lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 21 Jan 2013 12:20:08 +1030
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	"Frank Ch. Eigler" <fche@...hat.com>
Cc:	Dave Jones <davej@...hat.com>, Josh Boyer <jwboyer@...hat.com>,
	dhowells@...hat.com, linux-kernel@...r.kernel.org,
	peterz@...radead.org, mingo@...hat.com,
	Len Brown <lenb@...nel.org>, "Rafael J. Wysocki" <rjw@...k.pl>,
	linux-acpi@...r.kernel.org
Subject: Re: [PATCH] MODSIGN: Add TAINT_NOKEY_MODULE

"Frank Ch. Eigler" <fche@...hat.com> writes:
> Hi -
>
>> [...]
>> -	add_taint(TAINT_DIE);
>> +	add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
>> [...]
>
> If "UNRELIABLE" a good way to describe it - not DANGEROUS or
> COUNTERPRODUCTIVE or something, then maybe lockdep *can* produce
> reasonable results following such a taint.  If the results are merely
> suspect, could lockdep reports include the taint report, but otherwise
> keep working?

git blame is your friend here:

commit 2c16e9c888985761511bd1905b00fb271169c3c0
Author: Arjan van de Ven <arjan@...ux.intel.com>
Date:   Mon Jul 10 04:45:42 2006 -0700

    [PATCH] lockdep: disable lock debugging when kernel state becomes untrusted
    
    Disable lockdep debugging in two situations where the integrity of the
    kernel no longer is guaranteed: when oopsing and when hitting a
    tainting-condition.  The goal is to not get weird lockdep traces that don't
    make sense or are otherwise undebuggable, to not waste time.
    
    Lockdep assumes that the previous state it knows about is valid to operate,
    which is why lockdep turns itself off after the first violation it reports,
    after that point it can no longer make that assumption.
    
    A kernel oops means that the integrity of the kernel compromised; in
    addition anything lockdep would report is of lesser importance than the
    oops.
    
    All the tainting conditions are of similar integrity-violating nature and
    also make debugging/diagnosing more difficult.
    
    Signed-off-by: Arjan van de Ven <arjan@...ux.intel.com>
    Signed-off-by: Ingo Molnar <mingo@...e.hu>
    Signed-off-by: Andrew Morton <akpm@...l.org>
    Signed-off-by: Linus Torvalds <torvalds@...l.org>

Cheers,
Rusty.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ