From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756843AbcJGRdr (ORCPT <rfc822;w@1wt.eu>);
        Fri, 7 Oct 2016 13:33:47 -0400
Received: from mail-wm0-f48.google.com ([74.125.82.48]:36948 "EHLO
        mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753234AbcJGRdh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 7 Oct 2016 13:33:37 -0400
MIME-Version: 1.0
In-Reply-To: <CA+55aFwdNjPWyp2OHCOuVncrgy=9PZR2QBm3o5SrAHgRoWBXYw@mail.gmail.com>
References: <20161005190604.GA8116@1wt.eu> <CA+55aFxMf+-0B4oEqAiRcNm5A=S1eFu0ugRJUJX02K4yA_xNjg@mail.gmail.com>
 <CAGXu5j+zH2cr408tmoXcCE8NzZtxkHinThUqSd9pYgHuwyprBQ@mail.gmail.com>
 <CA+55aFxEbtVpT0rJyfpLmXOzCe4i4VO1s=M2Q9mq8XbUBNopCQ@mail.gmail.com>
 <CAGXu5jJ9sAXauDMeW262qX_42TS2gmJBsR1yq2XDeHzn+54PoA@mail.gmail.com>
 <CA+55aFwmH=VL+8COPBUeiTzG8U-UD57pcZr1iG4BGyP99feTgA@mail.gmail.com>
 <CAGXu5jKwPjOikfTqr1YX-5wFAdpW=XsMsjuERkjHP=mzokLNCw@mail.gmail.com>
 <CA+55aFzWvHAFnn9fm0qaPuuZ3gCJ5PaUXKLNROEK4oGAyKQOMQ@mail.gmail.com>
 <CAGXu5jL=0pJMx5qASXnF1zAzw2CJVvn09siLLgaFBY_57VmH-w@mail.gmail.com>
 <CA+55aFzWrHmpp54YkqaCKc-UPWm59_9AXmENNtqqgpj6zWOxsQ@mail.gmail.com>
 <20161007054824.GA9917@1wt.eu> <CAGXu5jLTo+QY9YuEKYbACXdnAXgnQdPPnPejYtiSeg4j5XW-Fw@mail.gmail.com>
 <CA+55aFwdNjPWyp2OHCOuVncrgy=9PZR2QBm3o5SrAHgRoWBXYw@mail.gmail.com>
From: Kees Cook <keescook@chromium.org>
Date: Fri, 7 Oct 2016 10:33:33 -0700
X-Google-Sender-Auth: u_LfrFldBN3iKR6BNm_W_Z1tZXc
Message-ID: <CAGXu5jKPA1-=LdnXZLxXpzUaFKKnMbfyNg89y_UryWd4V9hGnA@mail.gmail.com>
Subject: Re: BUG_ON() in workingset_node_shadows_dec() triggers
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Willy Tarreau <w@1wt.eu>,
        Paul Gortmaker <paul.gortmaker@windriver.com>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Antonio SJ Musumeci <trapexit@spawn.link>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        stable <stable@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 7, 2016 at 10:21 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Fri, Oct 7, 2016 at 10:16 AM, Kees Cook <keescook@chromium.org> wrote:
>>
>> Regardless, I still think that we can't let BUG continue kernel
>> execution though, since it may lead to entirely unexpected behavior
>> (possibly security-sensitive) by still running. Upgrading BUG to
>> panic(), though, I'd be fine with, as a way to get people to convert
>> to WARN.
>
> No. Really. You can upgrade BUG() to "panic()" with a kernel command
> line. But not by default.
>
> I'm not going to take any patches that make BUG() even *worse*. That
> would be insane. I'm not insane.

I'll quit debating how to change things, but I'll just try to point
out that the "stop execution" logic, currently, is not an accident.
Without CONFIG_BUG, BUG is defined as "do {} while (1)", and without
CONFIG_HAVE_ARCH_BUG, BUG is defined as "printk(...); panic(...);".

-Kees

-- 
Kees Cook
Nexus Security