Skip to content

Commit

Permalink
mm, page_poison: remove CONFIG_PAGE_POISONING_NO_SANITY
Browse files Browse the repository at this point in the history
CONFIG_PAGE_POISONING_NO_SANITY skips the check on page alloc whether the
poison pattern was corrupted, suggesting a use-after-free.  The motivation
to introduce it in commit 8823b1d ("mm/page_poison.c: enable
PAGE_POISONING as a separate option") was to simply sanitize freed pages,
optimally together with CONFIG_PAGE_POISONING_ZERO.

These days we have an init_on_free=1 boot option, which makes this use
case of page poisoning redundant.  For sanitizing, writing zeroes is
sufficient, there is pretty much no benefit from writing the 0xAA poison
pattern to freed pages, without checking it back on alloc.  Thus, remove
this option and suggest init_on_free instead in the main config's help.

Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Vlastimil Babka <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Cc: Mike Rapoport <[email protected]>
Cc: Rafael J. Wysocki <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Laura Abbott <[email protected]>
Cc: Mateusz Nosek <[email protected]>
Cc: Michal Hocko <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
tehcaster authored and torvalds committed Dec 15, 2020
1 parent 03b6c9a commit 8f42475
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 17 deletions.
4 changes: 1 addition & 3 deletions drivers/virtio/virtio_balloon.c
Original file line number Diff line number Diff line change
Expand Up @@ -1114,9 +1114,7 @@ static int virtballoon_validate(struct virtio_device *vdev)
* page reporting as it could potentially change the contents
* of our free pages.
*/
if (!want_init_on_free() &&
(IS_ENABLED(CONFIG_PAGE_POISONING_NO_SANITY) ||
!page_poisoning_enabled_static()))
if (!want_init_on_free() && !page_poisoning_enabled_static())
__virtio_clear_bit(vdev, VIRTIO_BALLOON_F_PAGE_POISON);
else if (!virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON))
__virtio_clear_bit(vdev, VIRTIO_BALLOON_F_REPORTING);
Expand Down
15 changes: 4 additions & 11 deletions mm/Kconfig.debug
Original file line number Diff line number Diff line change
Expand Up @@ -74,18 +74,11 @@ config PAGE_POISONING
Note that "poison" here is not the same thing as the "HWPoison"
for CONFIG_MEMORY_FAILURE. This is software poisoning only.

If unsure, say N
If you are only interested in sanitization of freed pages without
checking the poison pattern on alloc, you can boot the kernel with
"init_on_free=1" instead of enabling this.

config PAGE_POISONING_NO_SANITY
depends on PAGE_POISONING
bool "Only poison, don't sanity check"
help
Skip the sanity checking on alloc, only fill the pages with
poison on free. This reduces some of the overhead of the
poisoning feature.

If you are only interested in sanitization, say Y. Otherwise
say N.
If unsure, say N

config PAGE_POISONING_ZERO
bool "Use zero for poisoning instead of debugging value"
Expand Down
3 changes: 0 additions & 3 deletions mm/page_poison.c
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,6 @@ static void check_poison_mem(unsigned char *mem, size_t bytes)
unsigned char *start;
unsigned char *end;

if (IS_ENABLED(CONFIG_PAGE_POISONING_NO_SANITY))
return;

start = memchr_inv(mem, PAGE_POISON, bytes);
if (!start)
return;
Expand Down

0 comments on commit 8f42475

Please sign in to comment.