Djam/kernel-6.6
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-6.6.git synced 2025-02-25 20:02:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Removed sanitize-memory.patch

Browse source 
Starting from the mainline kernel 5.3, it is no longer needed. See

  commit 6471384af2a6530696fc0203bafe4de41a23c9ef
  Author: Alexander Potapenko <glider@google.com>
  Date:   Thu Jul 11 20:59:19 2019 -0700

      mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
This commit is contained in:
Evgenii Shatokhin 2019-09-24 18:36:02 +03:00
parent 4ca3b2aeb5
commit a89c2e9bda
2 changed files with 0 additions and 336 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
kernel.spec
View file

@ -179,11 +179,6 @@ Patch105: perf-silence-format-warnings-gcc8.patch
# AUFS from http://aufs.sourceforge.net/ # AUFS from http://aufs.sourceforge.net/
Patch109: fs-aufs.patch Patch109: fs-aufs.patch
# Sanitizing kernel memory
# We do not use "Patch:" here because apply_patches would always apply it
# then, it seems, even if we place "Patch: <..>" under a conditional.
Source701: sanitize-memory.patch
#################################################################### ####################################################################
Autoreqprov: no Autoreqprov: no
@ -674,10 +669,6 @@ cd %src_dir
%apply_patches %apply_patches
%if %{enhanced_security}
patch -p1 --fuzz=0 < %{SOURCE701}
%endif
# #
# Setup Begin # Setup Begin
# #

327
sanitize-memory.patch
View file

@ -1,327 +0,0 @@
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 25f6c5ff7c09..a5a4b70e469e 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3154,6 +3154,10 @@
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
+ pax_sanitize_slab=
+ 0/1 to disable/enable slab object sanitization (disabled by
+ default).
+
pcbit= [HW,ISDN]
pcd. [PARIDE]
diff --git a/fs/buffer.c b/fs/buffer.c
index 48318fb74938..6e6f5fe86a2e 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -3447,7 +3447,7 @@ void __init buffer_init(void)
bh_cachep = kmem_cache_create("buffer_head",
sizeof(struct buffer_head), 0,
(SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
- SLAB_MEM_SPREAD),
+ SLAB_MEM_SPREAD|SLAB_NO_SANITIZE),
NULL);
/*
diff --git a/fs/dcache.c b/fs/dcache.c
index 50eb587c1253..3c0b1c9f955e 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3137,7 +3137,7 @@ void __init vfs_caches_init_early(void)
void __init vfs_caches_init(void)
{
names_cachep = kmem_cache_create_usercopy("names_cache", PATH_MAX, 0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC, 0, PATH_MAX, NULL);
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE, 0, PATH_MAX, NULL);
dcache_init();
inode_init();
diff --git a/include/linux/slab.h b/include/linux/slab.h
index 11b45f7ae405..fa75912cfe70 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -28,6 +28,14 @@
#define SLAB_RED_ZONE ((slab_flags_t __force)0x00000400U)
/* DEBUG: Poison objects */
#define SLAB_POISON ((slab_flags_t __force)0x00000800U)
+
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+/* PaX: Do not sanitize objs on free */
+#define SLAB_NO_SANITIZE ((slab_flags_t __force)0x00001000U)
+#else
+#define SLAB_NO_SANITIZE ((slab_flags_t __force)0x00000000U)
+#endif
+
/* Align objs on cache lines */
#define SLAB_HWCACHE_ALIGN ((slab_flags_t __force)0x00002000U)
/* Use GFP_DMA memory */
diff --git a/kernel/fork.c b/kernel/fork.c
index 91d0c0557430..8a8175cb6e4d 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2423,7 +2423,7 @@ void __init proc_caches_init(void)
offsetof(struct mm_struct, saved_auxv),
sizeof_field(struct mm_struct, saved_auxv),
NULL);
- vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT);
+ vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_SANITIZE);
mmap_init();
nsproxy_cache_init();
}
diff --git a/mm/rmap.c b/mm/rmap.c
index 0454ecc29537..c452a12e6f01 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -432,10 +432,10 @@ static void anon_vma_ctor(void *data)
void __init anon_vma_init(void)
{
anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
- 0, SLAB_TYPESAFE_BY_RCU|SLAB_PANIC|SLAB_ACCOUNT,
+ 0, SLAB_TYPESAFE_BY_RCU|SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_SANITIZE,
anon_vma_ctor);
anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain,
- SLAB_PANIC|SLAB_ACCOUNT);
+ SLAB_PANIC|SLAB_ACCOUNT|SLAB_NO_SANITIZE);
}
/*
diff --git a/mm/slab.c b/mm/slab.c
index 91c1863df93d..56a4fe8f6207 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -3503,6 +3503,17 @@ void ___cache_free(struct kmem_cache *cachep, void *objp,
struct array_cache *ac = cpu_cache_get(cachep);
check_irq_off();
+
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ if (pax_sanitize_slab) {
+ if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) {
+ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
+ if (cachep->ctor)
+ cachep->ctor(objp);
+ }
+ }
+#endif
+
kmemleak_free_recursive(objp, cachep->flags);
objp = cache_free_debugcheck(cachep, objp, caller);
diff --git a/mm/slab.h b/mm/slab.h
index 384105318779..930c8c21a8e9 100644
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -80,6 +80,15 @@ extern const struct kmalloc_info_struct {
unsigned int size;
} kmalloc_info[];
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+#ifdef CONFIG_X86_64
+#define PAX_MEMORY_SANITIZE_VALUE '\xfe'
+#else
+#define PAX_MEMORY_SANITIZE_VALUE '\xff'
+#endif
+extern bool pax_sanitize_slab;
+#endif
+
#ifndef CONFIG_SLOB
/* Kmalloc array related functions */
void setup_kmalloc_cache_index_table(void);
diff --git a/mm/slab_common.c b/mm/slab_common.c
index f9d89c1b5977..1b25483a758b 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -58,7 +58,11 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work,
/*
* Merge control. If this is set then no merging of slab caches will occur.
*/
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+static bool slab_nomerge = true;
+#else
static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
+#endif
static int __init setup_slab_nomerge(char *str)
{
@@ -81,6 +85,20 @@ unsigned int kmem_cache_size(struct kmem_cache *s)
}
EXPORT_SYMBOL(kmem_cache_size);
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+bool pax_sanitize_slab = false;
+static int __init pax_sanitize_slab_setup(char *str)
+{
+ if (!str)
+ return -EINVAL;
+
+ pax_sanitize_slab = !!simple_strtol(str, NULL, 0);
+ pr_info("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis");
+ return 0;
+}
+early_param("pax_sanitize_slab", pax_sanitize_slab_setup);
+#endif
+
#ifdef CONFIG_DEBUG_VM
static int kmem_cache_sanity_check(const char *name, unsigned int size)
{
@@ -292,7 +310,11 @@ static unsigned int calculate_alignment(slab_flags_t flags,
*/
int slab_unmergeable(struct kmem_cache *s)
{
- if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE))
+ if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE)
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ || pax_sanitize_slab
+#endif
+ )
return 1;
if (!is_root_cache(s))
@@ -318,7 +340,11 @@ struct kmem_cache *find_mergeable(unsigned int size, unsigned int align,
{
struct kmem_cache *s;
- if (slab_nomerge)
+ if (slab_nomerge
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ || pax_sanitize_slab
+#endif
+ )
return NULL;
if (ctor)
@@ -470,6 +496,11 @@ kmem_cache_create_usercopy(const char *name,
*/
flags &= CACHE_CREATE_MASK;
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ if (flags & SLAB_DESTROY_BY_RCU)
+ flags |= SLAB_NO_SANITIZE;
+#endif
+
/* Fail closed on bad usersize of useroffset values. */
if (WARN_ON(!usersize && useroffset) ||
WARN_ON(size < usersize || size - usersize < useroffset))
diff --git a/mm/slob.c b/mm/slob.c
index 307c2c9feb44..2356d7787c5a 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -366,6 +366,11 @@ static void slob_free(void *block, int size)
return;
}
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ if (pax_sanitize_slab && !(c && (c->flags & SLAB_NO_SANITIZE)))
+ memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
+#endif
+
if (!slob_page_free(sp)) {
/* This slob page is about to become partially free. Easy! */
sp->units = units;
diff --git a/mm/slub.c b/mm/slub.c
index dc777761b6b7..88ed9719a1db 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3002,8 +3002,25 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
* With KASAN enabled slab_free_freelist_hook modifies the freelist
* to remove objects, whose reuse must be delayed.
*/
- if (slab_free_freelist_hook(s, &head, &tail))
+ if (slab_free_freelist_hook(s, &head, &tail)) {
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) {
+ int offset = s->offset ? 0 : sizeof(void *);
+ void *x = head;
+ void *tail_obj = tail ? : head;
+
+ while (1) {
+ memset(x + offset, PAX_MEMORY_SANITIZE_VALUE, s->object_size - offset);
+ if (s->ctor)
+ s->ctor(x);
+ if (x == tail_obj)
+ break;
+ x = get_freepointer(s, x);
+ }
+ }
+#endif
do_slab_free(s, page, head, tail, cnt, addr);
+ }
}
#ifdef CONFIG_KASAN_GENERIC
@@ -3529,6 +3546,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
s->inuse = size;
if (((flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)) ||
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) ||
+#endif
s->ctor)) {
/*
* Relocate free pointer after the object if it is not
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 2415d9cb9b89..b855e700f059 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3949,14 +3949,14 @@ void __init skb_init(void)
skbuff_head_cache = kmem_cache_create_usercopy("skbuff_head_cache",
sizeof(struct sk_buff),
0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC,
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
offsetof(struct sk_buff, cb),
sizeof_field(struct sk_buff, cb),
NULL);
skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
sizeof(struct sk_buff_fclones),
0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC,
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NO_SANITIZE,
NULL);
skb_extensions_init();
}
diff --git a/security/Kconfig b/security/Kconfig
index aaf50403a138..cda44eeefff0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -6,6 +6,37 @@ menu "Security options"
source "security/keys/Kconfig"
+menu "Miscellaneous hardening features"
+
+config PAX_MEMORY_SANITIZE
+ bool "Sanitize the freed memory"
+ default y
+ help
+ By saying Y here the kernel will erase the contents of slab objects
+ as soon as they are freed. This in turn reduces the lifetime of data
+ stored in them, making it less likely that sensitive information such
+ as passwords, cryptographic secrets, etc stay in memory for too long.
+
+ This is especially useful for programs whose runtime is short, long
+ lived processes and the kernel itself benefit from this as long as
+ they ensure timely freeing of memory that may hold sensitive
+ information.
+
+ A nice side effect of the sanitization of slab objects is the
+ reduction of possible info leaks caused by padding bytes within the
+ leaky structures. Use-after-free bugs for structures containing
+ pointers can also be detected as dereferencing the sanitized pointer
+ will generate an access violation.
+
+ The tradeoff is performance impact, on a single CPU system kernel
+ compilation sees a 3% slowdown, other systems and workloads may vary
+ and you are advised to test this feature on your expected workload
+ before deploying it.
+
+ Slab sanitization can be disabled with the kernel commandline
+ parameter "pax_sanitize_slab=0".
+endmenu
+
config SECURITY_DMESG_RESTRICT
bool "Restrict unprivileged access to the kernel syslog"
default n