lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Mar 2021 18:53:10 +0100
From:   Petr Mladek <pmladek@...e.com>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Vlastimil Babka <vbabka@...e.cz>, Marco Elver <elver@...gle.com>,
        Timur Tabi <timur@...nel.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Matthew Wilcox <willy@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        roman.fietze@...na.com, Kees Cook <keescook@...omium.org>,
        John Ogness <john.ogness@...utronix.de>,
        Akinobu Mita <akinobu.mita@...il.com>,
        Alexander Potapenko <glider@...gle.com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Pavel Machek <pavel@....cz>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux MM <linux-mm@...ck.org>
Subject: Re: [PATCH 3/3] [v4] lib/vsprintf: no_hash_pointers prints all
 addresses as unhashed

On Tue 2021-03-02 14:49:42, Geert Uytterhoeven wrote:
> Hi Vlastimil, Petr,
> 
> On Tue, Mar 2, 2021 at 2:37 PM Vlastimil Babka <vbabka@...e.cz> wrote:
> > On 3/2/21 2:29 PM, Petr Mladek wrote:
> > > On Tue 2021-03-02 13:51:35, Geert Uytterhoeven wrote:
> > >> > > > +
> > >> > > > +       pr_warn("**********************************************************\n");
> > >> > > > +       pr_warn("**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **\n");
> > >> > > > +       pr_warn("**                                                      **\n");
> > >> > > > +       pr_warn("** This system shows unhashed kernel memory addresses   **\n");
> > >> > > > +       pr_warn("** via the console, logs, and other interfaces. This    **\n");
> > >> > > > +       pr_warn("** might reduce the security of your system.            **\n");
> > >> > > > +       pr_warn("**                                                      **\n");
> > >> > > > +       pr_warn("** If you see this message and you are not debugging    **\n");
> > >> > > > +       pr_warn("** the kernel, report this immediately to your system   **\n");
> > >> > > > +       pr_warn("** administrator!                                       **\n");
> > >> > > > +       pr_warn("**                                                      **\n");
> > >> > > > +       pr_warn("**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **\n");
> > >> > > > +       pr_warn("**********************************************************\n");
> > >> > > > +
> > >> > > > +       return 0;
> > >> > > > +}
> > >> > > > +early_param("no_hash_pointers", no_hash_pointers_enable);
> > >> > >
> > >> > > While bloat-o-meter is not smart enough to notice the real size impact,
> > >> > > this does add more than 500 bytes of string data to the kernel.
> > >> > > Do we really need such a large message?
> > >> > > Perhaps the whole no_hash_pointers machinery should be protected by
> > >> > > "#ifdef CONFIG_DEBUG_KERNEL"?
> >
> > I think it's a no-go only when enabling such option equals to "no_hash_pointers"
> > being always passed. What Geert suggests is that you need both
> > CONFIG_DEBUG_KERNEL *and* no_hash_pointers and that's different.
> 
> Exactly.
> 
> > So this is basically a kernel tinyfication issue, right? Is that still pursued
> > today? Are there better config options suitable for this than CONFIG_DEBUG_KERNEL?
> 
> As long as I hear about products running Linux on SoCs with 10 MiB of
> SRAM, I think the answer is yes.
> I'm not immediately aware of a better config option.  There are no more
> TINY options left, and EXPERT selects DEBUG_KERNEL.

DEBUG_KERNEL might actually makes sense. A possibility to see real
pointers might be pretty useful for the other debugging code.
It is a common thing.

DEBUG_KERNEL is even needed for many basics debugging helpers,
for example, for FRAME_POINTERS.

So, if it would be good for SoCs...


> > >> > Would placing the strings into an __initconst array help?
> > >>
> > >> That would indeed help to reduce run-time memory consumption.
> > >
> > > Sure. We could do this. Do you want to send a patch, please?
> 
> Added to my list.
> 
> > >> It would not solve the raw kernel size increase.
> > >
> > > I see. Well, the compression should be pretty efficient
> > > for a text (with many spaces).
> 
> My worry is not about the medium for storing the kernel image, but the
> RAM where the kernel image is loaded.  The former is usually less
> restricted in size, and easier to expand, than the latter,

Well, the __initconst might be enough then.

I personally do not have any preference whether to do __initconst
or DEBUG_KERNEL or both. We should just keep it simple and
do not over engineer it.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ