On 11 May 2015 at 9:59, Anisse Astier wrote: > > Otherwise it looks good to me... if the sanitization is considered > > useful. Did it catch some bugs in the past? > > > > I've read somewhere that users of grsecurity claim that it caught bugs > in some drivers, but I haven't verified that personally; it's probably > much less useful than kasan (or even the original grsec feature) as a > bug-catcher since it doesn't clear freed slab buffers.
the PaX SANITIZE feature wasn't developed for catching use-after-free bugs but to help reduce data lifetime from the kernel while not killing too much performance (this is why i was reluctant to add a finer grained version to do slab object sanitization until Mathias Krause came up with a workable compromise). another reason page zeroing isn't good at catching these bugs is that the 0 fill value will produce NULL pointers which are often explicitly handled already. on the other hand changing the fill value would not allow the __GFP_ZERO performance optimization (the slab sanitization feature is a different story however, we have a non-0 fill value and it keeps triggering use-after-free bugs). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
