| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Nov 2015 08:59:59 +0100 From: Ingo Molnar <mingo@...nel.org> To: Andy Lutomirski <luto@...capital.net>, Linus Torvalds <torvalds@...ux-foundation.org> Cc: PaX Team <pageexec@...email.hu>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Mathias Krause <minipli@...glemail.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Kees Cook <keescook@...omium.org>, Ingo Molnar <mingo@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, x86-ml <x86@...nel.org>, Arnd Bergmann <arnd@...db.de>, Michael Ellerman <mpe@...erman.id.au>, linux-arch <linux-arch@...r.kernel.org>, Emese Revfy <re.emese@...il.com> Subject: Re: [kernel-hardening] [PATCH 0/2] introduce post-init read-only memory * Andy Lutomirski <luto@...capital.net> wrote: > > Can you see any fragility in such a technique? > > After Linus shot down my rdmsr/rwmsr decoding patch, good luck... I think that case was entirely different, but I've Cc:-ed Linus to shoot my idea down if it's crap. > More seriously, though, I think this is mostly just like any other in-kernel > fault. We failed, me might be under attack, let's oops. In the particular case > of suspend/resume, we could consider a debug flag to allow writes to these > variables during suspend/resume. In fact, that might even be a reasonable > default. We might want to allow writes during module unload as well. We are getting the _same_ information: we generate a reliable stack trace right there. We don't ignore anything. What my suggestion would do is to turn a 'sure system crasher' into a 'informational debug message'. On today's typical desktop systems I can tell you with 110% confidence that the vast majority of 'system crasher' oopses never reaches a kernel developer's attention, because the oops message is not propagated to the user, while the 'dump stack trace and try to continue' approach will result in proper bugzillas. And that's really an important distinction IMHO. Getting debug info out of the system is very important - and those who are paranoid can set a Kconfig value to crash their systems on any hint of a problem. > For everything else, we should probably focus more on getting OOPSes to display > reliably, which is supposed to work but, on my shiny new i915-based laptop, is > clearly not ready yet (I oopsed it yesterday due to my own bug and all I had to > show for it was a blinking capslock key, and yes, modesetting works). That's absolutely true as well but an independent issue: it does not invalidate my argument that is based on the status quo, which is that the vast majority panics/oopses, _especially_ during suspend/resume that was mentioned in this case, does not reach any kernel developer. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists