LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [patch 0/5] Support for sanitization flag in low-level page allocator

[Posted June 3, 2009 by jake]

From:  Peter Zijlstra <peterz-AT-infradead.org>
To:  "Larry H." <research-AT-subreption.com>
Subject:  Re: [patch 0/5] Support for sanitization flag in low-level page allocator
Date:  Sat, 30 May 2009 12:39:33 +0200
Message-ID:  <1243679973.6645.131.camel@laptop>
Cc:  Arjan van de Ven <arjan-AT-infradead.org>, Alan Cox <alan-AT-lxorguk.ukuu.org.uk>, Ingo Molnar <mingo-AT-elte.hu>, Rik van Riel <riel-AT-redhat.com>, linux-kernel-AT-vger.kernel.org, Linus Torvalds <torvalds-AT-osdl.org>, linux-mm-AT-kvack.org, Ingo Molnar <mingo-AT-redhat.com>, pageexec-AT-freemail.hu
Archive-link:  Article, Thread 

On Fri, 2009-05-29 at 22:48 -0700, Larry H. wrote:
> On 07:32 Fri 29 May     , Arjan van de Ven wrote:
> > On Thu, 28 May 2009 21:36:01 +0200
> > Peter Zijlstra <peterz@infradead.org> wrote:
> > 
> > > > ... and if we zero on free, we don't need to zero on allocate.
> > > > While this is a little controversial, it does mean that at least
> > > > part of the cost is just time-shifted, which means it'll not be TOO
> > > > bad hopefully...
> > > 
> > > zero on allocate has the advantage of cache hotness, we're going to
> > > use the memory, why else allocate it.
> 
> Because zero on allocate kills the very purpose of this patch and it has
> obvious security implications. Like races (in information leak
> scenarios, that is). What happens in-between the release of the page and
> the new allocation that yields the same page? What happens if no further
> allocations happen in a while (that can return the old page again)?
> That's the idea.

I don't get it, these are in-kernel data leaks, you need to be able to
run kernel code to exploit these, if someone can run kernel code, you've
lost anyhow.

Why waste time on this?

> > So if you zero on free, the next allocation will reuse the zeroed page.
> > And due to LIFO that is not too far out "often", which makes it likely
> > the page is still in L2 cache.
> 
> Thanks for pointing this out clearly, Arjan.

Thing is, the time between allocation and use is typically orders of
magnitude less than between free and use. 


Really, get a life, go fix real bugs. Don't make our kernel slower for
wanking rights.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds