lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201110071640.53827.frank.mehnert@oracle.com>
Date:	Fri, 7 Oct 2011 16:40:53 +0200
From:	Frank Mehnert <frank.mehnert@...cle.com>
To:	Dave Jones <davej@...hat.com>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>,
	Andy Hall <andy.hall@...cle.com>
Subject: Re: RFC: virtualbox tainting.

Dave,

On Thursday 06 October 2011 21:05:27 Dave Jones wrote:
> The number of bug reports we get from people with virtualbox loaded are
> truly astonishing.  It's GPL, but sadly that doesn't mean it's good.
> Nearly all of these bugs look like random corruption. (corrupt linked
> lists, corrupt page tables, and just plain 'weird' crashes).
> 
> This diff adds tainting to the module loader to treat it as we do with
> stuff from staging/ (crap). With this tainting in place, automatic bug
> filing tools can opt out of automatically filing kernel bugs, and inform
> the user to file bugs somewhere more appropriate.
> 
> Signed-off-by: Dave Jones <davej@...hat.com>
> 
> diff --git a/kernel/module.c b/kernel/module.c
> index 04379f92..d26c9a3 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -2653,6 +2653,10 @@ static int check_module_license_and_versions(struct
> module *mod) if (strcmp(mod->name, "ndiswrapper") == 0)
>  		add_taint(TAINT_PROPRIETARY_MODULE);
> 
> +	/* vbox is garbage. */
> +	if (strcmp(mod->name, "vboxdrv") == 0)
> +		add_taint(TAINT_CRAP);
> +
>  	/* driverloader was caught wrongly pretending to be under GPL */
>  	if (strcmp(mod->name, "driverloader") == 0)
>  		add_taint_module(mod, TAINT_PROPRIETARY_MODULE);

I can understand that you would rather ignore bug reports from external
kernel modules. On the other hand I don't like the TAINT_CRAP flag as
you can probably imagine.

Why not just mark external modules like Bastian Blank suggested? I can
assure that we will not try circumvent a TAINT_OOT_MODULE flag.

Please also note that we always have good relations to the open source
community so feel free to point me an archive where all these kernel
panic reports arrive which you've got. We fixed some bugs in our kernel
modules in the past and it is even possible that some of the current
bug reports are from older versions of VirtualBox which might have been
fixed in the meantime.

And of course, helpful and constructive critism is always appreciated.

Thanks,

Frank
-- 
Dr.-Ing. Frank Mehnert
Senior Manager Software Development Desktop Virtualization, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany

Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ