lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20160829013741.GA9271@rhlx01.hs-esslingen.de>
Date:   Mon, 29 Aug 2016 03:37:41 +0200
From:   Andreas Mohr <andi@...as.de>
To:     Pavel Machek <pavel@....cz>
Cc:     Chen Yu <yu.c.chen@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][v6] PM / hibernate: Print the possible panic reason when
 resuming with inconsistent e820 map

Hi,

[no properly binding reference via In-Reply-To: available thus manually re-creating, sorry]

> > So we can print warning in hibernation_die_notifier without
> > introducing a global variable?
> > 
> 
> Actually, I'd kill the machine right away.
> 
> if (memcmp(result, buf, MD5_DIGEST_SIZE)) {
> 	pr_err("PM: e820 map conflict detected!\n");
> 	panic("BIOS is playing funny tricks with us.\n");
> } 
> Best regards,
> 								Pavel

+1.

I would tend to think that
it's rather preferable to
kill an affected environment scope
(in this case: whole system), hard
(except for perhaps some emergency epilogue state saving),
in case of its state having become
suspicious/unpredictable/dangerous,
rather than having things carry on in a merry-go-round manner and thus
making improper state progress
which translates into
*continued activity* of *corrupting things*
(possibly even leading to *persistent* i.e. storage-recorded corruption!)
willy-nilly.

Plus, killing a machine hard in such a questionable case
would increase our influx of valuable reports
due to users being
hard-pressed to report this rather than
silently ignoring / not even knowing this issue
(in those cases where we already know that
no further development fixes will be determinable,
carrying on with a dire warning probably still is preferable to
making the machine completely unusable, eternally,
though).

Thus, think robustness.

Andreas Mohr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ