| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081338-dingo-oyster-bbbb@gregkh> Date: Wed, 13 Aug 2025 15:53:28 +0200 From: Greg KH <gregkh@...uxfoundation.org> To: Pratyush Yadav <pratyush@...nel.org> Cc: Jason Gunthorpe <jgg@...dia.com>, Vipin Sharma <vipinsh@...gle.com>, Pasha Tatashin <pasha.tatashin@...een.com>, jasonmiu@...gle.com, graf@...zon.com, changyuanl@...gle.com, rppt@...nel.org, dmatlack@...gle.com, rientjes@...gle.com, corbet@....net, rdunlap@...radead.org, ilpo.jarvinen@...ux.intel.com, kanie@...ux.alibaba.com, ojeda@...nel.org, aliceryhl@...gle.com, masahiroy@...nel.org, akpm@...ux-foundation.org, tj@...nel.org, yoann.congal@...le.fr, mmaurer@...gle.com, roman.gushchin@...ux.dev, chenridong@...wei.com, axboe@...nel.dk, mark.rutland@....com, jannh@...gle.com, vincent.guittot@...aro.org, hannes@...xchg.org, dan.j.williams@...el.com, david@...hat.com, joel.granados@...nel.org, rostedt@...dmis.org, anna.schumaker@...cle.com, song@...nel.org, zhangguopeng@...inos.cn, linux@...ssschuh.net, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-mm@...ck.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, rafael@...nel.org, dakr@...nel.org, bartosz.golaszewski@...aro.org, cw00.choi@...sung.com, myungjoo.ham@...sung.com, yesanishhere@...il.com, Jonathan.Cameron@...wei.com, quic_zijuhu@...cinc.com, aleksander.lobakin@...el.com, ira.weiny@...el.com, andriy.shevchenko@...ux.intel.com, leon@...nel.org, lukas@...ner.de, bhelgaas@...gle.com, wagi@...nel.org, djeffery@...hat.com, stuart.w.hayes@...il.com, lennart@...ttering.net, brauner@...nel.org, linux-api@...r.kernel.org, linux-fsdevel@...r.kernel.org, saeedm@...dia.com, ajayachandra@...dia.com, parav@...dia.com, leonro@...dia.com, witu@...dia.com Subject: Re: [PATCH v3 29/30] luo: allow preserving memfd On Wed, Aug 13, 2025 at 03:37:03PM +0200, Pratyush Yadav wrote: > On Wed, Aug 13 2025, Greg KH wrote: > > > On Wed, Aug 13, 2025 at 09:41:40AM -0300, Jason Gunthorpe wrote: > [...] > >> Use the warn ons. Make sure they can't be triggered by userspace. Use > >> them to detect corruption/malfunction in the kernel. > >> > >> In this case if kho_unpreserve_folio() fails in this call chain it > >> means some error unwind is wrongly happening out of sequence, and we > >> are now forced to leak memory. Unwind is not something that userspace > >> should be controlling, so of course we want a WARN_ON here. > > > > "should be" is the key here. And it's not obvious from this patch if > > that's true or not, which is why I mentioned it. > > > > I will keep bringing this up, given the HUGE number of CVEs I keep > > assigning each week for when userspace hits WARN_ON() calls until that > > flow starts to die out either because we don't keep adding new calls, OR > > we finally fix them all. Both would be good... > > Out of curiosity, why is hitting a WARN_ON() considered a vulnerability? > I'd guess one reason is overwhelming system console which can cause a > denial of service, but what about WARN_ON_ONCE() or WARN_RATELIMIT()? If panic_on_warn is set, this will cause the machine to crash/reboot, which is considered a "vulnerability" by the CVE.org definition. If a user can trigger this, it gets a CVE assigned to it. hope this helps, greg k-h
Powered by blists - more mailing lists