Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Jul 2022 18:30:59 +0200
From: Jann Horn <>
To: Alexey Khoroshilov <>
Cc: Linus Torvalds <>, Petr Mladek <>, 
	"Paul E. McKenney" <>, Alexander Popov <>, 
	Jonathan Corbet <>, Andrew Morton <>, 
	Thomas Gleixner <>, Peter Zijlstra <>, 
	Joerg Roedel <>, Maciej Rozycki <>, 
	Muchun Song <>, Viresh Kumar <>, 
	Robin Murphy <>, Randy Dunlap <>, 
	Lu Baolu <>, Kees Cook <>, 
	Luis Chamberlain <>, Wei Liu <>, John Ogness <>, 
	Andy Shevchenko <>, Alexey Kardashevskiy <>, 
	Christophe Leroy <>, 
	Greg Kroah-Hartman <>, Mark Rutland <>, 
	Andy Lutomirski <>, Dave Hansen <>, 
	Steven Rostedt <>, Thomas Garnier <>, 
	Will Deacon <>, Ard Biesheuvel <>, 
	Laura Abbott <>, David S Miller <>, Borislav Petkov <>, 
	Kernel Hardening <>,, 
	"open list:DOCUMENTATION" <>, 
	Linux Kernel Mailing List <>,
Subject: Re: [PATCH] Introduce the pkill_on_warn boot parameter

On Wed, Jul 27, 2022 at 6:17 PM Alexey Khoroshilov
<> wrote:
> On 01.10.2021 22:59, Linus Torvalds wrote:
> Coming back to the discussion of WARN_ON()/pr_warn("WARNING:") semantics.
> We see a number of cases where WARNING is used to inform userspace that
> it is doing something wrong, e.g.
> It is definitely useful, but it does not make sense in case of fuzzing
> when the userspace should do wrong things and check if kernel behaves
> correctly.
> As a result we have warnings with two different intentions:
> - warn that something wrong happens in kernel, but we are able to continue;
> - warn userspace that it is doing something wrong.
> During fuzzing we would like to report the former and to ignore the
> latter. Are any ideas how these intentions can be recognized automatically?

 * WARN(), WARN_ON(), WARN_ON_ONCE, and so on can be used to report
 * significant kernel issues that need prompt attention if they should ever
 * appear at runtime.
 * Do not use these macros when checking for invalid external inputs
 * (e.g. invalid system call arguments, or invalid data coming from
 * network/devices), and on transient conditions like ENOMEM or EAGAIN.
 * These macros should be used for recoverable kernel issues only.
 * For invalid external inputs, transient conditions, etc use
 * pr_err[_once/_ratelimited]() followed by dump_stack(), if necessary.
 * Do not include "BUG"/"WARNING" in format strings manually to make these
 * conditions distinguishable from kernel issues.

So if you see drivers intentionally using WARN() or printing
"WARNING:" on codepaths that are reachable with bogus inputs from
userspace, those codepaths should be fixed to log warnings in a
different format.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.