lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1223996859.5193.61.camel@moss-spartans.epoch.ncsc.mil>
Date:	Tue, 14 Oct 2008 11:07:39 -0400
From:	Stephen Smalley <sds@...ho.nsa.gov>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Tejun Heo <tj@...nel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jens Axboe <jens.axboe@...cle.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>, Yinghai Lu <yinghai@...nel.org>,
	James Morris <jmorris@...ei.org>,
	Eric Paris <eparis@...isplace.org>
Subject: Re: [bug] latest -git boot hang

On Sat, 2008-10-11 at 09:19 +0200, Ingo Molnar wrote:
> * Tejun Heo <tj@...nel.org> wrote:
> 
> > > It does sound like perhaps the option should be hidden more, if it's 
> > > really only reasonably enabled for some very specialized distro 
> > > debuggers, not normal kernel people.
> > 
> > Yeap, if fedora didn't work, I think it should be hidden.  Do we 
> > already have place to hide things like this?
> 
> in my local testing i'm using simple annotations like the one attached 
> further below. Any objections against sending my BROKEN_BOOT_ALLOWED kit 
> upstream, and merge my annotations for various kernel features that 
> break a generic distro bootup?
> 
> Right now i have about 40 such annotations for -tip testing:
> 
>   fs/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   fs/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   security/selinux/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   security/smack/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   security/Kconfig:	depends on BROKEN_BOOT_ALLOWED

What in particular under fs/Kconfig and security/*Kconfig falls into
this category, and why?  What constitutes a "generic distro bootup"?
For distros that support SELinux, it obviously shouldn't break the
bootup (there have of course been cases where it has, but those were
bugs that have been addressed, including the recent /proc/net breakage),
and for other distros, it should yield no effect as no policy will be
loaded and thus SELinux just allows everything.

>   drivers/net/appletalk/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/net/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/media/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/scsi/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/watchdog/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/watchdog/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/ide/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/i2c/busses/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/block/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/console/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/video/console/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/mtd/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   drivers/isdn/icn/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   lib/Kconfig.kgdb:	depends on BROKEN_BOOT_ALLOWED
>   lib/Kconfig.debug:	depends on BROKEN_BOOT_ALLOWED
>   lib/Kconfig.debug:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig.debug:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	# depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig:	depends on BROKEN_BOOT_ALLOWED
>   arch/x86/Kconfig.cpu:	depends on BROKEN_BOOT_ALLOWED
> 
> and note the stark contrast to CONFIG_BROKEN - sometimes a given 
> functionality is really not meant to be enabled on a generic system.
> 
> 	Ingo
> 
> ---------------->
> Subject: qa: no ext devt
> From: Ingo Molnar <mingo@...e.hu>
> Date: Fri Oct 10 22:54:57 CEST 2008
> 
> Signed-off-by: Ingo Molnar <mingo@...e.hu>
> ---
>  lib/Kconfig.debug |    2 ++
>  1 file changed, 2 insertions(+)
> 
> Index: linux/lib/Kconfig.debug
> ===================================================================
> --- linux.orig/lib/Kconfig.debug
> +++ linux/lib/Kconfig.debug
> @@ -670,6 +670,8 @@ config DEBUG_BLOCK_EXT_DEVT
>          bool "Force extended block device numbers and spread them"
>  	depends on DEBUG_KERNEL
>  	depends on BLOCK
> +	depends on BROKEN_BOOT_ALLOWED
> +	select BROKEN_BOOT
>  	default n
>  	help
>  	  Conventionally, block device numbers are allocated from
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
-- 
Stephen Smalley
National Security Agency

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ