lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150828082116.GA17123@gmail.com>
Date:	Fri, 28 Aug 2015 10:21:16 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Josh Poimboeuf <jpoimboe@...hat.com>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
	linux-kernel@...r.kernel.org, live-patching@...r.kernel.org,
	Michal Marek <mmarek@...e.cz>,
	Peter Zijlstra <peterz@...radead.org>,
	Andy Lutomirski <luto@...nel.org>,
	Borislav Petkov <bp@...en8.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andi Kleen <andi@...stfloor.org>,
	Pedro Alves <palves@...hat.com>,
	Namhyung Kim <namhyung@...il.com>,
	Bernd Petrovitsch <bernd@...rovitsch.priv.at>,
	Chris J Arges <chris.j.arges@...onical.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
	Boris Ostrovsky <boris.ostrovsky@...cle.com>,
	David Vrabel <david.vrabel@...rix.com>,
	Jeremy Fitzhardinge <jeremy@...p.org>,
	Chris Wright <chrisw@...s-sol.org>,
	Alok Kataria <akataria@...are.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	"David S. Miller" <davem@...emloft.net>,
	Pavel Machek <pavel@....cz>,
	"Rafael J. Wysocki" <rjw@...ysocki.net>,
	Len Brown <len.brown@...el.com>,
	Matt Fleming <matt.fleming@...el.com>
Subject: Re: [PATCH v11 00/20] Compile-time stack validation


* Josh Poimboeuf <jpoimboe@...hat.com> wrote:

> On Wed, Aug 26, 2015 at 09:07:23AM +0200, Ingo Molnar wrote:
> > 
> > * Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> > 
> > > BTW, since I'm planning on adding a CFI generation option to this tool, I wonder 
> > > if "stackvalidate" is a misnomer.  I can't think of anything better.  Any naming 
> > > ideas are welcome :-)
> > 
> > I'd suggest 'debuginfo' and a Git-alike set of subcommands:
> > 
> >    debuginfo help
> >    debuginfo check
> >    debuginfo check framepointers
> >    debuginfo check cfi
> > 
> > Such a command scheme keeps open various future commands, such as:
> > 
> >    debuginfo show
> >    debuginfo size
> >    debuginfo compress
> >    debuginfo strip
> > 
> > etc.
> > 
> > I also checked that there does not appear to be such a Linux tool with such a name 
> > at the moment.
> 
> My feeling is that the subcommand model wouldn't fit this tool very well.  Its 
> core functionality is to analyze code paths -- which it does in a single pass, 
> regardless of whether it's checking frame pointers, checking CFI, generating 
> CFI, or some combination.  Splitting it up into subcommands would mean having to 
> repeat the same code analysis pass multiple times unnecessarily.

Huh?

The subcommand approach is a user UI that does not limit the tool in any way: you 
are free to provide subcommands that combine more atomic functionality - similarly 
to how Git provides a 'git pull' subcommand that is a combination of 'fetch' and 
'merge' steps.

In this case it would be a simple:

   debuginfo check all

to check everything. You can also make the selection of debuginfo components to 
check a regular option, not a subcommand.

The important step is to not limit the tool to 'checking' only, if there's 
reasonable other tasks it could perform:

 - For example in the future we might want to sanity check the dwarf debuginfo 
   whether it's all well suited for kernel probing.

 - And if the tool is doing such a good job analyzing stacks, why not extend it 
   trivially to print max stack backtrace estimations?

etc. By limiting the name at inception unreasonably you make all these things less 
obvious to add.

The tool should obviously not be named 'kitchensink' just for future 
extensability, but at least don't limit it to stacks and checking only ...

> Also, since it's really focused on stack-related code path analysis, I wouldn't 
> expect it to be branching out into other debuginfo-related tasks.
> 
> As far as naming goes, "debuginfo" usually refers to DWARF metadata. But this 
> tool isn't DWARF-specific, so that would be confusing IMO.  I also agree with 
> Jiri that re-using a generic name which already has another meaning would add to 
> the confusion.
> 
> The goal of this tool is to fix stack traces, so how about "stackfix"?

Sigh, please don't limit the tool's purpose with its name ...

and choose a better name! :-) The tool does not 'fix' anything, and the normal 
case would be for it to produce no warnings. I.e. it's not a fixing, it's a 
checking tool.

So something like 'stackcheck' or 'stackinfo' - but I really think 'debuginfo' is 
better, because for more complex kernel image operations like live patching the 
kernel has to double check the untrusted debuginfo that compilers barf out ...

Frame pointers are simply a legacy debuginfo variant, one that the kernel happens 
to use as its primary debuginfo. I don't think it's confusing at all, especially 
if any dwarf logic is added ...

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ