Bug 12362 - CONFIG_PAGE_POISONING is disabled on x86_64, armv5tel and aarch64
Summary: CONFIG_PAGE_POISONING is disabled on x86_64, armv5tel and aarch64
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect most users Security
Assignee: Peter Müller
QA Contact: Arne.F
URL:
Keywords:
Depends on:
Blocks: KERNSEC
  Show dependency treegraph
 
Reported: 2020-04-14 15:14 UTC by Peter Müller
Modified: 2021-10-23 11:18 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-04-14 15:14:58 UTC 
This is currently enabled on i568 only.

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Medium
>
> Fill the pages with poison patterns after free_pages() and verify the patterns
> before alloc_pages. The filling of the memory helps reduce the risk of
> information leaks from freed data. This does have a potential performance
> impact if enabled with the "page_poison=1" kernel boot option.

x86_64: https://patchwork.ipfire.org/patch/2964/
Comment 2 Peter Müller 2020-06-20 09:29:12 UTC 
Fixed for x86_64 in https://blog.ipfire.org/post/ipfire-2-25-core-update-146-is-available-for-testing
Comment 3 Peter Müller 2020-06-20 09:29:36 UTC 
Resetting this back to ASSIGNED as patches for armv5tel and aarch64 are missing.
Comment 4 Peter Müller 2020-06-21 09:39:27 UTC 
Patch for aarch64 and armv5tel: https://patchwork.ipfire.org/patch/3212/
Comment 5 Peter Müller 2021-10-23 11:18:13 UTC 
This is fixed for x86_64, and the patch was dropped for armv5tel and aarch64 due to compatibility/performance reasons.