Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 May 2017 08:45:22 +0200
From: Ingo Molnar <>
To: Greg KH <>
Cc: Thomas Garnier <>,
	Martin Schwidefsky <>,
	Heiko Carstens <>,
	Dave Hansen <>, Arnd Bergmann <>,
	Thomas Gleixner <>,
	David Howells <>,
	René Nyffenegger <>,
	Andrew Morton <>,
	"Paul E . McKenney" <>,
	"Eric W . Biederman" <>,
	Oleg Nesterov <>,
	Pavel Tikhomirov <>,
	Ingo Molnar <>, "H . Peter Anvin" <>,
	Andy Lutomirski <>,
	Paolo Bonzini <>, Rik van Riel <>,
	Kees Cook <>,
	Josh Poimboeuf <>,
	Borislav Petkov <>, Brian Gerst <>,
	"Kirill A . Shutemov" <>,
	Christian Borntraeger <>,
	Russell King <>,
	Will Deacon <>,
	Catalin Marinas <>,
	Mark Rutland <>,
	James Morse <>,
	linux-s390 <>,
	LKML <>,
	Linux API <>,
	the arch/x86 maintainers <>,,
	Kernel Hardening <>,
	Linus Torvalds <>,
	Peter Zijlstra <>
Subject: Re: Re: [PATCH v9 1/4] syscalls: Verify address
 limit before returning to user-mode

* Greg KH <> wrote:

> What about a simple coccinelle script to test for this type of thing?
> We write it once, add it to the in-kernel body of tests, and then 0-day
> runs it on all trees all the time.  That should catch this type of
> issue, like all of the other "bad programming bus" that the tool
> currently catches.

Yeah, that would work - but today most of our coccinelle scripts are still pretty 
verbose, and I think it's important to make this a different category of 
coccinelle script, which is .config driven where a loud warning yells at us.

I.e. force the 'zero warnings tolerated' model.

I also noticed that Coccinelle builds are pretty slow, so it would still make 
sense to have a performance oriented static checking facility that does not have 
the performance baggage of high level functional languages.

I.e. either integrate it into Sparse - or start a kernel integrated static 
analysis tooling project that would only follow control flow initially - which is 
what we need here I believe.

We only have ~115 code blocks in the kernel that set/restore KERNEL_DS, it would 
be a pity to add a runtime check to every system call ...

We could also add a runtime check to oops handling to make sure we don't leak 
KERNEL_DS through kernel crashes, to ease worries about CVE-2010-4258.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.