lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 7 May 2020 20:28:40 -0400
From:   Qian Cai <cai@....pw>
To:     Rafael Aquini <aquini@...hat.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        LKML <linux-kernel@...r.kernel.org>, linux-doc@...r.kernel.org,
        kexec@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
        dyoung@...hat.com, Baoquan He <bhe@...hat.com>,
        Jonathan Corbet <corbet@....net>,
        Luis Chamberlain <mcgrof@...nel.org>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] kernel: add panic_on_taint



> On May 7, 2020, at 7:36 PM, Rafael Aquini <aquini@...hat.com> wrote:
> 
> On Thu, May 07, 2020 at 07:07:20PM -0400, Qian Cai wrote:
>> 
>> 
>>> On May 7, 2020, at 6:15 PM, Rafael Aquini <aquini@...hat.com> wrote:
>>> 
>>> It's a reasonable and self-contained feature that we have a valid use for. 
>>> I honestly fail to see it causing that amount of annoyance as you are 
>>> suggesting here.
>> 
>> It is not a big trouble yet, but keeping an obsolete patch that not very straightforward to figure out that it will be superseded by the panic_on_taint patch will only cause more confusion the longer it has stayed in linux-next.
>> 
>> The thing is that even if you can’t get this panic_on_taint (the superior solution) patch accepted for some reasons, someone else could still work on it until it get merged.
>> 
>> Thus, I failed to see any possibility we will go back to the inferior solution (mm-slub-add-panic_on_error-to-the-debug-facilities.patch) by all means.
>> 
> 
> There are plenty of examples of things being added, changed, and
> removed in -next. IOW, living in a transient state. I think it's 
> a reasonable compromise to keep it while the other one is beind 
> ironed out.
> 
> The fact that you prefer one solution to another doesn't
> invalidate the one you dislike. 

As far I can tell, the bar of the other core subsystems are quite high even for linux-next. People have been voiced over and over again to urge Andrew not picking up patches so eagerly, but I will save that discussion for the next time.

Anyway, thanks for working for the panic_on_taint patch. I believe it could be useful for all testing agents to catch those bad pages earlier.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ