Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 971
    • Issues 971
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 24
    • Merge requests 24
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #18858
Closed
Open
Issue created Feb 20, 2022 by mathman@mathman

Consider dropping slub_debug=P and page_poison=1 options and let init_on_free wipe slab and page allocations

Hi,

I recently spotted these kernel log messages in Tails.

amnesia kernel: mem auto-init: CONFIG_PAGE_POISONING is on, will take precedence over init_on_free
amnesia kernel: mem auto-init: SLAB_POISON will take precedence over init_on_alloc/init_on_free
amnesia kernel: mem auto-init: stack:off, heap alloc:off, heap free:off

Currently Tails ships with slub_debug=P page_poison=1 and init_on_free=1 options enabled. Dropping slub_debug=P and page_poison=1 may be a good idea.

Dropping these options has been recommended by the KSPP wiki. https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings

The main complaint about slab allocator poisoning i.e. slub_debug=P is that the poison value written to freed heap objects points to userland which could result in security bugs. init_on_free writes freed heap objects with zeroes instead, resolving the issue.

CONFIG_PAGE_POISONING_ZERO was removed from Linux since 5.11 so you won't be able to zero-poison page allocations with page_poison=1 anymore. See commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f289041ed4cf9a3f6e8a32068fef9ffb2acc5662

But we have init_on_free to achieve page sanitization with zeroes.

Thoughts?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking