lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1318024853.4729.88.camel@gandalf.stny.rr.com>
Date:	Fri, 07 Oct 2011 18:00:51 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Jason Baron <jbaron@...hat.com>,
	Jeremy Fitzhardinge <jeremy@...p.org>,
	Richard Henderson <rth@...hat.com>,
	"David S. Miller" <davem@...emloft.net>,
	David Daney <david.daney@...ium.com>,
	Michael Ellerman <michael@...erman.id.au>,
	Jan Glauber <jang@...ux.vnet.ibm.com>,
	the arch/x86 maintainers <x86@...nel.org>,
	Xen Devel <xen-devel@...ts.xensource.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>,
	peterz@...radead.org
Subject: Re: [PATCH][RFC] jump_labels/x86: Use either 5 byte or 2 byte jumps

On Fri, 2011-10-07 at 14:48 -0700, H. Peter Anvin wrote:
> On 10/07/2011 12:21 PM, Steven Rostedt wrote:
> >>
> >> same here, at least WARN, more likely BUG()
> >
> > I just don't like using BUG(). BUG() means that if we continue we will
> > corrupt the filesystem or make you go blind. WARN and returning here
> > should not cause any harm and will even let those with X terminals see
> > oops in /var/log/messages.
> >
> 
> Uh, NO.
> 
> If this is wrong something in the kernel code stream is corrupted (heck, 
> you might just have caught a rootkit!)
> 
> Die.  NOW.

Ouch, quite shaken by k.org? I guess I should have substituted go blind
with being hacked.


The thing is, it may be as simple as an out of tree module screwing up
the jump table. Or worse, gcc not doing things that we did not expect.
If this is the case, jump labels can be disabled from modifying code.

But if we just want to do the BUG() case, this will be a big hammer to
the code and we just prevent any further progress until the issue is
addressed. Which may be tell people to disable jump labels in their
code, or use a different compiler.

Currently ftrace takes the approach to WARN() and disable itself when it
finds an anomaly from what it expects to modify. The times this has
triggered has been either a problem with writing to the code, due to
securities preventing code modification, or the scan of the relocation
tables mistook a data point as code. The later I could foresee happening
with jump labels.

-- Steve


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ