From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Possible collateral damage while enabling KFENCE In IPFire 3.x
Date: Tue, 27 Dec 2022 11:28:33 +0100
Message-ID: <05844E32-E923-4D54-8360-2D18957ECDB7@ipfire.org>
In-Reply-To: <c86f3205-9ee4-49a2-a07c-9a2e800972b7@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7659860291888744104=="
List-Id: <development.lists.ipfire.org>

--===============7659860291888744104==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Peter,

> On 26 Dec 2022, at 13:22, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wr=
ote:
>=20
> Hello Michael,
>=20
> above all, I hope you are doing well, and have/had some restful days.

One tries.

> Working through your changes related to the kernel configuration in IPFire =
3.x,
> I took the liberty of backporting some of them (whenever it made sense to d=
o so)
> - a patchset will be provided in due course, ideally by tomorrow at the lat=
est.

> However, looking at c36f92723a727a1f6366b5d27f5cd2eac106a3cc, the following
> delta strikes me as implausible to be beneficial for security:
>=20
>> -CONFIG_PAGE_POISONING=3Dy
>> +# CONFIG_PAGE_POISONING is not set
>=20
> Here, you are _disabling_ page poisoning for all architectures in IPFire 3.=
x,
> which I doubt is what you intended. For your reference, the current situati=
on
> in IPFire 2.x is mixed (as usual - sigh):

This was not directly intended, but I noticed that this switch got disabled.

Since we are already trying to wipe all memory pages, what is the point of ha=
ving this, too?

As far as I understand, all these options are compiled in, but none is then e=
nabled since they all require any kernel command line switches. This is proba=
bly the worst design decision since losing a kernel command line is very easy.

-Michael

>> $ grep CONFIG_PAGE_POISONING config/kernel/*
>> config/kernel/kernel.config.aarch64-ipfire:# CONFIG_PAGE_POISONING is not =
set
>> config/kernel/kernel.config.armv6l-ipfire:# CONFIG_PAGE_POISONING is not s=
et
>> config/kernel/kernel.config.riscv64-ipfire:CONFIG_PAGE_POISONING=3Dy
>> config/kernel/kernel.config.x86_64-ipfire:CONFIG_PAGE_POISONING=3Dy
>=20
> Thanks, and best regards,
> Peter M=C3=BCller


--===============7659860291888744104==--