lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 31 Dec 2019 01:20:24 +0300
From:   Alexander Popov <alex.popov@...ux.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-kernel@...r.kernel.org, notify@...nel.org
Subject: Re: [PATCH v1 1/1] lkdtm/stackleak: Make the stack erasing test more
 verbose

Hello Kees!

On 30.12.2019 21:37, Kees Cook wrote:
> On Thu, Dec 19, 2019 at 05:54:16PM +0300, Alexander Popov wrote:
>> Make the stack erasing test more verbose about the errors that it
>> can detect. BUG() in case of test failure is useful when the test
>> is running in a loop.
> 
> Hi! I try to keep the "success" conditions for LKDTM tests to be a
> system exception, so doing "BUG" on a failure is actually against the
> design. So, really, a test harness needs to know to check dmesg for the
> results here. It almost looks like this check shouldn't live in LKDTM,

Hm, I see...

Let me explain why I've decided to use BUG() in case of a failure.

Once upon a time I noticed that the stack erasing test failed on a kernel with
KASAN enabled. It happened only once, and all my numerous efforts to reproduce
it failed. That's why I come with this patch. These changes provide additional
information and allow easy detection of a failure when you run the test in a loop.

Is stackleak test the only exception of this kind in LKDTM?

> but since it feels like other LKDTM tests, I'm happy to keep it there
> for now.

Do you mean that you will apply this patch?

> I'll resend my selftests series that adds a real test harness for all
> the LKDTM tests and CC you.

Ok!

Maybe you also see how to improve the LKDTM infrastructure and remove this
inconsistency. Could you share your ideas?

Best regards,
Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ