lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 27 Jul 2022 19:43:01 +0300
From:   Alexey Khoroshilov <khoroshilov@...ras.ru>
To:     Jann Horn <jannh@...gle.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Petr Mladek <pmladek@...e.com>,
        "Paul E. McKenney" <paulmck@...nel.org>,
        Alexander Popov <alex.popov@...ux.com>,
        Jonathan Corbet <corbet@....net>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Joerg Roedel <jroedel@...e.de>,
        Maciej Rozycki <macro@...am.me.uk>,
        Muchun Song <songmuchun@...edance.com>,
        Viresh Kumar <viresh.kumar@...aro.org>,
        Robin Murphy <robin.murphy@....com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Lu Baolu <baolu.lu@...ux.intel.com>,
        Kees Cook <keescook@...omium.org>,
        Luis Chamberlain <mcgrof@...nel.org>, Wei Liu <wl@....org>,
        John Ogness <john.ogness@...utronix.de>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Alexey Kardashevskiy <aik@...abs.ru>,
        Christophe Leroy <christophe.leroy@...roup.eu>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Mark Rutland <mark.rutland@....com>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Thomas Garnier <thgarnie@...gle.com>,
        Will Deacon <will.deacon@....com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Laura Abbott <labbott@...hat.com>,
        David S Miller <davem@...emloft.net>,
        Borislav Petkov <bp@...en8.de>,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>,
        linux-hardening@...r.kernel.org,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        notify@...nel.org
Subject: Re: [PATCH] Introduce the pkill_on_warn boot parameter

On 27.07.2022 19:30, Jann Horn wrote:
> On Wed, Jul 27, 2022 at 6:17 PM Alexey Khoroshilov
> <khoroshilov@...ras.ru> wrote:
>> On 01.10.2021 22:59, Linus Torvalds wrote:
>> Coming back to the discussion of WARN_ON()/pr_warn("WARNING:") semantics.
>>
>> We see a number of cases where WARNING is used to inform userspace that
>> it is doing something wrong, e.g.
>> https://elixir.bootlin.com/linux/v5.19-rc8/source/net/can/j1939/socket.c#L181
>> https://elixir.bootlin.com/linux/v5.19-rc8/source/drivers/video/fbdev/core/fbmem.c#L1023
>>
>> It is definitely useful, but it does not make sense in case of fuzzing
>> when the userspace should do wrong things and check if kernel behaves
>> correctly.
>>
>> As a result we have warnings with two different intentions:
>> - warn that something wrong happens in kernel, but we are able to continue;
>> - warn userspace that it is doing something wrong.
>>
>> During fuzzing we would like to report the former and to ignore the
>> latter. Are any ideas how these intentions can be recognized automatically?
> 
> https://elixir.bootlin.com/linux/v5.19-rc8/source/include/asm-generic/bug.h#L74
> says:
> 
>  * WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
>  * significant kernel issues that need prompt attention if they should ever
>  * appear at runtime.
>  *
>  * Do not use these macros when checking for invalid external inputs
>  * (e.g. invalid system call arguments, or invalid data coming from
>  * network/devices), and on transient conditions like ENOMEM or EAGAIN.
>  * These macros should be used for recoverable kernel issues only.
>  * For invalid external inputs, transient conditions, etc use
>  * pr_err[_once/_ratelimited]() followed by dump_stack(), if necessary.
>  * Do not include "BUG"/"WARNING" in format strings manually to make these
>  * conditions distinguishable from kernel issues.
> 
> So if you see drivers intentionally using WARN() or printing
> "WARNING:" on codepaths that are reachable with bogus inputs from
> userspace, those codepaths should be fixed to log warnings in a
> different format.

Thank you, Jann!

I have missed that.

--
Alexey

Powered by blists - more mailing lists