lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151127075959.GA24991@gmail.com>
Date:	Fri, 27 Nov 2015 08:59:59 +0100
From:	Ingo Molnar <mingo@...nel.org>
To:	Andy Lutomirski <luto@...capital.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	PaX Team <pageexec@...email.hu>,
	"kernel-hardening@...ts.openwall.com" 
	<kernel-hardening@...ts.openwall.com>,
	Mathias Krause <minipli@...glemail.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Kees Cook <keescook@...omium.org>,
	Ingo Molnar <mingo@...hat.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>, x86-ml <x86@...nel.org>,
	Arnd Bergmann <arnd@...db.de>,
	Michael Ellerman <mpe@...erman.id.au>,
	linux-arch <linux-arch@...r.kernel.org>,
	Emese Revfy <re.emese@...il.com>
Subject: Re: [kernel-hardening] [PATCH 0/2] introduce post-init read-only
 memory


* Andy Lutomirski <luto@...capital.net> wrote:

> > Can you see any fragility in such a technique?
> 
> After Linus shot down my rdmsr/rwmsr decoding patch, good luck...

I think that case was entirely different, but I've Cc:-ed Linus to shoot my idea 
down if it's crap.

> More seriously, though, I think this is mostly just like any other in-kernel 
> fault.  We failed, me might be under attack, let's oops.  In the particular case 
> of suspend/resume, we could consider a debug flag to allow writes to these 
> variables during suspend/resume.  In fact, that might even be a reasonable 
> default.  We might want to allow writes during module unload as well.

We are getting the _same_ information: we generate a reliable stack trace right 
there. We don't ignore anything.

What my suggestion would do is to turn a 'sure system crasher' into a 
'informational debug message'.

On today's typical desktop systems I can tell you with 110% confidence that the 
vast majority of 'system crasher' oopses never reaches a kernel developer's 
attention, because the oops message is not propagated to the user, while the 'dump 
stack trace and try to continue' approach will result in proper bugzillas.

And that's really an important distinction IMHO. Getting debug info out of the 
system is very important - and those who are paranoid can set a Kconfig value to 
crash their systems on any hint of a problem.

> For everything else, we should probably focus more on getting OOPSes to display 
> reliably, which is supposed to work but, on my shiny new i915-based laptop, is 
> clearly not ready yet (I oopsed it yesterday due to my own bug and all I had to 
> show for it was a blinking capslock key, and yes, modesetting works).

That's absolutely true as well but an independent issue: it does not invalidate my 
argument that is based on the status quo, which is that the vast majority 
panics/oopses, _especially_ during suspend/resume that was mentioned in this case, 
does not reach any kernel developer.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ