* [PATCH] futex: avoid kernel taint caused by get_robust_list
@ 2013-02-15 15:54 Paul Gortmaker
2013-02-15 16:18 ` Kees Cook
0 siblings, 1 reply; 5+ messages in thread
From: Paul Gortmaker @ 2013-02-15 15:54 UTC (permalink / raw)
To: linux-kernel
Cc: Paul Gortmaker, Dave Jones, Richard Weinberger, Kees Cook,
Thomas Gleixner, stable
commit ec0c4274e33c0373e476b73e01995c53128f1257 ("futex: Mark
get_robust_list as deprecated") added these two WARN_ONCE calls.
However, WARN_ONCE taints the kernel, and we shouldn't be allowing
any user who wanders by to do this. For example, the system fuzzer
"trinity" uses the tainted state as a metric for when to stop,
assuming that it has caused significant wreckage (and indeed
that tool is what actually led me to this change).
The ability to deprecate this code has been called into question[1],
but if that remains to be finalized, then making this change in the
interim seems to make sense.
[1] http://lkml.indiana.edu/hypermail/linux/kernel/1208.0/01081.html
Cc: Dave Jones <davej@redhat.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org # 3.4+
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
[Alternatively, someone can simply apply Richard's original revert:
http://permalink.gmane.org/gmane.linux.kernel.hardened.devel/506
Either way, I think the WARN_ONCE needs to go away. ]
kernel/futex.c | 2 +-
kernel/futex_compat.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/futex.c b/kernel/futex.c
index 19eb089..e1aede2 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -2471,7 +2471,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid,
if (!futex_cmpxchg_enabled)
return -ENOSYS;
- WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n");
+ printk_once(KERN_WARNING "deprecated: get_robust_list will be deleted in 2013.\n");
rcu_read_lock();
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
index 83e368b..618d2db 100644
--- a/kernel/futex_compat.c
+++ b/kernel/futex_compat.c
@@ -142,7 +142,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
if (!futex_cmpxchg_enabled)
return -ENOSYS;
- WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n");
+ printk_once(KERN_WARNING "deprecated: get_robust_list will be deleted in 2013.\n");
rcu_read_lock();
--
1.8.1.2
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH] futex: avoid kernel taint caused by get_robust_list
2013-02-15 15:54 [PATCH] futex: avoid kernel taint caused by get_robust_list Paul Gortmaker
@ 2013-02-15 16:18 ` Kees Cook
2013-02-15 16:32 ` Paul Gortmaker
0 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2013-02-15 16:18 UTC (permalink / raw)
To: Paul Gortmaker; +Cc: LKML, Dave Jones, Richard Weinberger, Thomas Gleixner
On Fri, Feb 15, 2013 at 7:54 AM, Paul Gortmaker
<paul.gortmaker@windriver.com> wrote:
> commit ec0c4274e33c0373e476b73e01995c53128f1257 ("futex: Mark
> get_robust_list as deprecated") added these two WARN_ONCE calls.
>
> However, WARN_ONCE taints the kernel, and we shouldn't be allowing
> any user who wanders by to do this. For example, the system fuzzer
> "trinity" uses the tainted state as a metric for when to stop,
> assuming that it has caused significant wreckage (and indeed
> that tool is what actually led me to this change).
>
> The ability to deprecate this code has been called into question[1],
> but if that remains to be finalized, then making this change in the
> interim seems to make sense.
>
> [1] http://lkml.indiana.edu/hypermail/linux/kernel/1208.0/01081.html
>
> Cc: Dave Jones <davej@redhat.com>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: stable@vger.kernel.org # 3.4+
> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
I Acked the original revert. I thought there was agreement that it was
needed for checkpointing to work?
-Kees
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] futex: avoid kernel taint caused by get_robust_list
2013-02-15 16:18 ` Kees Cook
@ 2013-02-15 16:32 ` Paul Gortmaker
2013-02-15 16:41 ` Kees Cook
0 siblings, 1 reply; 5+ messages in thread
From: Paul Gortmaker @ 2013-02-15 16:32 UTC (permalink / raw)
To: Kees Cook; +Cc: LKML, Dave Jones, Richard Weinberger, Thomas Gleixner
On 13-02-15 11:18 AM, Kees Cook wrote:
> On Fri, Feb 15, 2013 at 7:54 AM, Paul Gortmaker
> <paul.gortmaker@windriver.com> wrote:
>> commit ec0c4274e33c0373e476b73e01995c53128f1257 ("futex: Mark
>> get_robust_list as deprecated") added these two WARN_ONCE calls.
>>
>> However, WARN_ONCE taints the kernel, and we shouldn't be allowing
>> any user who wanders by to do this. For example, the system fuzzer
>> "trinity" uses the tainted state as a metric for when to stop,
>> assuming that it has caused significant wreckage (and indeed
>> that tool is what actually led me to this change).
>>
>> The ability to deprecate this code has been called into question[1],
>> but if that remains to be finalized, then making this change in the
>> interim seems to make sense.
>>
>> [1] http://lkml.indiana.edu/hypermail/linux/kernel/1208.0/01081.html
>>
>> Cc: Dave Jones <davej@redhat.com>
>> Cc: Richard Weinberger <richard@nod.at>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Cc: stable@vger.kernel.org # 3.4+
>> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
>
> I Acked the original revert. I thought there was agreement that it was
> needed for checkpointing to work?
There were several acks in the original thread, but for some unknown
reason (at least unknown to me and Richard), it never made it in tree...
P.
--
>
> -Kees
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] futex: avoid kernel taint caused by get_robust_list
2013-02-15 16:32 ` Paul Gortmaker
@ 2013-02-15 16:41 ` Kees Cook
2013-02-15 16:47 ` Richard Weinberger
0 siblings, 1 reply; 5+ messages in thread
From: Kees Cook @ 2013-02-15 16:41 UTC (permalink / raw)
To: Andrew Morton
Cc: LKML, Dave Jones, Richard Weinberger, Thomas Gleixner, Paul Gortmaker
Hi Andrew,
Is this revert something you would be willing to take?
-Kees
On Fri, Feb 15, 2013 at 8:32 AM, Paul Gortmaker
<paul.gortmaker@windriver.com> wrote:
> On 13-02-15 11:18 AM, Kees Cook wrote:
>> On Fri, Feb 15, 2013 at 7:54 AM, Paul Gortmaker
>> <paul.gortmaker@windriver.com> wrote:
>>> commit ec0c4274e33c0373e476b73e01995c53128f1257 ("futex: Mark
>>> get_robust_list as deprecated") added these two WARN_ONCE calls.
>>>
>>> However, WARN_ONCE taints the kernel, and we shouldn't be allowing
>>> any user who wanders by to do this. For example, the system fuzzer
>>> "trinity" uses the tainted state as a metric for when to stop,
>>> assuming that it has caused significant wreckage (and indeed
>>> that tool is what actually led me to this change).
>>>
>>> The ability to deprecate this code has been called into question[1],
>>> but if that remains to be finalized, then making this change in the
>>> interim seems to make sense.
>>>
>>> [1] http://lkml.indiana.edu/hypermail/linux/kernel/1208.0/01081.html
>>>
>>> Cc: Dave Jones <davej@redhat.com>
>>> Cc: Richard Weinberger <richard@nod.at>
>>> Cc: Kees Cook <keescook@chromium.org>
>>> Cc: Thomas Gleixner <tglx@linutronix.de>
>>> Cc: stable@vger.kernel.org # 3.4+
>>> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
>>
>> I Acked the original revert. I thought there was agreement that it was
>> needed for checkpointing to work?
>
> There were several acks in the original thread, but for some unknown
> reason (at least unknown to me and Richard), it never made it in tree...
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-02-15 16:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-15 15:54 [PATCH] futex: avoid kernel taint caused by get_robust_list Paul Gortmaker
2013-02-15 16:18 ` Kees Cook
2013-02-15 16:32 ` Paul Gortmaker
2013-02-15 16:41 ` Kees Cook
2013-02-15 16:47 ` Richard Weinberger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.