Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Jun 2019 11:24:49 +0200
From: Alexander Potapenko <glider@...gle.com>
To: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <keescook@...omium.org>
Cc: Christoph Lameter <cl@...ux.com>, Dmitry Vyukov <dvyukov@...gle.com>, James Morris <jmorris@...ei.org>, 
	Jann Horn <jannh@...gle.com>, Kostya Serebryany <kcc@...gle.com>, Laura Abbott <labbott@...hat.com>, 
	Mark Rutland <mark.rutland@....com>, Masahiro Yamada <yamada.masahiro@...ionext.com>, 
	Matthew Wilcox <willy@...radead.org>, Nick Desaulniers <ndesaulniers@...gle.com>, 
	Randy Dunlap <rdunlap@...radead.org>, Sandeep Patil <sspatil@...roid.com>, 
	"Serge E. Hallyn" <serge@...lyn.com>, Souptick Joarder <jrdr.linux@...il.com>, Marco Elver <elver@...gle.com>, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>, 
	Linux Memory Management List <linux-mm@...ck.org>, 
	linux-security-module <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v5 2/3] mm: init: report memory auto-initialization
 features at boot time

On Sat, Jun 1, 2019 at 3:18 AM Andrew Morton <akpm@...ux-foundation.org> wrote:
>
> On Wed, 29 May 2019 14:38:11 +0200 Alexander Potapenko <glider@...gle.com> wrote:
>
> > Print the currently enabled stack and heap initialization modes.
> >
> > The possible options for stack are:
> >  - "all" for CONFIG_INIT_STACK_ALL;
> >  - "byref_all" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL;
> >  - "byref" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF;
> >  - "__user" for CONFIG_GCC_PLUGIN_STRUCTLEAK_USER;
> >  - "off" otherwise.
> >
> > Depending on the values of init_on_alloc and init_on_free boottime
> > options we also report "heap alloc" and "heap free" as "on"/"off".
>
> Why?
>
> Please fully describe the benefit to users so that others can judge the
> desirability of the patch.  And so they can review it effectively, etc.
I'm going to update the description with the following passage:

    Print the currently enabled stack and heap initialization modes.

    Stack initialization is enabled by a config flag, while heap
    initialization is configured at boot time with defaults being set
    in the config. It's more convenient for the user to have all information
    about these hardening measures in one place.

Does this make sense?
> Always!
>
> > In the init_on_free mode initializing pages at boot time may take some
> > time, so print a notice about that as well.
>
> How much time?
I've seen pauses up to 1 second, not actually sure they're worth a
separate line in the log.
Kees, how long were the delays in your case?



-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.