Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAGXu5jLMsdeQ6XwBm-+kT0OkQtm78SQJRPFWueZ=wSUPeadwsw@mail.gmail.com>
Date: Wed, 29 Jun 2016 07:50:25 -0700
From: Kees Cook <keescook@...omium.org>
To: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Emese Revfy <re.emese@...il.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, PaX Team <pageexec@...email.hu>, 
	Brad Spengler <spender@...ecurity.net>, Michal Marek <mmarek@...e.com>, 
	LKML <linux-kernel@...r.kernel.org>, 
	Masahiro Yamada <yamada.masahiro@...ionext.com>, linux-kbuild <linux-kbuild@...r.kernel.org>, 
	minipli@...linux.so, Russell King <linux@...linux.org.uk>, 
	Catalin Marinas <catalin.marinas@....com>, David Brown <david.brown@...aro.org>, 
	"benh@...nel.crashing.org" <benh@...nel.crashing.org>, Thomas Gleixner <tglx@...utronix.de>, 
	Andrew Morton <akpm@...ux-foundation.org>, jlayton@...chiereds.net, 
	Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH v1 1/2] Add the initify gcc plugin

On Tue, Jun 28, 2016 at 2:05 PM, Rasmus Villemoes
<linux@...musvillemoes.dk> wrote:
> On Tue, Jun 28 2016, Emese Revfy <re.emese@...il.com> wrote:
>
>> The kernel already has a mechanism to free up code and data memory that
>> is only used during kernel or module initialization.
>> This plugin will teach the compiler to find more such code and data that
>> can be freed after initialization.
>> It has two passes. The first one tries to find all functions that
>> can be become __init/__exit. The second one moves string constants
>> (local variables and function string arguments marked by
>> the nocapture attribute) only referenced in __init/__exit functions
>> to the __initconst/__exitconst sections.
>> It reduces memory usage. This plugin can be useful for embedded systems.
>
> May I suggest, as a followup patch, a debug option/plugin parameter to
> put the strings in a section which will not be reaped after init, but
> just marked inaccessible, with graceful handling of bad accesses (print
> a big fat warning, make the page(s) readable, continue)?

Is there a clean way to do this that isn't arch-specific?

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.