lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 14 Jul 2008 21:11:11 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
CC:	Ingo Molnar <mingo@...e.hu>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Avi Kivity <avi@...ranet.com>
Subject: Re: [git pull] core, x86: make LIST_POISON less deadly

Linus Torvalds wrote:
> 
> On Mon, 14 Jul 2008, Andi Kleen wrote:
>> The issue is that the kernel cannot detect it (short of running the
>> KVM x86 emulator on #GP, but surely you're not suggesting that), so it
>> cannot print something out.
> 
> Don't be silly. It prints out the oops message.
> 
> People who cannot see where that oops is, and cannot be bothered to look 
> at the register state aren't going to help _anyway_.

I've seen a lot of people who don't know too much assembler just work based
on the RIP. As in look it up in the source using addr2line or gdb and then try
to figure it out based on the source. Actually looking at the register contents
and how the instruction uses it is pretty arcane knowledge and usually
not even needed.  And with more and more kernel developers being
newbie friendly in this area is a good thing.

> 
> In fact, with the 0xdead... sequence, it's going to be *more* obvious than 
> with some almost-kernel 0xffffc.. address, even if it's not showing up in 
> the first line.

> In other words, your whole argument is pure and utter sh*t. The page fault 
> is _less_ readable than the GP fault.

How about if the page fault handler checks for the value and prints
a obvious string? It could do this reliably, unlike the "grep
all registers for poison on #GP" method that was earlier proposed.

>> That is why I suggested using a canonical address.
> 
> And I disagree. Violently. 
> 
> The whole and ONLY point of poisoning is to get the fault.
> 
> With the canonical address, you won't get it reliably, and when you do get 
> it, it's not obvious to decode.

I discussed this with Avi earlier and we were careful to put it into
one of the guaranteed to be unmapped holes. This should actually not
change if the CPU changes because it's defined by the kernel mapping.

If these holes ever change the poison would need to change too, but
otherwise I don't really see how it should be particularly unreliable.

Ok it might break if someone messes up the direct mapping, but if that
happens you typically don't even go through the oops handler completely
and won't see the message.

-Andi


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ