lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <14b4a922-a31a-a329-0264-3d8bd101ee6b@suse.cz>
Date:   Mon, 4 Sep 2023 15:31:34 +0200
From:   Vlastimil Babka <vbabka@...e.cz>
To:     "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>,
        Christian Brauner <brauner@...nel.org>,
        Aleksa Sarai <cyphar@...har.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Shuah Khan <shuah@...nel.org>, Jeff Xu <jeffxu@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Daniel Verkamp <dverkamp@...omium.org>,
        Dominique Martinet <asmadeus@...ewreck.org>,
        stable@...r.kernel.org, linux-api@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        linux-kselftest@...r.kernel.org
Subject: Re: Don't fill the kernel log with memfd_create messages

On 8/30/23 17:52, Alex Xu (Hello71) wrote:
> Hi all,
> 
> Recently "memfd: improve userspace warnings for missing exec-related 
> flags" was merged. On my system, this is a regression, not an 
> improvement, because the entire 256k kernel log buffer (default on x86) 
> is filled with these warnings and "__do_sys_memfd_create: 122 callbacks 
> suppressed". I haven't investigated too closely, but the most likely 
> cause is Wayland libraries.
> 
> This is too serious of a consequence for using an old API, especially 
> considering how recently the flags were added. The vast majority of 
> software has not had time to add the flags: glibc does not define the 
> macros until 2.38 which was released less than one month ago, man-pages 
> does not document the flags, and according to Debian Code Search, only 
> systemd, stress-ng, and strace actually pass either of these flags.
> 
> Furthermore, since old kernels reject unknown flags, it's not just a 
> matter of defining and passing the flag; every program needs to 
> add logic to handle EINVAL and try again.
> 
> Some other way needs to be found to encourage userspace to add the 
> flags; otherwise, this message will be patched out because the kernel 
> log becomes unusable after running unupdated programs, which will still 
> exist even after upstreams are fixed. In particular, AppImages, 
> flatpaks, snaps, and similar app bundles contain vendored Wayland 
> libraries which can be difficult or impossible to update.

It's being reverted:
https://lore.kernel.org/all/20230902230530.6B663C433C8@smtp.kernel.org/

Meanwhile stable should avoid backporting 434ed3350f57 ("memfd: improve
userspace warnings for missing exec-related flags")

> Thanks,
> Alex.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ