lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.21.2308132148500.8596@angie.orcam.me.uk>
Date:   Sun, 13 Aug 2023 22:30:52 +0100 (BST)
From:   "Maciej W. Rozycki" <macro@...am.me.uk>
To:     Tiezhu Yang <yangtiezhu@...ngson.cn>
cc:     Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        linux-mips@...r.kernel.org, linux-kernel@...r.kernel.org,
        loongson-kernel@...ts.loongnix.cn
Subject: Re: [PATCH] MIPS: Remove noreturn attribute for die()

On Wed, 9 Aug 2023, Tiezhu Yang wrote:

> >  So you want to keep a task alive that has caused a kernel oops in the
> > process context in this case, right?  What purpose would it be for and
> > what condition causes `notify_die' to return NOTIFY_STOP?  IOW why is
> > there no need to call `make_task_dead' in this case?
> 
> I did some research, hope it is useful.
> 
> There is a related description in Documentation/input/notifier.rst:
> 
>   For each kind of event but the last, the callback may return
>   NOTIFY_STOP in order to "eat" the event: the notify loop is
>   stopped and the keyboard event is dropped.

 I saw that, but this is irrelevant.  Dropping a keyboard event won't make 
the system unstable (though it can make a console user unstable, out of 
irritation).

> In commit 748f2edb5271 ("x86 NMI: better support for debuggers"), it said:
> 
>   If the notify is handled with a NOTIFY_STOP return, the
>   system is given a new lease on life.
> 
> In commit 004429956b48 ("handle recursive calls to bust_spinlocks()"),
> it said:
> 
>   However, at least on i386 die() has been capable of returning
>   (and on other architectures this should really be that way, too)
>   when notify_die() returns NOTIFY_STOP.
> 
> In commit 22f5991c85de ("x86-64: honor notify_die() returning NOTIFY_STOP"),
> it said:
> 
>   This requires making die() return a value, making its callers honor
>   this (and be prepared that it may return)
> 
> In commit 620de2f5dc69 ("[IA64] honor notify_die() returning NOTIFY_STOP"),
> it said:
> 
>   This requires making die() and die_if_kernel() return a value,
>   and their callers to honor this (and be prepared that it returns).

 Thanks, that indeed helps, though indirectly.  I think the most relevant, 
though still terse explanation comes from commit 20c0d2d44029 ("[PATCH] 
i386: pass proper trap numbers to die chain handlers"), which I believe is 
the earliest of similar changes.  The patch was originally submitted here: 
<https://lore.kernel.org/r/43DDF02E.76F0.0078.0@novell.com/> and hardly 
any discussion emerged, but I think the key statement is:

"[...] honor the return value from the handler chain invocation in die() 
as, through a debugger, the fault may have been fixed."

Now it makes sense to me: even if ignoring the event will make the system 
unstable, by allowing access through a debugger it has been compromised 
already anyway.

 So I think your change will be good if you update the change description 
to include the justification quoted above rather than just: "the others do 
it too, so it must be good" (though you can of course mention that your 
change also makes our port consistent with other ones).  I suggest linking 
to the original i386 submission too for future reference.

 Also I note that you combine three independent changes into one, so 
please split it into individual patches as per our requirements.

  Maciej

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ