lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111014113025.GA20278@in.ibm.com>
Date:	Fri, 14 Oct 2011 17:00:25 +0530
From:	"K.Prasad" <prasad@...ux.vnet.ibm.com>
To:	Vivek Goyal <vgoyal@...hat.com>
Cc:	Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
	crash-utility@...hat.com, kexec@...ts.infradead.org,
	Andi Kleen <andi@...stfloor.org>,
	"Luck, Tony" <tony.luck@...el.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>, anderson@...hat.com,
	tachibana@....nes.nec.co.jp, oomichi@....nes.nec.co.jp,
	Valdis.Kletnieks@...edu, Nick Bowler <nbowler@...iptictech.com>
Subject: Re: [Patch 1/4][kernel][slimdump] Add new elf-note of type
 NT_NOCOREDUMP to capture slimdump

On Wed, Oct 12, 2011 at 11:51:44AM -0400, Vivek Goyal wrote:
> On Wed, Oct 12, 2011 at 12:14:34AM +0530, K.Prasad wrote:
> > On Mon, Oct 10, 2011 at 09:07:25AM +0200, Borislav Petkov wrote:
> > > On Fri, Oct 07, 2011 at 09:42:19PM +0530, K.Prasad wrote:
[snipped]
> > 
> > ii) Scenario2: System with PG_hwpoison (or landmine!) pages crashes because
> > of a software bug. In this case, kexec kernel would normally reboot because
> > of reading the PG_poison page. I'll soon get a new version of the patchset
> > implementing this.
> > 
> > Solution: Maintain a linked list of PFNs when the corresponding 'struct page'
> > has been marked PG_hwpoison. We could export/put this list to use in
> > quite a few ways.
> 
> What's the need of a list and why do we have to export anything. Can't
> makedumpfile look at the struct page and then just not dump that page if
> hwpoison flag is set.
>

I'll respond to just this part of the comment for now, since I have a
few conflicting thoughts crossing my mind regarding the above suggestion
and thought I'll put it across to the community to get that clarified.

Using makedumpfile to actually identify and sidestep PG_hwpoison sounds
a bit dangerous. Let's for a moment that makedumpfile has this
capability, which is implemented as under.

- The list of nodes (pg_data_t) and all struct page's (through
  node_mem_map) are sent to makedumpfile using VMCOREINFO_SYMBOL().

- makedumpfile would use this information to go to the old kernel's
  memory, look at pg_data_t and then into each element of node_mem_map
  to then lookout for PG_hwpoison inside 'struct page'->flags. (Well,
  this method works for !SPARSEMEM. I'd like to know if I've overlooked
  any other better method. pfn_to_page() wouldn't work either, as it will
  give a 'struct page' of a PFN as seen by the kexec'd kernel and not
  the crashed kernel).

- If PG_hwpoison flag for the corresponding page is clear, then it
  will allow the copy operation.

- The problem comes when we actually land on a page with PG_hwpoison
  while carrying out the above 3 steps. For instance, if the page
  containing the pg_data_t and node_mem_map data structures themselves
  are marked hw-poisoned.

It's analogous to stepping inside a landmine territory to retrieve a map
containing the placement of landmines (we better have a copy of the map
before we enter :-)).

If we agree that this is going to be unsafe, then the question that
needs to be answered: "Is there a need for the kernel to allow read
operations on a page marked PG_hwpoison? If not, why doesn't the kernel
make it a policy to fail/disallow the read operations".

Thanks,
K.Prasad

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ