Project

General

Profile

Bug #17236

Consider enabling the init_on_alloc=1 and init_on_free=1 Linux options

Added by intrigeri 26 days ago. Updated 14 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
feature/17236-heap-variable-initialization+force-all-tests
Type of work:
Test
Blueprint:
Starter:
Affected tool:

Description


Related issues

Related to Tails - Bug #17124: Install Linux 5.3 from sid Resolved
Related to Tails - Bug #17117: Upgrade to Linux 5.3 Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision 6aec55af (diff)
Added by intrigeri 25 days ago

Zero heap memory at allocation time and at free time (refs: #17236)

These options are "aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic"¹.
All kmalloc()s effectively become kzalloc()s and all kfree()s effectively become
kzfree()s².

In passing, apart of the defense-in-depth security benefits intended by the
authors of this Linux feature, init_on_free=1 may ensure we clean more kernel
memory at shutdown time.

Benchmarks show:

  • a negligible performance hit with init_on_alloc=1
  • a 7-25% performance hit with init_on_free=1

Let's see if/how this affects our use cases.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6471384af2a6530696fc0203bafe4de41a23c9ef
[2] https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/

History

#1 Updated by intrigeri 26 days ago

  • Related to Bug #17124: Install Linux 5.3 from sid added

#2 Updated by intrigeri 26 days ago

  • Related to Bug #17177: Greeter has no option to 'Show Passphrase' anymore added

#3 Updated by intrigeri 26 days ago

  • Related to Bug #17117: Upgrade to Linux 5.3 added

#4 Updated by intrigeri 26 days ago

  • Related to deleted (Bug #17177: Greeter has no option to 'Show Passphrase' anymore)

#5 Updated by intrigeri 26 days ago

#6 Updated by intrigeri 25 days ago

  • Status changed from Confirmed to In Progress

#7 Updated by intrigeri 25 days ago

  • Feature Branch set to feature/17236-heap-variable-initialization+force-all-tests

#8 Updated by intrigeri 25 days ago

No performance nor robustness regression spotted on my local Jenkins.

#9 Updated by intrigeri 24 days ago

The first 2 test suite runs on lizard each expose at least one occurrence of "Remote shell seems to be down" (smells bad to me), but no performance regression.

#10 Updated by intrigeri 14 days ago

  • Target version changed from Tails_4.1 to Tails_4.2

This can totally wait a bit and it's now a bit too late in the 4.1 cycle for me to feel comfortable including this.

Also available in: Atom PDF