| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2022 16:42:32 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "pasha.tatashin@...een.com" <pasha.tatashin@...een.com>,
"Huang, Shaoqin" <shaoqin.huang@...el.com>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>
Subject: Re: [PATCH] mm: Check writable zero page in page table check
On Mon, 2022-09-05 at 20:37 -0400, Pasha Tatashin wrote:
> The idea behind page table check is to prevent some types of memory
> corruptions: i.e. prevent false page sharing, and memory leaking
> between address spaces. This is an optional security feature for
> setups where it is more dangerous to leak data than to crash the
> machine. Therefore, when page table check detects illegal page
> sharing
> it immediately crashes the kernel. I think we can have a
> page_table_check option that would change BUG_ON to WARN_ON() (or to
> WARN_ON_ONCE(), since once corruption is detected I believe it might
> show up many times again)
Do you think there are a lot of people that would want to set page
table check to BUG_ON mode, that wouldn't already be setting
panic_on_warn?
I didn't realize page table check was meant to be a security feature as
well. I thought it was more of a debug time checker.
Looking through more related discussions, there seems to be a strong
aversion to "crash the kernel" features. Especially if they are meant
to run in a non-testing context.
Powered by blists - more mailing lists