Consider dropping slub_debug=P and page_poison=1 options and let init_on_free wipe slab and page allocations
Hi,
I recently spotted these kernel log messages in Tails.
amnesia kernel: mem auto-init: CONFIG_PAGE_POISONING is on, will take precedence over init_on_free
amnesia kernel: mem auto-init: SLAB_POISON will take precedence over init_on_alloc/init_on_free
amnesia kernel: mem auto-init: stack:off, heap alloc:off, heap free:off
Currently Tails ships with slub_debug=P page_poison=1 and init_on_free=1 options enabled. Dropping slub_debug=P and page_poison=1 may be a good idea.
Dropping these options has been recommended by the KSPP wiki. https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
The main complaint about slab allocator poisoning i.e. slub_debug=P is that the poison value written to freed heap objects points to userland which could result in security bugs. init_on_free writes freed heap objects with zeroes instead, resolving the issue.
CONFIG_PAGE_POISONING_ZERO was removed from Linux since 5.11 so you won't be able to zero-poison page allocations with page_poison=1 anymore. See commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f289041ed4cf9a3f6e8a32068fef9ffb2acc5662
But we have init_on_free to achieve page sanitization with zeroes.
Thoughts?