lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1181914351.25228.520.camel@pmac.infradead.org>
Date:	Fri, 15 Jun 2007 14:32:31 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	Andi Kleen <ak@...e.de>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>,
	David Howells <dhowells@...hat.com>,
	Arnd Bergmann <arnd@...db.de>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Dave Airlie <airlied@...ux.ie>, linux-arch@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] Introduce compat_u64 and compat_s64 types

On Fri, 2007-06-15 at 15:27 +0200, Andi Kleen wrote:
> Hopefully everybody who deploys these systems knows this. It seems
> like a open death trap to me, especially since the consequences
> are so severe: remote packet of death, could be a recall for 
> a network conntected embedded device that doesn't easily allow
> firmware update. And they would rightfully blame Linux.
> 
> It would be much safer if the parts of the stack that weren't
> audited/tested were marked this way and check for BROKEN_UNALIGNED or
> similar.

If we did the get_probably_unaligned() thing, then on architectures
where we _do_ trap and fix up, we could actually spit out a warning
whenever we hit a trap and it _wasn't_ marked with
get_probably_unaligned().

> Also frankly I'm surprised that whoever designed these systems
> didn't learn from the old M68000 who made this mistake the first time.

Mostly, the machines which can't handle traps are the machines which
don't even have an MMU. Why add hardware when you don't really need it?
Fundamentally, it isn't a hardware design flaw. You could perhaps ask
interesting questions about whether Linux is _really_ the right software
to be using on them, but the fact remains that Linux _is_ the software
people are using on them.

-- 
dwmw2

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ