lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAB=NE6WSdypzgN0nYvhpBhaESPqG9py3ziUs92gV1ggyWuh6jw@mail.gmail.com>
Date:   Thu, 12 Apr 2018 17:50:19 -0700
From:   "Luis R. Rodriguez" <mcgrof@...nel.org>
To:     Sasha Levin <Alexander.Levin@...rosoft.com>
Cc:     "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Jessica Yu <jeyu@...hat.com>, Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH AUTOSEL for 4.9 188/293] fs: warn in case userspace lied
 about modprobe return

On Sun, Apr 8, 2018 at 5:25 PM, Sasha Levin
<Alexander.Levin@...rosoft.com> wrote:
> From: "Luis R. Rodriguez" <mcgrof@...nel.org>
>
> [ Upstream commit 41124db869b7e00e12052555f8987867ac01d70c ]
>
> kmod <= v19 was broken -- it could return 0 to modprobe calls,
> incorrectly assuming that a kernel module was built-in, whereas in
> reality the module was just forming in the kernel. The reason for this
> is an incorrect userspace heuristics. A userspace kmod fix is available
> for it [0], however should userspace break again we could go on with
> an failed get_fs_type() which is hard to debug as the request_module()
> is detected as returning 0. The first suspect would be that there is
> something worth with the kernel's module loader and obviously in this
> case that is not the issue.
>
> Since these issues are painful to debug complain when we know userspace
> has outright lied to us.
>
> [0] http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmod-module.c?id=fd44a98ae2eb5eb32161088954ab21e58e19dfc4
>
> Suggested-by: Rusty Russell <rusty@...tcorp.com.au>
> Cc: Jessica Yu <jeyu@...hat.com>
> Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>
> Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
> Signed-off-by: Sasha Levin <alexander.levin@...rosoft.com>

Acked-by: Luis R. Rodriguez <mcgrof@...nel.org>

The issue is real, and specially older kernels with older userspace
can suffer with pain. It doesn't follow the typical stable
candidate-fix, however, such simple check *can* help rule out tons of
stupid debugging where the culprit really was userspace.

 Luis

Powered by blists - more mailing lists