From 7617e31b3cc4b6049c1c957edba99e427d968040 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 3 May 2017 21:54:56 -0400 Subject: [PATCH] mm: add support for verifying page sanitization Signed-off-by: Daniel Micay Signed-off-by: anupritaisno1 --- include/linux/highmem.h | 7 +++++++ mm/page_alloc.c | 6 ++++++ security/Kconfig.hardening | 7 +++++++ 3 files changed, 20 insertions(+) diff --git a/include/linux/highmem.h b/include/linux/highmem.h index d01b6a55a..5558556b8 100755 --- a/include/linux/highmem.h +++ b/include/linux/highmem.h @@ -282,6 +282,13 @@ static inline void tag_clear_highpage(struct page *page) #endif +static inline void verify_zero_highpage(struct page *page) +{ + void *kaddr = kmap_atomic(page); + BUG_ON(memchr_inv(kaddr, 0, PAGE_SIZE)); + kunmap_atomic(kaddr); +} + static inline void zero_user_segments(struct page *page, unsigned start1, unsigned end1, unsigned start2, unsigned end2) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 08cd2858b..c2cb7f52f 100755 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2391,6 +2391,12 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags { post_alloc_hook(page, order, gfp_flags); + if (IS_ENABLED(CONFIG_PAGE_SANITIZE_VERIFY) && want_init_on_free()) { + int i; + for (i = 0; i < (1 << order); i++) + verify_zero_highpage(page + i); + } + if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index a69055b32..ef8f905b4 100755 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -238,6 +238,13 @@ config INIT_ON_FREE_DEFAULT_ON touching "cold" memory areas. Most cases see 3-5% impact. Some synthetic workloads have measured as high as 8%. +config PAGE_SANITIZE_VERIFY + bool "Verify sanitized pages" + default y + help + When init_on_free is enabled, verify that newly allocated pages + are zeroed to detect write-after-free bugs. + endmenu endmenu