From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FF18C05027 for ; Wed, 8 Feb 2023 23:59:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A11516B0074; Wed, 8 Feb 2023 18:59:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9C01C6B0075; Wed, 8 Feb 2023 18:59:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 861616B0078; Wed, 8 Feb 2023 18:59:09 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 7724E6B0074 for ; Wed, 8 Feb 2023 18:59:09 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 413FD80C5B for ; Wed, 8 Feb 2023 23:59:09 +0000 (UTC) X-FDA: 80445793218.27.E6C5DCE Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by imf05.hostedemail.com (Postfix) with ESMTP id 6436D100012 for ; Wed, 8 Feb 2023 23:59:07 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=d2zSxyhc; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf05.hostedemail.com: domain of 42.hyeyoo@gmail.com designates 209.85.210.174 as permitted sender) smtp.mailfrom=42.hyeyoo@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675900747; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zOaD6/QasLalJlAxk3UhHGE71ipDW/Gd+AEfgT9qP3w=; b=mFNioUbUfxxRqVuoD00d9jkAOJN0v6EN+RaYkyfYx+LRdtPjC1mW3Ve6VfWKgcnWS9LNmk VIoik0BfMRVyfnuXUn7jXc4bUxmVfbLYhNKg0ZoLmiysJIm0LeJK60gGkwF9ol/mvUhNKY gdiC3b05KRhzG0VW87+EtjjLwGJxqWk= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=d2zSxyhc; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf05.hostedemail.com: domain of 42.hyeyoo@gmail.com designates 209.85.210.174 as permitted sender) smtp.mailfrom=42.hyeyoo@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675900747; a=rsa-sha256; cv=none; b=WVrXtZIZ4fuwXb3B7AAHEXwx+RtOgq/CFHq8rIlzOY8ZetcShHC65a+/qgau9Jp3twqJJv 65kdrwrJHUiS7SaI3VoqcZT00SXwVQiu7gXeTs9JfsVhqg6Qn7Y61qUE54i/YK1yf6Jx1t KPVVxY1XGAfnqKs5wDy7G0HmtPlnh2g= Received: by mail-pf1-f174.google.com with SMTP id ea13so219448pfb.13 for ; Wed, 08 Feb 2023 15:59:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=zOaD6/QasLalJlAxk3UhHGE71ipDW/Gd+AEfgT9qP3w=; b=d2zSxyhc2mGLYfWsomKg99R8tb+7ADXPcZbvXDQvh+JYk2qF8tZB9GEaKglVNX2/6A KNoKaVZYjuy3WtJMHWOG/HEClI8NeVHNmWUjnSu1kRXfQ8o6hmjda4PhXkIzBGIcI/uW BjS4FwI0M5XnBGXBccshj/yfoF7YGfVT+1uNDGHdPgQEsfTC0U7CiWyzixaaPbiKcAeZ 5dsvUh1C5pyBXyFlELoNXa/uG8ASdkHcJtzL0cRbllbf/bB+I1dl7z9flbguVkBRhbGd Hb7X9gi0H+dJBVw0reqgJPhtH41amssOgadycBSuuZgXsCfKlYux/L9a9NEmMXtkAjEK UPTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=zOaD6/QasLalJlAxk3UhHGE71ipDW/Gd+AEfgT9qP3w=; b=b9E84YVaWpEjHasXiNnfBvYn9SKUK8nf+7ZaVqWIK6cQcSZ1SsfXg/V1xH7l7RpZnx p7brhBoRU0TM2yXAtlTzuPyyrpUR1xLQtDFAAsGFbllU/Wmqs6xuZ1ZTaI6367eBwWux XCoEotF0n3WV/gpqvnkoDDmircCgf4CVXpGSzZKhw3iCnoR98++D3n2rNUQEFCNsvdTt 24O4TH1gYlaxfqeWFxOhV73lZqmodGPRnJqVZuyyKeohlWwqjbfmhpmN67xBxXlMNGdJ FacFjBWBV49ChHezlxnPkhkJbxuztE1VA2gRMcML/nEXS0ZNiX26znfXHMf5PjjllP4T ICew== X-Gm-Message-State: AO0yUKVYRPXyXHzdsN73Xo4X7rpZIsyjv78UPPEY0N7pNCYXbzoB0/gh 2Qt3tkEpSiwnImJQ6sBK6WA= X-Google-Smtp-Source: AK7set8NvT04IiBj+w/L08d91b+sJqc3Tz8O9aGwoqNLkV7mLgm2wZH7T9TVtunYDHwue58Kmy8FBQ== X-Received: by 2002:aa7:991a:0:b0:5a8:4de2:e95e with SMTP id z26-20020aa7991a000000b005a84de2e95emr1519591pff.18.1675900745991; Wed, 08 Feb 2023 15:59:05 -0800 (PST) Received: from localhost ([2400:8902::f03c:93ff:fe27:642a]) by smtp.gmail.com with ESMTPSA id d8-20020aa78148000000b00593906a8843sm12151064pfn.176.2023.02.08.15.59.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Feb 2023 15:59:05 -0800 (PST) Date: Wed, 8 Feb 2023 23:58:54 +0000 From: Hyeonggon Yoo <42.hyeyoo@gmail.com> To: Kees Cook Cc: Vlastimil Babka , Stephen Boyd , concord@gentoo.org, Pekka Enberg , David Rientjes , Joonsoo Kim , Petr Mladek , linux-mm@kvack.org, stable@vger.kernel.org, Steven Rostedt , Sergey Senozhatsky , Andy Shevchenko , Rasmus Villemoes , Christoph Lameter , Andrew Morton , Roman Gushchin , Keith Busch , Jens Axboe , Bart Van Assche , Mikulas Patocka , Ard Biesheuvel , Mark Rutland , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] Revert "slub: force on no_hash_pointers when slub_debug is enabled" Message-ID: References: <20230208194712.never.999-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230208194712.never.999-kees@kernel.org> X-Rspamd-Queue-Id: 6436D100012 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: 9txmqjhf4d4hj8zspdpq5epxczoo1rzu X-HE-Tag: 1675900747-80590 X-HE-Meta: U2FsdGVkX1+IT3YlwJ3jaqWaFg0Nnvk/CTa0Udj62fmjcs3JQ4cUXrGucvJ8Tmb2MM9Y4mQMZUkLoruxTmihupEpJiwjWMPf7KjijhHkJqdAhPB7XzwSDOiLEUeodNBmAGfi1+VWgnjHwT1sESs36bVYGUOwpinAm/j8eggsLi8ZWn7+rIyLxdYbNpcA/YQJcmeZYdj0PGIqFnEb0LS/KqjFHE8TmeABSnQtxqoOTRCGxN1FIaOM6wsXqolFqMlOoqOct0I8/tz29sbimiCmb8FPXQjEkBAaP/Ym3nBM6Zn8YBqPPRosGRN9GzKjCnWDtT3SULxW59rEB2YUxPvwcfvtOJX5hQseQGZfWoWxHTzfetw7/N7ncaxkmlUcZTFxMtP+dESRFegPIzx0c8QUS+yB5OfxlJomwUkgAuduRqaI7XSvze6gJPwuZu22cyvJcK1uDQIKdu40r5Wop4hKpNusn28Gm/Toqf6YVVzBEvpxUEGO036Uf2EJl1MPorX3+QanqJZlv0a4Ihc3LkgHrkrpGfllcdSDFKuys/fYmV0S4tY7Tw3TFVeEoos+nKn4XRxnzDyCBdbrDtUdyOevawWgF4aTE4TprXJmvcPBcyKEiBdBaNc1DcTrsmjBCmhloTk93VH8zL+dyNy6IwVnqk4Ku0dpxqsNCneYzWCieAtM10V4ferqBdccpvG8swd39Xa+0yZRqhFzhgueYcbol4IAVFUMPvWueiqoHh67tuC1TJ79KzjqXSNS8YyxqBNrv3l76bLuEEUZ5lyM2voWt7gWe9BPzfRW/dCMqRFaAilLMs+m5M54T4ckGwba2KtP4kk9nEUYzlGpQz6Tq/cvp8HJ/Ojffw89wW20S7vPArlgtq7jqfhO6iTFdHme8E3as/oOvJH4ZEHYlu69YydyM76yte2Q26qHUt4qZO6kRIDz/FbTr6PMKFVpj8sSsFc/ZAUtnRIM4mN+ss91YhD 6HZpvo4r 39WRb2E1yOnxZhpQRY8wZQeNv3+75pmVq2mezyelxG5MT+AxFpsYPZhbSGiK/LZhT7QvcTmwnQICSWBK/w+BoRVCyaj0mR7KhIzda2pPcV9oc+qFFTeaw0ic4SFsxQ2KXkAuS6pfUU2CUYKFSjUOWUyuvAWXtnyirTfFBxqWCyfPutACMiYjte+PqTMRGjAo56xfsu9McujzqhCcK28AGlBNl07DtDAJp4KN/gfFhwMGkVvRHyGpXemjoWnB57z7yrbk7C9AVl711sXQX1N9pW68kvqmSsbAqGXM5ChsVRu+5iAMIonZ0/EZqhjZFEVG2coj9AWiPHGEUgH86We4sji9/rGIh0lwEvrs52GB7kcjh7gbBzRM3GhiA8VDVjszhqFkvBzRh8S3Lh+lpoeLoe0KaBmkUITqIapKPj6HlHYSSa7mXaUFl2dfzyC4veyt50oQjHJBDPU9PCq9SQeS4ieE7Bp+dmFSkODabRhROPmtGNsPVId65dLPV68w9DFUKI8qf8yUzwauntq+mwDWIFEZELQzw3TX4jyjrL5SAw5ZSx7xa4AlayqcTcL4ru2hBsbsmvzCqs1nrq0cobyP0wf8w82oQZEc207qeH/px6iUC9WkhO4IiXxhg6O63iWKV5PWtYvrq4wkRnI42FM7zFvyFLWScOuls9dE6pNpZytAS58mdat4fojHo3CPWCk6qeSYmbYn+nPF7PTZzJVRCaIsj1ydBy6pHqoFsrG+u6PSnsYv23heLawIQsJ6dAsmEKrPe4BMyXA0GEXaLNgUdiPxMf/BZVtTzlKQOWEZNM6DIeAjgn9RMJAX4n1KCYst0xSR2lOASe5ijvb4ehKTtmzrEDnzfLPAKMOE6Ld4yM8y95BwAkcz/Gzx6/SMhUe7e0q9s X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Feb 08, 2023 at 11:47:17AM -0800, Kees Cook wrote: > This reverts commit 792702911f581f7793962fbeb99d5c3a1b28f4c3. > > Linking no_hash_pointers() to slub_debug has had a chilling effect > on using slub_debug features for security hardening, since system > builders are forced to choose between redzoning and heap address location > exposures. Instead, just require that the "no_hash_pointers" boot param > needs to be used to expose pointers during slub_debug reports. > > Cc: Vlastimil Babka > Cc: Stephen Boyd > Cc: concord@gentoo.org > Cc: Pekka Enberg > Cc: David Rientjes > Cc: Joonsoo Kim > Cc: Petr Mladek > Cc: linux-mm@kvack.org > Cc: stable@vger.kernel.org > Link: https://lore.kernel.org/lkml/202109200726.2EFEDC5@keescook/ > Signed-off-by: Kees Cook in the commit message: > Obscuring the pointers that slub shows when debugging makes for some > confusing slub debug messages: > > Padding overwritten. 0x0000000079f0674a-0x000000000d4dce17 > > Those addresses are hashed for kernel security reasons. If we're trying > to be secure with slub_debug on the commandline we have some big > problems given that we dump whole chunks of kernel memory to the kernel > logs. it dumps parts of kernel memory anyway and I'm not sure if slub_debug is supposed to be used for security hardening. what about introducing new boot parameter like, slub_hardening, which does not print anything?