lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 10 Jan 2020 17:54:04 +0100
From:   Greg KH <greg@...ah.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Ingo Molnar <mingo@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Matthew Garrett <mjg59@...gle.com>, bugzilla@...orremedies.com
Subject: Re: [PATCH 3/3] tracing: Do not create directories if lockdown is in
 affect

On Fri, Jan 10, 2020 at 11:31:05AM -0500, Steven Rostedt wrote:
> I should have marked this for stable. The commit it fixes (see Fixes tag) is
> in 5.4, and it appears this has yet to make it to 5.4 yet.
> 
> -- Steve
> 
> 
> On Wed, Dec 04, 2019 at 09:05:02PM -0500, Steven Rostedt wrote:
> > From: "Steven Rostedt (VMware)" <rostedt@...dmis.org>
> > 
> > If lockdown is disabling tracing on boot up, it prevents the tracing files
> > from even bering created. But when that happens, there's several places that
> > will give a warning that the files were not created as that is usually a
> > sign of a bug.
> > 
> > Add in strategic locations where a check is made to see if tracing is
> > disabled by lockdown, and if it is, do not go further, and fail silently
> > (but print that tracing is disabled by lockdown, without doing a WARN_ON()).
> > 
> > Cc: Matthew Garrett <mjg59@...gle.com>
> > Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs")
> > Signed-off-by: Steven Rostedt (VMware) <rostedt@...dmis.org>

Relying only on the Fixes: tag to get things picked up by stable is a
sure way to get it on the "slow, and maybe eventually, hopefully, it
might make it into stable" path :)

I have over 1000 patches right now in that "bucket" that need to be
checked to see if they are relevant for stable backporting, just since
5.4 was released.  I have automated a lot of it, but still, they require
manual review.

I'll go queue this up now, as it's simplest just to ask us to take it
after it hits Linus's tree :)

thanks,

greg k-h

Powered by blists - more mailing lists