lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 30 Aug 2023 11:52:33 -0400
From:   "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>
To:     Christian Brauner <brauner@...nel.org>,
        Aleksa Sarai <cyphar@...har.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Shuah Khan <shuah@...nel.org>, Jeff Xu <jeffxu@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Daniel Verkamp <dverkamp@...omium.org>,
        Dominique Martinet <asmadeus@...ewreck.org>,
        stable@...r.kernel.org, linux-api@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        linux-kselftest@...r.kernel.org
Subject: Don't fill the kernel log with memfd_create messages

Hi all,

Recently "memfd: improve userspace warnings for missing exec-related 
flags" was merged. On my system, this is a regression, not an 
improvement, because the entire 256k kernel log buffer (default on x86) 
is filled with these warnings and "__do_sys_memfd_create: 122 callbacks 
suppressed". I haven't investigated too closely, but the most likely 
cause is Wayland libraries.

This is too serious of a consequence for using an old API, especially 
considering how recently the flags were added. The vast majority of 
software has not had time to add the flags: glibc does not define the 
macros until 2.38 which was released less than one month ago, man-pages 
does not document the flags, and according to Debian Code Search, only 
systemd, stress-ng, and strace actually pass either of these flags.

Furthermore, since old kernels reject unknown flags, it's not just a 
matter of defining and passing the flag; every program needs to 
add logic to handle EINVAL and try again.

Some other way needs to be found to encourage userspace to add the 
flags; otherwise, this message will be patched out because the kernel 
log becomes unusable after running unupdated programs, which will still 
exist even after upstreams are fixed. In particular, AppImages, 
flatpaks, snaps, and similar app bundles contain vendored Wayland 
libraries which can be difficult or impossible to update.

Thanks,
Alex.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ