lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 27 Jul 2022 18:30:59 +0200
From:   Jann Horn <>
To:     Alexey Khoroshilov <>
Cc:     Linus Torvalds <>,
        Petr Mladek <>,
        "Paul E. McKenney" <>,
        Alexander Popov <>,
        Jonathan Corbet <>,
        Andrew Morton <>,
        Thomas Gleixner <>,
        Peter Zijlstra <>,
        Joerg Roedel <>,
        Maciej Rozycki <>,
        Muchun Song <>,
        Viresh Kumar <>,
        Robin Murphy <>,
        Randy Dunlap <>,
        Lu Baolu <>,
        Kees Cook <>,
        Luis Chamberlain <>, Wei Liu <>,
        John Ogness <>,
        Andy Shevchenko <>,
        Alexey Kardashevskiy <>,
        Christophe Leroy <>,
        Greg Kroah-Hartman <>,
        Mark Rutland <>,
        Andy Lutomirski <>,
        Dave Hansen <>,
        Steven Rostedt <>,
        Thomas Garnier <>,
        Will Deacon <>,
        Ard Biesheuvel <>,
        Laura Abbott <>,
        David S Miller <>,
        Borislav Petkov <>,
        Kernel Hardening <>,,
        "open list:DOCUMENTATION" <>,
        Linux Kernel Mailing List <>,
Subject: Re: [PATCH] Introduce the pkill_on_warn boot parameter

On Wed, Jul 27, 2022 at 6:17 PM Alexey Khoroshilov
<> wrote:
> On 01.10.2021 22:59, Linus Torvalds wrote:
> Coming back to the discussion of WARN_ON()/pr_warn("WARNING:") semantics.
> We see a number of cases where WARNING is used to inform userspace that
> it is doing something wrong, e.g.
> It is definitely useful, but it does not make sense in case of fuzzing
> when the userspace should do wrong things and check if kernel behaves
> correctly.
> As a result we have warnings with two different intentions:
> - warn that something wrong happens in kernel, but we are able to continue;
> - warn userspace that it is doing something wrong.
> During fuzzing we would like to report the former and to ignore the
> latter. Are any ideas how these intentions can be recognized automatically?

 * WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
 * significant kernel issues that need prompt attention if they should ever
 * appear at runtime.
 * Do not use these macros when checking for invalid external inputs
 * (e.g. invalid system call arguments, or invalid data coming from
 * network/devices), and on transient conditions like ENOMEM or EAGAIN.
 * These macros should be used for recoverable kernel issues only.
 * For invalid external inputs, transient conditions, etc use
 * pr_err[_once/_ratelimited]() followed by dump_stack(), if necessary.
 * Do not include "BUG"/"WARNING" in format strings manually to make these
 * conditions distinguishable from kernel issues.

So if you see drivers intentionally using WARN() or printing
"WARNING:" on codepaths that are reachable with bogus inputs from
userspace, those codepaths should be fixed to log warnings in a
different format.

Powered by blists - more mailing lists