Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 27 Jul 2022 18:30:59 +0200
From: Jann Horn <jannh@...gle.com>
To: Alexey Khoroshilov <khoroshilov@...ras.ru>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Petr Mladek <pmladek@...e.com>, 
	"Paul E. McKenney" <paulmck@...nel.org>, Alexander Popov <alex.popov@...ux.com>, 
	Jonathan Corbet <corbet@....net>, Andrew Morton <akpm@...ux-foundation.org>, 
	Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra <peterz@...radead.org>, 
	Joerg Roedel <jroedel@...e.de>, Maciej Rozycki <macro@...am.me.uk>, 
	Muchun Song <songmuchun@...edance.com>, Viresh Kumar <viresh.kumar@...aro.org>, 
	Robin Murphy <robin.murphy@....com>, Randy Dunlap <rdunlap@...radead.org>, 
	Lu Baolu <baolu.lu@...ux.intel.com>, Kees Cook <keescook@...omium.org>, 
	Luis Chamberlain <mcgrof@...nel.org>, Wei Liu <wl@....org>, John Ogness <john.ogness@...utronix.de>, 
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Alexey Kardashevskiy <aik@...abs.ru>, 
	Christophe Leroy <christophe.leroy@...roup.eu>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Mark Rutland <mark.rutland@....com>, 
	Andy Lutomirski <luto@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, 
	Steven Rostedt <rostedt@...dmis.org>, Thomas Garnier <thgarnie@...gle.com>, 
	Will Deacon <will.deacon@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, 
	Laura Abbott <labbott@...hat.com>, David S Miller <davem@...emloft.net>, Borislav Petkov <bp@...en8.de>, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>, linux-hardening@...r.kernel.org, 
	"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, notify@...nel.org
Subject: Re: [PATCH] Introduce the pkill_on_warn boot parameter

On Wed, Jul 27, 2022 at 6:17 PM Alexey Khoroshilov
<khoroshilov@...ras.ru> wrote:
> On 01.10.2021 22:59, Linus Torvalds wrote:
> Coming back to the discussion of WARN_ON()/pr_warn("WARNING:") semantics.
>
> We see a number of cases where WARNING is used to inform userspace that
> it is doing something wrong, e.g.
> https://elixir.bootlin.com/linux/v5.19-rc8/source/net/can/j1939/socket.c#L181
> https://elixir.bootlin.com/linux/v5.19-rc8/source/drivers/video/fbdev/core/fbmem.c#L1023
>
> It is definitely useful, but it does not make sense in case of fuzzing
> when the userspace should do wrong things and check if kernel behaves
> correctly.
>
> As a result we have warnings with two different intentions:
> - warn that something wrong happens in kernel, but we are able to continue;
> - warn userspace that it is doing something wrong.
>
> During fuzzing we would like to report the former and to ignore the
> latter. Are any ideas how these intentions can be recognized automatically?

https://elixir.bootlin.com/linux/v5.19-rc8/source/include/asm-generic/bug.h#L74
says:

 * WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
 * significant kernel issues that need prompt attention if they should ever
 * appear at runtime.
 *
 * Do not use these macros when checking for invalid external inputs
 * (e.g. invalid system call arguments, or invalid data coming from
 * network/devices), and on transient conditions like ENOMEM or EAGAIN.
 * These macros should be used for recoverable kernel issues only.
 * For invalid external inputs, transient conditions, etc use
 * pr_err[_once/_ratelimited]() followed by dump_stack(), if necessary.
 * Do not include "BUG"/"WARNING" in format strings manually to make these
 * conditions distinguishable from kernel issues.

So if you see drivers intentionally using WARN() or printing
"WARNING:" on codepaths that are reachable with bogus inputs from
userspace, those codepaths should be fixed to log warnings in a
different format.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.