12 Mar 2021 13:11:47 +0000 (UTC) Received: by mail-qk1-f173.google.com with SMTP id f124so24115392qkj.5 for ; Fri, 12 Mar 2021 05:11:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=iwzo0YXF8Wjs0+r/brLS8Xn8OgIC+M4fxdQ/Xk6iPEU=; b=FZsvLdjzemdcwcZPfArdW10+rJ5e2aOF12GMadhw8QFJs1uJkhnz9FLeShIwtbAHwM AAMN6ucUProggtC+ogS6rVyM7cQNMqxUArMneZht5XG8z5HqCJPPuKcl8yWNFQinMfJw ndk67LbolPFr0XZ7MDEuEWTHZ18qjkuDWTFGh9RzhjmRzqvOQ2vTK2qGp+Jq0O7ix88t z4d4YFo5VkczT1qsvTwfw53N8cSef1EYiK8W3IxU5ImKVGYT30NBIyqkaoqj4AiVLwBK ZtOGIg5Qcc889XwFDiVXq7IYPBtgaDRTftlJMg9YuzmwdpQxWh53RSlVm4QOdh0K7RMq OD+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=iwzo0YXF8Wjs0+r/brLS8Xn8OgIC+M4fxdQ/Xk6iPEU=; b=F/q5X9asSATYYs+qMA87GKRsZ1n2zWtlR2zh4TuiY2hKI/RKqI5HdbaIuA65Nq49c3 Q99/GwKuu4bHz+op/Uh9fzVzlq+0g0IYZ+srpSUd63RZAswxcwwFaf57mc2Op7HuVP+E 3WoAJ1fFbofoPAmx2ZozVx53CRAtwgpiThs8bCiqTzWExyNiah8o+lfz+JwzBh0mhqWD kiQI1B7D5zlaZn9e7flxN6TpUyHoQo08hdGeZoUvBTByr2czIJNb7bTD/dyyHvauF/t1 dBNkRBoiUnkfkzGeaHCSiGxprH5JLVnekQBXF53HToqEdvrMEUqvPgQ6d++Z9IQaAej9 24Sw== X-Gm-Message-State: AOAM533rkMbMONgWaDj3pggx6D7sy6AsehOXRG1MZXTYBjgiv4iqz34T nU3Il/fsx6C0KvQxicFLvyP7+sO9diYIEBXOQZObPQ== X-Google-Smtp-Source: ABdhPJxMgU8ym1jkJpj9aNV6ccFWydjqSmzRVp46ZJeTCQx1z6xaBIlXvRGmRrwpixVsTi1I2BPp5x++YD0sjVdf3qw= X-Received: by 2002:a37:630a:: with SMTP id x10mr12286451qkb.326.1615554706426; Fri, 12 Mar 2021 05:11:46 -0800 (PST) MIME-Version: 1.0 References: <20210312121653.348518-1-elver@google.com> In-Reply-To: <20210312121653.348518-1-elver@google.com> From: Alexander Potapenko Date: Fri, 12 Mar 2021 14:11:35 +0100 Message-ID: Subject: Re: [PATCH mm] kfence: zero guard page after out-of-bounds access To: Marco Elver Cc: Andrew Morton , Dmitriy Vyukov , Andrey Konovalov , Jann Horn , LKML , Linux Memory Management List , kasan-dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: yujkd4y8bbkfdiopaqc7tnd5bppjytpk X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: E4FB82000382 Received-SPF: none (google.com>: No applicable sender policy available) receiver=imf01; identity=mailfrom; envelope-from=""; helo=mail-qk1-f173.google.com; client-ip=209.85.222.173 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1615554707-74023 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Mar 12, 2021 at 1:16 PM Marco Elver wrote: > > After an out-of-bounds accesses, zero the guard page before > re-protecting in kfence_guarded_free(). On one hand this helps make the > failure mode of subsequent out-of-bounds accesses more deterministic, > but could also prevent certain information leaks. > > Signed-off-by: Marco Elver Acked-by: Alexander Potapenko > --- > mm/kfence/core.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/mm/kfence/core.c b/mm/kfence/core.c > index 3b8ec938470a..f7106f28443d 100644 > --- a/mm/kfence/core.c > +++ b/mm/kfence/core.c > @@ -371,6 +371,7 @@ static void kfence_guarded_free(void *addr, struct kf= ence_metadata *meta, bool z > > /* Restore page protection if there was an OOB access. */ > if (meta->unprotected_page) { > + memzero_explicit((void *)ALIGN_DOWN(meta->unprotected_pag= e, PAGE_SIZE), PAGE_SIZE); > kfence_protect(meta->unprotected_page); > meta->unprotected_page =3D 0; > } > -- > 2.31.0.rc2.261.g7f71774620-goog > --=20 Alexander Potapenko Software Engineer Google Germany GmbH Erika-Mann-Stra=C3=9Fe, 33 80636 M=C3=BCnchen Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Halimah DeLaine Prado Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg