lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Dec 2022 07:48:06 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Masami Hiramatsu <mhiramat@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Borislav Petkov <bp@...en8.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Kees Cook <keescook@...omium.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        KP Singh <kpsingh@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Florent Revest <revest@...omium.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Christoph Hellwig <hch@...radead.org>,
        Chris Mason <clm@...a.com>
Subject: Re: [PATCH v2] panic: Taint kernel if fault injection has been used

On Tue, 6 Dec 2022 20:45:17 -0800
Alexei Starovoitov <alexei.starovoitov@...il.com> wrote:

> > "G - Proprietary module" - "O - out of tree module"
> >
> > Can you reproduce this without those taints?  
> 
> Lol. That question is exactly the reason why my Nack stands.

First, that's a BS reason for a NACK.

But in all seriousness, what I would actually ask (and what I'll ask now)
is, what module did you use that is out of tree, and was it relevant to
this test?

That's a reasonable question to ask, and one that only gets asked with a
taint.


If there's a BPF injection taint, one can ask that same question, as the
bug may happen sometime after the injection but be caused by that injection,
and not be in the backtrace. Not all kernel developers have the access to
debugging utilities that backend production servers have. A lot of bugs that
kernel developers debug are from someone's laptop. Where all they have is
that backtrace. If a tool or root kit, added function error injection, it
would be extremely useful information to debug what happened.

I don't understand the push back here.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ