Thread (11 messages) 11 messages, 3 authors, 2019-05-17

Re: [PATCH v2 1/4] mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options

From: Alexander Potapenko <glider@google.com>
Date: 2019-05-17 14:39:06
Also in: linux-mm 

On Fri, May 17, 2019 at 3:26 AM Kees Cook [off-list ref] wrote:
On Tue, May 14, 2019 at 04:35:34PM +0200, Alexander Potapenko wrote:
quoted
[...]
diff --git a/mm/slab.h b/mm/slab.h
index 43ac818b8592..24ae887359b8 100644
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -524,4 +524,20 @@ static inline int cache_random_seq_create(struct kmem_cache *cachep,
[...]
+static inline bool slab_want_init_on_free(struct kmem_cache *c)
+{
+     if (static_branch_unlikely(&init_on_free))
+             return !(c->ctor);
BTW, why is this checking for c->ctor here? Shouldn't it not matter for
the free case?
It does matter, see e.g. the handling of __OBJECT_POISON in slub.c
If we just return true here, the kernel crashes.
quoted
+     else
+             return false;
+}
--
Kees Cook


-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help