Bug 12362

Summary:	CONFIG_PAGE_POISONING is disabled on x86_64, armv5tel and aarch64
Product:	IPFire	Reporter:	Peter Müller <peter.mueller>
Component:	---	Assignee:	Peter Müller <peter.mueller>
Status:	CLOSED FIXED	QA Contact:	Arne.F <arne.fitzenreiter>
Severity:	Security
Priority:	Will affect most users	CC:	peter.mueller
Version:	2
Hardware:	all
OS:	All
Bug Depends on:
Bug Blocks:	12361

Description Peter Müller 2020-04-14 15:14:58 UTC

This is currently enabled on i568 only.

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Medium
>
> Fill the pages with poison patterns after free_pages() and verify the patterns
> before alloc_pages. The filling of the memory helps reduce the risk of
> information leaks from freed data. This does have a potential performance
> impact if enabled with the "page_poison=1" kernel boot option.

x86_64: https://patchwork.ipfire.org/patch/2964/

Comment 1 Peter Müller 2020-06-06 13:08:40 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=efd508e9f60d17d8d2205ba8ef3f03407c720fa8

Comment 2 Peter Müller 2020-06-20 09:29:12 UTC

Fixed for x86_64 in https://blog.ipfire.org/post/ipfire-2-25-core-update-146-is-available-for-testing

Comment 3 Peter Müller 2020-06-20 09:29:36 UTC

Resetting this back to ASSIGNED as patches for armv5tel and aarch64 are missing.

Comment 4 Peter Müller 2020-06-21 09:39:27 UTC

Patch for aarch64 and armv5tel: https://patchwork.ipfire.org/patch/3212/

Comment 5 Peter MÃ¼ller 2021-10-23 11:18:13 UTC

This is fixed for x86_64, and the patch was dropped for armv5tel and aarch64 due to compatibility/performance reasons.