+ futex-avoid-kernel-taint-caused-by-get_robust

All of lore.kernel.org
 help / color / mirror / Atom feed

* + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree
@ 2013-02-15 22:26 akpm
  2013-02-15 22:44 ` Richard Weinberger
  0 siblings, 1 reply; 5+ messages in thread
From: akpm @ 2013-02-15 22:26 UTC (permalink / raw)
  To: mm-commits; +Cc: paul.gortmaker, davej, keescook, richard, stable, tglx


The patch titled
     Subject: futex: avoid kernel taint caused by get_robust_list
has been added to the -mm tree.  Its filename is
     futex-avoid-kernel-taint-caused-by-get_robust_list.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Paul Gortmaker <paul.gortmaker@windriver.com>
Subject: futex: avoid kernel taint caused by get_robust_list

Commit ec0c4274e33c0373e4 ("futex: Mark get_robust_list as deprecated")
added these two WARN_ONCE calls.

However, WARN_ONCE taints the kernel, and we shouldn't be allowing any
user who wanders by to do this.  For example, the system fuzzer "trinity"
uses the tainted state as a metric for when to stop, assuming that it has
caused significant wreckage (and indeed that tool is what actually led me
to this change).

The ability to deprecate this code has been called into question[1], but
if that remains to be finalized, then making this change in the interim
seems to make sense.

[1] http://lkml.indiana.edu/hypermail/linux/kernel/1208.0/01081.html

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Dave Jones <davej@redhat.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org>	[3.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 kernel/futex.c        |    2 +-
 kernel/futex_compat.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff -puN kernel/futex.c~futex-avoid-kernel-taint-caused-by-get_robust_list kernel/futex.c
--- a/kernel/futex.c~futex-avoid-kernel-taint-caused-by-get_robust_list
+++ a/kernel/futex.c
@@ -2472,7 +2472,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pi
 	if (!futex_cmpxchg_enabled)
 		return -ENOSYS;
 
-	WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n");
+	printk_once(KERN_WARNING "deprecated: get_robust_list will be deleted in 2013.\n");
 
 	rcu_read_lock();
 
diff -puN kernel/futex_compat.c~futex-avoid-kernel-taint-caused-by-get_robust_list kernel/futex_compat.c
--- a/kernel/futex_compat.c~futex-avoid-kernel-taint-caused-by-get_robust_list
+++ a/kernel/futex_compat.c
@@ -143,7 +143,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, 
 	if (!futex_cmpxchg_enabled)
 		return -ENOSYS;
 
-	WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n");
+	printk_once(KERN_WARNING "deprecated: get_robust_list will be deleted in 2013.\n");
 
 	rcu_read_lock();
 
_

Patches currently in -mm which might be from paul.gortmaker@windriver.com are

linux-next.patch
compiler-gcc4h-reorder-macros-based-upon-gcc-ver.patch
compiler-gcch-add-gcc-recommended-gcc_version-macro.patch
compiler-gcc34h-use-gcc_version-macro.patch
compiler-gcc4h-bugh-remove-duplicate-macros.patch
bugh-fix-build_bug_on-macro-in-__checker__.patch
bugh-prevent-double-evaulation-of-in-build_bug_on.patch
bugh-make-build_bug_on-generate-compile-time-error.patch
compilerh-bugh-prevent-double-error-messages-with-build_bug_on.patch
bugh-compilerh-introduce-compiletime_assert-build_bug_on_msg.patch
inotify-remove-broken-mask-checks-causing-unmount-to-be-einval.patch
time-dont-inline-export_symbol-functions.patch
dca-convert-to-idr_alloc.patch
futex-avoid-kernel-taint-caused-by-get_robust_list.patch


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree
  2013-02-15 22:26 + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree akpm
@ 2013-02-15 22:44 ` Richard Weinberger
  2013-02-15 22:58   ` Andrew Morton
  2013-02-16  7:02   ` Cyrill Gorcunov
  0 siblings, 2 replies; 5+ messages in thread
From: Richard Weinberger @ 2013-02-15 22:44 UTC (permalink / raw)
  To: akpm
  Cc: linux-kernel, paul.gortmaker, davej, keescook, stable, tglx,
	gorcunov, ebiederm

Am Fri, 15 Feb 2013 14:26:52 -0800
schrieb akpm@linux-foundation.org:
> ------------------------------------------------------
> From: Paul Gortmaker <paul.gortmaker@windriver.com>
> Subject: futex: avoid kernel taint caused by get_robust_list
> 
> Commit ec0c4274e33c0373e4 ("futex: Mark get_robust_list as
> deprecated") added these two WARN_ONCE calls.
> 
> However, WARN_ONCE taints the kernel, and we shouldn't be allowing any
> user who wanders by to do this.  For example, the system fuzzer
> "trinity" uses the tainted state as a metric for when to stop,
> assuming that it has caused significant wreckage (and indeed that
> tool is what actually led me to this change).
> 
> The ability to deprecate this code has been called into question[1],
> but if that remains to be finalized, then making this change in the
> interim seems to make sense.

Do we really want to remove this system call in 2013?
Note, Documentation/feature-removal-schedule.txt is gone...

CRIU folks, I guess you still need the call?
Or have you found an alternative way to get the robost list?

As stated in [0], I'd simply revert commit ec0c4274 ("futex: Mark
get_robust_list as deprecated")

Thanks,
//richard

[0] http://permalink.gmane.org/gmane.linux.kernel.hardened.devel/506

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree
  2013-02-15 22:44 ` Richard Weinberger
@ 2013-02-15 22:58   ` Andrew Morton
  2013-02-16  7:02   ` Cyrill Gorcunov
  1 sibling, 0 replies; 5+ messages in thread
From: Andrew Morton @ 2013-02-15 22:58 UTC (permalink / raw)
  To: Richard Weinberger
  Cc: linux-kernel, paul.gortmaker, davej, keescook, stable, tglx,
	gorcunov, ebiederm

On Fri, 15 Feb 2013 23:44:44 +0100
Richard Weinberger <richard@nod.at> wrote:

> As stated in [0], I'd simply revert commit ec0c4274 ("futex: Mark
> get_robust_list as deprecated")

Too much talk, not enough patches.  I typed it all in again.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree
  2013-02-15 22:44 ` Richard Weinberger
  2013-02-15 22:58   ` Andrew Morton
@ 2013-02-16  7:02   ` Cyrill Gorcunov
  2013-02-18  8:55     ` Thomas Gleixner
  1 sibling, 1 reply; 5+ messages in thread
From: Cyrill Gorcunov @ 2013-02-16  7:02 UTC (permalink / raw)
  To: Richard Weinberger
  Cc: akpm, linux-kernel, paul.gortmaker, davej, keescook, stable, tglx,
	ebiederm

On Fri, Feb 15, 2013 at 11:44:44PM +0100, Richard Weinberger wrote:
> > The ability to deprecate this code has been called into question[1],
> > but if that remains to be finalized, then making this change in the
> > interim seems to make sense.
> 
> Do we really want to remove this system call in 2013?
> Note, Documentation/feature-removal-schedule.txt is gone...
> 
> CRIU folks, I guess you still need the call?
> Or have you found an alternative way to get the robost list?

Yes, we need this call and we use it.

> As stated in [0], I'd simply revert commit ec0c4274 ("futex: Mark
> get_robust_list as deprecated")

Thanks!

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree
  2013-02-16  7:02   ` Cyrill Gorcunov
@ 2013-02-18  8:55     ` Thomas Gleixner
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Gleixner @ 2013-02-18  8:55 UTC (permalink / raw)
  To: Cyrill Gorcunov
  Cc: Richard Weinberger, Andrew Morton, LKML, paul.gortmaker, davej,
	keescook, stable, Eric W. Biederman

On Sat, 16 Feb 2013, Cyrill Gorcunov wrote:

> On Fri, Feb 15, 2013 at 11:44:44PM +0100, Richard Weinberger wrote:
> > > The ability to deprecate this code has been called into question[1],
> > > but if that remains to be finalized, then making this change in the
> > > interim seems to make sense.
> > 
> > Do we really want to remove this system call in 2013?
> > Note, Documentation/feature-removal-schedule.txt is gone...
> > 
> > CRIU folks, I guess you still need the call?
> > Or have you found an alternative way to get the robost list?
> 
> Yes, we need this call and we use it.
> 
> > As stated in [0], I'd simply revert commit ec0c4274 ("futex: Mark
> > get_robust_list as deprecated")
> 
> Thanks!

I take the revert via tip and queue it for 3.9

Thanks,

	tglx
 

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2013-02-18  8:55 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-15 22:26 + futex-avoid-kernel-taint-caused-by-get_robust_list.patch added to -mm tree akpm
2013-02-15 22:44 ` Richard Weinberger
2013-02-15 22:58   ` Andrew Morton
2013-02-16  7:02   ` Cyrill Gorcunov
2013-02-18  8:55     ` Thomas Gleixner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.