• York Jasper Niebuhr's avatar
    mm: init_mlocked_on_free_v3 · ba42b524
    York Jasper Niebuhr authored
    Implements the "init_mlocked_on_free" boot option. When this boot option
    is enabled, any mlock'ed pages are zeroed on free. If
    the pages are munlock'ed beforehand, no initialization takes place.
    This boot option is meant to combat the performance hit of
    "init_on_free" as reported in commit 6471384a ("mm: security:
    introduce init_on_alloc=1 and init_on_free=1 boot options"). With
    "init_mlocked_on_free=1" only relevant data is freed while everything
    else is left untouched by the kernel. Correspondingly, this patch
    introduces no performance hit for unmapping non-mlock'ed memory. The
    unmapping overhead for purely mlocked memory was measured to be
    approximately 13%. Realistically, most systems mlock only a fraction of
    the total memory so the real-world system overhead should be close to
    zero.
    
    Optimally, userspace programs clear any key material or other
    confidential memory before exit and munlock the according memory
    regions. If a program crashes, userspace key managers fail to do this
    job. Accordingly, no munlock operations are performed so the data is
    caught and zeroed by the kernel. Should the program not crash, all
    memory will ideally be munlocked so no overhead is caused.
    
    CONFIG_INIT_MLOCKED_ON_FREE_DEFAULT_ON can be set to enable
    "init_mlocked_on_free" by default.
    
    Link: https://lkml.kernel.org/r/20240329145605.149917-1-yjnworkstation@gmail.comSigned-off-by: default avatarYork Jasper Niebuhr <yjnworkstation@gmail.com>
    Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
    Cc: York Jasper Niebuhr <yjnworkstation@gmail.com>
    Cc: Kees Cook <keescook@chromium.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    ba42b524
Kconfig.hardening 15.8 KB