From patchwork Wed Jun 26 12:19:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Potapenko X-Patchwork-Id: 11017781 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2CAA614BB for ; Wed, 26 Jun 2019 12:36:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17A8527FE4 for ; Wed, 26 Jun 2019 12:36:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 08916286AD; Wed, 26 Jun 2019 12:36:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id C7C4B27FE4 for ; Wed, 26 Jun 2019 12:36:46 +0000 (UTC) Received: (qmail 16363 invoked by uid 550); 26 Jun 2019 12:36:33 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 30173 invoked from network); 26 Jun 2019 12:20:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=OTM/dBWKP5pXAZwQDJU1YbjuxxUPU+6Vr1IAcbjuDVo=; b=syWBPxEF/AbUhjRgTsNM2BYGj8YN2ayZPfWd2w0N+baqMKNfmYDs3psuZ0fJjnmvMK 8B80Kl55p65EioVsUup+/eJYiZoERn8ga+Ns6c8t+e2zM7fUtewfGAHKbcaepfj3mAsr QDYudk4+4uSvXCjPULthVBmohV475Bm8+ZhVje7oM5PmZGgjo7DE2HsqOMPOW4xrVkTr suPz43xTls29ETSlHXpdKVUnGVPjARGFKxRIeJ1NGVFoH/UeP6mtPjuDCmrixyWKwNuX dNHHr1RlVkLXy0tuKRZLLgBhBdhseNxqCUhMQXCsW1fuymDJCTA4whMM/PyKBDoZy05/ Qsdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=OTM/dBWKP5pXAZwQDJU1YbjuxxUPU+6Vr1IAcbjuDVo=; b=ITOCHhsF4wOPJPMFTP1327IwK8EXohzx3flVixlLTIpIFy1GUdNz+AcvNM79ZzeJte 1LlufOpgvbdlhL3D1rU6sOnzfr7MABGoJnpQOgqAITmHLZwVgmttKL4CahMxdUIclS7f a28PrCuh2D4FMGPoJSbLY+TqD47SoixNMPf1y7aHatukFECKAGk4Y68kYDytdfVJi7ys ptwfm32fIQ8khWc/e8+tI5oymPHUt8hK/LnWNrZfDoJYFEvC/pyJjxs4CRkKd5LuSQnu G4cFjH0OiS4jY0QlWKOS0yzg/8APLdLzFnJQQhTM6ji7wnJ1GwRjkRZ9zIhcBNGlBT1X ERmQ== X-Gm-Message-State: APjAAAW6oSBu/MpqqDFXkYmMOKjGP0ddmTiDrtoEfJCh8d6ab8TLLMuk Zvb6FHJ6HAtPKquSb3X9CZU8g6nDeQs= X-Google-Smtp-Source: APXvYqwJ6l1H8lkFtTKpfdzkClk7tEj5d/8h25zPgByAql9o2QQ6HmyKzhgUAkYCGmo80dn12sSTVp6qisQ= X-Received: by 2002:aed:39e5:: with SMTP id m92mr3381054qte.135.1561551597192; Wed, 26 Jun 2019 05:19:57 -0700 (PDT) Date: Wed, 26 Jun 2019 14:19:43 +0200 In-Reply-To: <20190626121943.131390-1-glider@google.com> Message-Id: <20190626121943.131390-3-glider@google.com> Mime-Version: 1.0 References: <20190626121943.131390-1-glider@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH v8 2/2] mm: init: report memory auto-initialization features at boot time From: Alexander Potapenko To: Andrew Morton , Christoph Lameter Cc: Alexander Potapenko , Kees Cook , Dmitry Vyukov , James Morris , Jann Horn , Kostya Serebryany , Laura Abbott , Mark Rutland , Masahiro Yamada , Matthew Wilcox , Nick Desaulniers , Randy Dunlap , Sandeep Patil , "Serge E. Hallyn" , Souptick Joarder , Marco Elver , Kaiwan N Billimoria , kernel-hardening@lists.openwall.com, linux-mm@kvack.org, linux-security-module@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Print the currently enabled stack and heap initialization modes. Stack initialization is enabled by a config flag, while heap initialization is configured at boot time with defaults being set in the config. It's more convenient for the user to have all information about these hardening measures in one place at boot, so the user can reason about the expected behavior of the running system. The possible options for stack are: - "all" for CONFIG_INIT_STACK_ALL; - "byref_all" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL; - "byref" for CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF; - "__user" for CONFIG_GCC_PLUGIN_STRUCTLEAK_USER; - "off" otherwise. Depending on the values of init_on_alloc and init_on_free boottime options we also report "heap alloc" and "heap free" as "on"/"off". In the init_on_free mode initializing pages at boot time may take a while, so print a notice about that as well. This depends on how much memory is installed, the memory bandwidth, etc. On a relatively modern x86 system, it takes about 0.75s/GB to wipe all memory: [ 0.418722] mem auto-init: stack:byref_all, heap alloc:off, heap free:on [ 0.419765] mem auto-init: clearing system memory may take some time... [ 12.376605] Memory: 16408564K/16776672K available (14339K kernel code, 1397K rwdata, 3756K rodata, 1636K init, 11460K bss, 368108K reserved, 0K cma-reserved) Signed-off-by: Alexander Potapenko Suggested-by: Kees Cook Acked-by: Kees Cook To: Andrew Morton To: Christoph Lameter Cc: Dmitry Vyukov Cc: James Morris Cc: Jann Horn Cc: Kostya Serebryany Cc: Laura Abbott Cc: Mark Rutland Cc: Masahiro Yamada Cc: Matthew Wilcox Cc: Nick Desaulniers Cc: Randy Dunlap Cc: Sandeep Patil Cc: "Serge E. Hallyn" Cc: Souptick Joarder Cc: Marco Elver Cc: Kaiwan N Billimoria Cc: kernel-hardening@lists.openwall.com Cc: linux-mm@kvack.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Andrew Morton --- v6: - update patch description, fixed message about clearing memory v7: - rebase the patch, add the Acked-by: tag; - more description updates as suggested by Kees; - make report_meminit() static. v8: - added the Signed-off-by: tag --- init/main.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/init/main.c b/init/main.c index 66a196c5e4c3..ff5803b0841c 100644 --- a/init/main.c +++ b/init/main.c @@ -520,6 +520,29 @@ static inline void initcall_debug_enable(void) } #endif +/* Report memory auto-initialization states for this boot. */ +static void __init report_meminit(void) +{ + const char *stack; + + if (IS_ENABLED(CONFIG_INIT_STACK_ALL)) + stack = "all"; + else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL)) + stack = "byref_all"; + else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF)) + stack = "byref"; + else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER)) + stack = "__user"; + else + stack = "off"; + + pr_info("mem auto-init: stack:%s, heap alloc:%s, heap free:%s\n", + stack, want_init_on_alloc(GFP_KERNEL) ? "on" : "off", + want_init_on_free() ? "on" : "off"); + if (want_init_on_free()) + pr_info("mem auto-init: clearing system memory may take some time...\n"); +} + /* * Set up kernel memory allocators */ @@ -530,6 +553,7 @@ static void __init mm_init(void) * bigger than MAX_ORDER unless SPARSEMEM. */ page_ext_init_flatmem(); + report_meminit(); mem_init(); kmem_cache_init(); pgtable_init();