Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04560C433FE for ; Mon, 15 Nov 2021 16:07:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E46FB61040 for ; Mon, 15 Nov 2021 16:07:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236738AbhKOQKD (ORCPT ); Mon, 15 Nov 2021 11:10:03 -0500 Received: from mail.kernel.org ([198.145.29.99]:32818 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236674AbhKOQJ4 (ORCPT ); Mon, 15 Nov 2021 11:09:56 -0500 Received: from gandalf.local.home (cpe-66-24-58-225.stny.res.rr.com [66.24.58.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8202061B95; Mon, 15 Nov 2021 16:06:51 +0000 (UTC) Date: Mon, 15 Nov 2021 11:06:49 -0500 From: Steven Rostedt To: Lukas Bulwahn Cc: Alexander Popov , Linus Torvalds , Jonathan Corbet , Paul McKenney , Andrew Morton , Thomas Gleixner , Peter Zijlstra , Joerg Roedel , Maciej Rozycki , Muchun Song , Viresh Kumar , Robin Murphy , Randy Dunlap , Lu Baolu , Petr Mladek , Kees Cook , Luis Chamberlain , Wei Liu , John Ogness , Andy Shevchenko , Alexey Kardashevskiy , Christophe Leroy , Jann Horn , Greg Kroah-Hartman , Mark Rutland , Andy Lutomirski , Dave Hansen , Will Deacon , Ard Biesheuvel , Laura Abbott , David S Miller , Borislav Petkov , Arnd Bergmann , Andrew Scull , Marc Zyngier , Jessica Yu , Iurii Zaikin , Rasmus Villemoes , Wang Qing , Mel Gorman , Mauro Carvalho Chehab , Andrew Klychkov , Mathieu Chouquet-Stringer , Daniel Borkmann , Stephen Kitt , Stephen Boyd , Thomas Bogendoerfer , Mike Rapoport , Bjorn Andersson , Kernel Hardening , linux-hardening@vger.kernel.org, "open list:DOCUMENTATION" , linux-arch , Linux Kernel Mailing List , linux-fsdevel , notify@kernel.org, main@lists.elisa.tech, safety-architecture@lists.elisa.tech, devel@lists.elisa.tech, Shuah Khan Subject: Re: [PATCH v2 0/2] Introduce the pkill_on_warn parameter Message-ID: <20211115110649.4f9cb390@gandalf.local.home> In-Reply-To: References: <20211027233215.306111-1-alex.popov@linux.com> <77b79f0c-48f2-16dd-1d00-22f3a1b1f5a6@linux.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 15 Nov 2021 14:59:57 +0100 Lukas Bulwahn wrote: > 1. Allow a reasonably configured kernel to boot and run with > panic_on_warn set. Warnings should only be raised when something is > not configured as the developers expect it or the kernel is put into a > state that generally is _unexpected_ and has been exposed little to > the critical thought of the developer, to testing efforts and use in > other systems in the wild. Warnings should not be used for something > informative, which still allows the kernel to continue running in a > proper way in a generally expected environment. Up to my knowledge, > there are some kernels in production that run with panic_on_warn; so, > IMHO, this requirement is generally accepted (we might of course To me, WARN*() is the same as BUG*(). If it gets hit, it's a bug in the kernel and needs to be fixed. I have several WARN*() calls in my code, and it's all because the algorithms used is expected to prevent the condition in the warning from happening. If the warning triggers, it means either that the algorithm is wrong or my assumption about the algorithm is wrong. In either case, the kernel needs to be updated. All my tests fail if a WARN*() gets hit (anywhere in the kernel, not just my own). After reading all the replies and thinking about this more, I find the pkill_on_warning actually worse than not doing anything. If you are concerned about exploits from warnings, the only real solution is a panic_on_warning. Yes, it brings down the system, but really, it has to be brought down anyway, because it is in need of a kernel update. -- Steve