lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 16 Jan 2017 18:50:15 +0000
From:   "Odzioba, Lukasz" <lukasz.odzioba@...el.com>
To:     Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...en8.de>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "hpa@...or.com" <hpa@...or.com>, "x86@...nel.org" <x86@...nel.org>,
        "luto@...nel.org" <luto@...nel.org>,
        "slaoub@...il.com" <slaoub@...il.com>, "bp@...e.de" <bp@...e.de>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "Kleen, Andi" <andi.kleen@...el.com>
Subject: RE: [PATCH 1/1] x86: sanitize argument of clearcpuid command-line
 option

On Thursday, January 5, 2017 8:56 AM, Ingo Molnar wrote:
>
> Good one, queued it up.

Hi Ingo, thanks for picking up the patch.

> When we don't accept the value we should at least inform the user (via a printk 
> that includes the 'clearcpuid' token in its message) that we totally ignored 
> whatever he wanted. Something like:
> 
>	pr_warn("x86/cpu: Ignoring invalid "clearcpuid=%s' option!\n", arg)
>
> Which would save quite a bit of head scratching and frustration when someone has a 
> bad enough day to add silly typos to the kernel cmdline.

Is there any particular reason why we have such warnings only for early params?
early_param handlers return non-zero values on success:
	linux/init.h: " * Emits warning if fn returns non-zero."
__setup handlers in most cases seem to return 1 on success, is the expected
behaviour documented somewhere?

After looking at some of the ~500 usages of __setup macro it seems that handler's ret
code doesn't matter so much, because it is treated differently in various parts
of the kernel. If we make it consistent possibly it could be solved similarly to 
early params by something like this: 

diff --git a/init/main.c b/init/main.c
index b0c9d6f..261178e 100644
--- a/init/main.c
+++ b/init/main.c
@@ -182,8 +182,12 @@ static bool __init obsolete_checksetup(char *line)
                                pr_warn("Parameter %s is obsolete, ignored\n",
                                        p->str);
                                return true;
-                       } else if (p->setup_func(line + n))
-                               return true;
+                       } else {
+                               if (p->setup_func(line + n))
+                                       return true;
+                               else
+                                       pr_warn("Malformed option '%s'\n", line);
+                       }

Thanks,
Lukas

Powered by blists - more mailing lists