lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 30 Sep 2021 11:12:30 -0700
From:   Kees Cook <>
To:     Stephen Brennan <>
Cc:     Thomas Gleixner <>,
        Josh Poimboeuf <>,
        Vito Caputo <>,
        Ingo Molnar <>, Borislav Petkov <>,
        "H. Peter Anvin" <>, Jens Axboe <>,
        Mark Rutland <>,
        Peter Zijlstra <>,
        Stefan Metzmacher <>,
        Andy Lutomirski <>,
        Lai Jiangshan <>,
        Christian Brauner <>,
        Andrew Morton <>,
        "" <>,
        Daniel Bristot de Oliveira <>,
        Michael WeiƟ 
        Anand K Mistry <>,
        Alexey Gladkov <>,
        Michal Hocko <>, Helge Deller <>,
        Dave Hansen <>,
        Andrea Righi <>,
        Ohhoon Kwon <>,
        Kalesh Singh <>,
        YiFei Zhu <>,
        "Eric W. Biederman" <>,,,,
Subject: Re: [PATCH] proc: Disable /proc/$pid/wchan

On Thu, Sep 30, 2021 at 11:05:35AM -0700, Stephen Brennan wrote:
> On 9/23/21 4:31 PM, Kees Cook wrote:
> > The /proc/$pid/wchan file has been broken by default on x86_64 for 4
> > years now[1]. As this remains a potential leak of either kernel
> > addresses (when symbolization fails) or limited observation of kernel
> > function progress, just remove the contents for good.
> > 
> > Unconditionally set the contents to "0" and also mark the wchan
> > field in /proc/$pid/stat with 0.
> Hi all,
> It looks like there's already been pushback on this idea, but I wanted
> to add another voice from a frequent user of /proc/$pid/wchan (via PS).
> Much of my job involves diagnosing kernel issues and performance issues
> on stable kernels, frequently on production systems where I can't do
> anything too invasive. wchan is incredibly useful for these situations,
> so much so that we store regular snapshots of ps output, and we expand
> the size of the WCHAN column to fit more data (e.g. ps -e -o
> pid,wchan=WCHAN-WIDE-COLUMN). Disabling wchan would remove a critical
> tool for me and my team.

Thanks for speaking up! Yes, we've moved to fixing wchan correctly as
it's clear it's still very much in use. :) Current thread is here:

Kees Cook

Powered by blists - more mailing lists