Re: [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization

From: Laura Abbott
Date: Tue Dec 22 2015 - 14:18:40 EST

Next message: Andrew Morton: "Re: linux-next: Tree for Dec 22 (mm/memcontrol)"
Previous message: David Daney: "Re: [PATCH 2/2] pci, pcie-thunder-pem: Add PCIe host driver for ThunderX processors."
In reply to: Mathias Krause: "Re: [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization"
Next in thread: Christoph Lameter: "Re: [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/22/15 10:37 AM, Mathias Krause wrote:

On 22 December 2015 at 18:51, Laura Abbott <laura@xxxxxxxxxxxx> wrote:

[snip]

Related to this, have you checked that the sanitization doesn't
interfere with the various slab handling schemes, namely RCU related
specialties? Not all caches are marked SLAB_DESTROY_BY_RCU, some use
call_rcu() instead, implicitly relying on the semantics RCU'ed slabs
permit, namely allowing a "use-after-free" access to be legitimate
within the RCU grace period. Scrubbing the object during that period
would break that assumption.

I haven't looked into that. I was working off the assumption that
if the regular SLAB debug poisoning worked so would the sanitization.
The regular debug poisoning only checks for SLAB_DESTROY_BY_RCU so
how does that work then?

Maybe it doesn't? ;)

How many systems, do you think, are running with enabled DEBUG_SLAB /
SLUB_DEBUG in production? Not so many, I'd guess. And the ones running
into issues probably just disable DEBUG_SLAB / SLUB_DEBUG.

Btw, SLUB not only looks for SLAB_DESTROY_BY_RCU but also excludes
"call_rcu slabs" via other mechanisms. As SLUB is the default SLAB
allocator for quite some time now, even with enabled SLUB_DEBUG one
wouldn't be able to trigger RCU related sanitization issues.

I've seen SLUB_DEBUG used in stress testing situations but you're
right about production and giving up if there are issues. I'll take
a closer look at this.

Speaking of RCU, do you have a plan to support RCU'ed slabs as well?

My only plan was to get the base support in. I didn't have a plan to
support RCU slabs but that's certainly something to be done in the
future.

"Base support", in my opinion, includes covering the buddy allocator
as well. Otherwise this feature is incomplete.

Point taken. I'll look at the buddy allocator post-holidays.

It was also pointed out I should be giving you full credit for this
feature originally. I apologize for not doing that. Thanks for
doing the original work and taking the time to review this series.

Thanks,
Laura
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: linux-next: Tree for Dec 22 (mm/memcontrol)"
Previous message: David Daney: "Re: [PATCH 2/2] pci, pcie-thunder-pem: Add PCIe host driver for ThunderX processors."
In reply to: Mathias Krause: "Re: [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization"
Next in thread: Christoph Lameter: "Re: [kernel-hardening] [RFC][PATCH 6/7] mm: Add Kconfig option for slab sanitization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]