Received: by 10.223.176.46 with SMTP id f43csp2692475wra; Thu, 25 Jan 2018 13:43:21 -0800 (PST) X-Google-Smtp-Source: AH8x225RGNI4IWZ5nEVDWiRIxcP/YyO3iJrKVjKytzMZkyXR5/GxUYkwFb2oQcNMYi2yeZgr5aph X-Received: by 10.98.16.215 with SMTP id 84mr1181156pfq.202.1516916601869; Thu, 25 Jan 2018 13:43:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516916601; cv=none; d=google.com; s=arc-20160816; b=gOHOolBF/fegb5XF0t6GbiTpO+juJUcELsa8PKad5vUIe+1X9gtYNBa1Y8BV7UW1YO tjgTE8NTwfZU7vkFCs7S6lKIepKsoq826oCvI1FtsJgFnktZZJyHnrB7HJakpaZCMwgP eYkPpeGpfMAtXfGEWi78oCKDPkB5mgZpOrREwK3xRO4BXZHxPCXngAW8i1jRW4kutkH4 k/Kq4Hm+wDD+Emr3/wnkoJoZiMHTT+My6cbcDLRpep8zLzXt+7BAB8KkxPWIw0u/J3LV e2s9WnsP6V7RH2MfvpotVOgjL7s6cE1qRbNdtGq4bycSsrEUgRpZhyZvDH9zk582vM7a R5xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=RDvBOFSMBCntCWOlAWOqSBOGJDYW8tTGesdD6U8hIIQ=; b=Rf/FtMC9+RIpn7Cyxmq8DVWP89imyI9vmvSR6aOPkLRj/mHTp2v+kNzD5Y4uMrvb7T 9dlMUKC43WzBGcXiuvm+5lLm8wGfJVupuAftW8HudhXkRzsgH60QRyy+Vz33xRi2NGd9 m6po80HFEQzSGSRWOviSNvTyVU+1nT267g91kvFskSeUcjWyBcicrLOVS4o+1SYgkACN V/PqX/QFSvFFkslm4FD86zWJLZLwMWkyB/sXcagYaO6BiuLQC2IlXDB3yGS6rDFHVxUt HOYFvxh6pabLD+adZFztBUdBjuLfW/t7LhQysQ78P37xgzYhrgRYYuTMypvTTxtwD797 mjEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=COEbJhlm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k9si5241190pfj.81.2018.01.25.13.43.07; Thu, 25 Jan 2018 13:43:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=COEbJhlm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751484AbeAYVmd (ORCPT + 99 others); Thu, 25 Jan 2018 16:42:33 -0500 Received: from bombadil.infradead.org ([65.50.211.133]:53425 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751181AbeAYVmb (ORCPT ); Thu, 25 Jan 2018 16:42:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=RDvBOFSMBCntCWOlAWOqSBOGJDYW8tTGesdD6U8hIIQ=; b=COEbJhlmEs5wf8SJHK4yMcA36 L2hQUQaqxgfOSqvVELz0IUGXDXv/HWeXxDgUNH7/2SB3KMitozXBel3e+hYomjDA6KGoeeUL79Zls KHe69TrJCpq9dy4IbcxswNoKROV/nvUf1t4E+J3bfYvLrJhmeSBQX1qRPArxIa0oLqFe7yAOBZx0U vi4rzDRc0orq2zlfNTY9ULW4hOJzQmD4mPsbIaaRPrwHASCB5TBYtIj30FhsoNyVSGpZQjWhlYa1z FCJ0nZ7rcqCTMUDtfjfEr5pRwxc8lcVqvqNFX/hohScIo8+Zz9jiYy6q/2a3QhJNOFxMTsYL1QiWT jrVFq4t6w==; Received: from dvhart by bombadil.infradead.org with local (Exim 4.89 #1 (Red Hat Linux)) id 1eepHv-00041D-9z; Thu, 25 Jan 2018 21:42:27 +0000 Date: Thu, 25 Jan 2018 13:42:25 -0800 From: Darren Hart To: Jiri Slaby Cc: Greg Kroah-Hartman , Thomas Gleixner , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Li Jinyue , peterz@infradead.org, "torvalds@linux-foundation.org" Subject: Re: [PATCH 4.14 17/89] futex: Prevent overflow by strengthen input validation Message-ID: <20180125214225.GA24122@fury> References: <20180122083954.683903493@linuxfoundation.org> <20180122083956.427607580@linuxfoundation.org> <20567b49-e0a3-e9e0-d520-74bbfc20d414@suse.cz> <20180125151219.GA16752@kroah.com> <99cabcaa-8829-d50e-afbc-920d9dbbe903@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <99cabcaa-8829-d50e-afbc-920d9dbbe903@suse.cz> User-Agent: Mutt/1.8.0 (2017-02-23) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 25, 2018 at 04:21:51PM +0100, Jiri Slaby wrote: > On 01/25/2018, 04:12 PM, Greg Kroah-Hartman wrote: > > On Thu, Jan 25, 2018 at 03:47:32PM +0100, Jiri Slaby wrote: > >> On 01/25/2018, 03:30 PM, Thomas Gleixner wrote: > >>> So what's the problem? > >> > >> The problem I see is that every stable kernel now requires updated > >> strace with their commit from yesterday to build correctly. In > >> particular, the new stable kernels cause rpm build failures of strace in > >> all our distros (based on those stable kernels). Sure, we can patch > >> strace in every distro every nth kernel update, but it's mere > >> impractical. Kernel should not break userspace, right? > > > > Well, when userspace is doing something stupid... :) > > No doubt... But does that mean we no longer maintain the "no userspace > breakage even if it is stupid" rule? One of the reasons we have been adding these earlier input validation checks to futex has been to mitigate security exploits taking advantage of the complex nature of the system call. Granted we should have done this initially, but if we avoid some of these nasty exploits (and the real harm they enable), then yeah, this is worth fixing userspace which is relying on undefined behavior. I'd still like to out why various distros are sending garbage to uadd2 for network setup (but that's another topic). -- Darren Hart VMware Open Source Technology Center