Commit 360a8abc authored by intrigeri's avatar intrigeri Committed by segfault
Browse files

Zero heap memory at allocation time and at free time (refs: #17236)

These options are "aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic"¹.
All kmalloc()s effectively become kzalloc()s and all kfree()s effectively become
kzfree()s².

In passing, apart of the defense-in-depth security benefits intended by the
authors of this Linux feature, init_on_free=1 may ensure we clean more kernel
memory at shutdown time.

Benchmarks show:

* a negligible performance hit with init_on_alloc=1
* a 7-25% performance hit with init_on_free=1

Let's see if/how this affects our use cases.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6471384af2a6530696fc0203bafe4de41a23c9ef
[2] https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
parent 55793bf7
......@@ -17,7 +17,7 @@ export SOURCE_DATE_FAKETIME="$(date --utc --date="$(dpkg-parsechangelog --show-f
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 mds=full,nosmt union=aufs"
AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_alloc=1 init_on_free=1 mds=full,nosmt union=aufs"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment