init_on_alloc and init_on_free protect the kernel by initializing allocated and freed pages to 0 on allocation time / deletion. Commit 700d2e9a36b93601270c1e15550acde2521386c5 ("mm, page_alloc: reduce page alloc/free sanity checks") removed page checking from hot pcp drain and refill paths, and instead coupled it with CONFIG_DEBUG_VM, debug_pagealloc, page poisoning, and init_on_{alloc, free}. As the commit suggests, the first three turn the kernel into a debug kernel, while the last hardens the kernel against leaking sensitive memory. While enabling page checking is relatively low-cost and tying it together with page initialization is not unreasonable, it does feel like a bit of a side-effect, rather than an obvious consequence. With page checking now pulled out as a boot time parameter that can be set independently, let's decouple page checking and init_on_alloc and init_on_free. As a direct side effect, systems that have init_on_alloc or init_on_free will no longer have page checking enabled by default; they will either have to pass the check_pages boot parameter, build the kernel with CONFIG_DEBUG_VM, or enable debug_pagealloc / page poisoning. Suggested-by: Vlastimil Babka Signed-off-by: Joshua Hahn --- mm/mm_init.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/mm/mm_init.c b/mm/mm_init.c index 01d46efc42b4..59636d2c0178 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -2566,19 +2566,15 @@ static void __init mem_debugging_and_hardening_init(void) _init_on_free_enabled_early = false; } - if (_init_on_alloc_enabled_early) { - want_check_pages = true; + if (_init_on_alloc_enabled_early) static_branch_enable(&init_on_alloc); - } else { + else static_branch_disable(&init_on_alloc); - } - if (_init_on_free_enabled_early) { - want_check_pages = true; + if (_init_on_free_enabled_early) static_branch_enable(&init_on_free); - } else { + else static_branch_disable(&init_on_free); - } if (IS_ENABLED(CONFIG_KMSAN) && (_init_on_alloc_enabled_early || _init_on_free_enabled_early)) -- 2.47.3