lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 17 Jun 2024 13:09:15 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Andrew Morton <akpm@...ux-foundation.org>, Matthew Wilcox <willy@...radead.org>, 
	Rafael Aquini <aquini@...hat.com>, Jiri Slaby <jirislaby@...nel.org>, 
	Suren Baghdasaryan <surenb@...gle.com>
Cc: linux-mm@...ck.org, mm-commits@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] hotfixes for 6.10-rc5

On Mon, 17 Jun 2024 at 11:47, Andrew Morton <akpm@...ux-foundation.org> wrote:
>
> Rafael Aquini (1):
>       mm: mmap: allow for the maximum number of bits for randomizing mmap_base by default

No.

And HELL NO!

We're not adding *another* new random incomprehensible config option
that tries to fix a random case that no normal user will understand.

Our kernel config is too damn complex as-is. We're not making it worse
like this. Anybody who cares about this kind of crazy esoteric detail
can damn well just set their Kconfig manually, instead of forcing this
kind of insane questions on other people.

This Kconfig insanity needs to stop. Why do I need to be the person who says

  "STOP ASKING POOR USERS IDIOTIC QUESTIONS THAT THEY CAN'T SANELY ANSWER"

I've pulled, but I'm reverting this commit. We are *not* going down
this path of insanity.

I'd also like to note that the reported 32-bit issue was ALREADY FIXED
months ago by commit 4ef9ad19e176 ("mm: huge_memory: don't force huge
page alignment on 32 bit")

It's possible that we should extend that - much saner - fix to also
look at the number of bits for randomization even outside of 32-bit
processes, and judge things on the number of bits we're expected to
randomize mappings on.

So it's very possible that the

        if (IS_ENABLED(CONFIG_32BIT) || in_compat_syscall())
                return 0;

test in __thp_get_unmapped_area() should be extended to take requested
address randomization into account.

But there is NO WAY this is fixed with another completely
incomprehensible Kconfig option.

So I'm really unhappy about this. The whole "add idiotic random
Kconfig options" needs to stop.

Those options are not something a normal person can understand, and as
shown by the fact that this patch was already bogus and superseded by
a much better patch from months ago, clearly said Kconfig options
WEREN'T EVEN UNDERSTOOD BY VM MAINTAINERS!

Christ. Sorry for the shouting, but dammit, people need to really
internalize the whole "we don't add crazy Kconfig options".

                    Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ