| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Oct 2008 11:07:39 -0400 From: Stephen Smalley <sds@...ho.nsa.gov> To: Ingo Molnar <mingo@...e.hu> Cc: Tejun Heo <tj@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, Jens Axboe <jens.axboe@...cle.com>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, Yinghai Lu <yinghai@...nel.org>, James Morris <jmorris@...ei.org>, Eric Paris <eparis@...isplace.org> Subject: Re: [bug] latest -git boot hang On Sat, 2008-10-11 at 09:19 +0200, Ingo Molnar wrote: > * Tejun Heo <tj@...nel.org> wrote: > > > > It does sound like perhaps the option should be hidden more, if it's > > > really only reasonably enabled for some very specialized distro > > > debuggers, not normal kernel people. > > > > Yeap, if fedora didn't work, I think it should be hidden. Do we > > already have place to hide things like this? > > in my local testing i'm using simple annotations like the one attached > further below. Any objections against sending my BROKEN_BOOT_ALLOWED kit > upstream, and merge my annotations for various kernel features that > break a generic distro bootup? > > Right now i have about 40 such annotations for -tip testing: > > fs/Kconfig: depends on BROKEN_BOOT_ALLOWED > fs/Kconfig: depends on BROKEN_BOOT_ALLOWED > security/selinux/Kconfig: depends on BROKEN_BOOT_ALLOWED > security/smack/Kconfig: depends on BROKEN_BOOT_ALLOWED > security/Kconfig: depends on BROKEN_BOOT_ALLOWED What in particular under fs/Kconfig and security/*Kconfig falls into this category, and why? What constitutes a "generic distro bootup"? For distros that support SELinux, it obviously shouldn't break the bootup (there have of course been cases where it has, but those were bugs that have been addressed, including the recent /proc/net breakage), and for other distros, it should yield no effect as no policy will be loaded and thus SELinux just allows everything. > drivers/net/appletalk/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/net/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/media/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/scsi/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/watchdog/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/watchdog/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/ide/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/i2c/busses/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/block/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/console/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/video/console/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/mtd/Kconfig: depends on BROKEN_BOOT_ALLOWED > drivers/isdn/icn/Kconfig: depends on BROKEN_BOOT_ALLOWED > lib/Kconfig.kgdb: depends on BROKEN_BOOT_ALLOWED > lib/Kconfig.debug: depends on BROKEN_BOOT_ALLOWED > lib/Kconfig.debug: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig.debug: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: # depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig: depends on BROKEN_BOOT_ALLOWED > arch/x86/Kconfig.cpu: depends on BROKEN_BOOT_ALLOWED > > and note the stark contrast to CONFIG_BROKEN - sometimes a given > functionality is really not meant to be enabled on a generic system. > > Ingo > > ----------------> > Subject: qa: no ext devt > From: Ingo Molnar <mingo@...e.hu> > Date: Fri Oct 10 22:54:57 CEST 2008 > > Signed-off-by: Ingo Molnar <mingo@...e.hu> > --- > lib/Kconfig.debug | 2 ++ > 1 file changed, 2 insertions(+) > > Index: linux/lib/Kconfig.debug > =================================================================== > --- linux.orig/lib/Kconfig.debug > +++ linux/lib/Kconfig.debug > @@ -670,6 +670,8 @@ config DEBUG_BLOCK_EXT_DEVT > bool "Force extended block device numbers and spread them" > depends on DEBUG_KERNEL > depends on BLOCK > + depends on BROKEN_BOOT_ALLOWED > + select BROKEN_BOOT > default n > help > Conventionally, block device numbers are allocated from > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists