Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2486191rwb; Mon, 7 Nov 2022 14:00:51 -0800 (PST) X-Google-Smtp-Source: AMsMyM6myhYFl4MvLKyk/GsDCxKRuf9c8s+V6yu6wxCVtvsyfs9UWWcalEmKi1AbOKFUNYPH1ijN X-Received: by 2002:a63:ec4e:0:b0:470:4118:7e2c with SMTP id r14-20020a63ec4e000000b0047041187e2cmr15238774pgj.155.1667858451044; Mon, 07 Nov 2022 14:00:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667858451; cv=none; d=google.com; s=arc-20160816; b=NCMZkrVq5uUSdspICkQ9AE718ZOGBuapiBmIeqPFjlWmBayET5897V1I2lgLK1UHKP Kvm7qt8v9vd/MVmMTJk0Tf3qJqu1bREK/SADQUlSianGFMaq84DhEyGfj86FnIhkoKVP GpBFjTmxo6A9Ir2FGohEYB/3abP71dhjLTitK00VDOUxmnKWKlLCyc6JG31X9HUZBoXp m6JvXcwCLP50pyWs2DpeUWdai4/KB+4vskBC+xNCevSaJI2SqDp9KHhUBvjT1FyaFgkX twgMKgnAOah1Wobw7Rkjc36FEjzB3g/LnzOcqTfPziZHI0/VDTe178hx50ASG/SKWeim qg6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=PQmN4dPGqfDL1uY7o8A3hIXCAhDy6yKgIi425MX2ZCA=; b=hieLLWia+5wLB7gXkhxqu7ib2FoWq2/Kt28jSSiDp/JbT/ECXcHLPvdnbfgJLGy7pu i51qDL7W0+qpEk03lA8rvr5GAaHuUTPUCgWL1hdTVUUbuORo6a9kLoC4AuJWnX+YuGTU G2lfncU5DLgbzGwQrWgjJUh1mf77R8wcM9NQLXSsWP/qaozSNVLwsa+8eGEdTC90x8F4 qry4KdOhef+VhPf4kAe0vQ1SKkD/dBTlSMo4+O9hMcyCzW8gg8okgdWzRNJF0I5gmdaW EiPX+X/Ec+TCsfCdpe50AxFBTq/bk6ZDhbUZedijGCg0j5cvEUI652nc7smZBj3RDvxZ N/kQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n12-20020a170902d2cc00b001868277386dsi13845738plc.192.2022.11.07.14.00.38; Mon, 07 Nov 2022 14:00:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233306AbiKGVSp (ORCPT + 91 others); Mon, 7 Nov 2022 16:18:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233584AbiKGVSI (ORCPT ); Mon, 7 Nov 2022 16:18:08 -0500 Received: from second.openwall.net (second.openwall.net [193.110.157.125]) by lindbergh.monkeyblade.net (Postfix) with SMTP id C3E3F2EF0D for ; Mon, 7 Nov 2022 13:15:04 -0800 (PST) Received: (qmail 3224 invoked from network); 7 Nov 2022 21:15:02 -0000 Received: from localhost (HELO pvt.openwall.com) (127.0.0.1) by localhost with SMTP; 7 Nov 2022 21:15:02 -0000 Received: by pvt.openwall.com (Postfix, from userid 503) id 9FA69AB3A4; Mon, 7 Nov 2022 22:14:40 +0100 (CET) Date: Mon, 7 Nov 2022 22:14:40 +0100 From: Solar Designer To: Jann Horn Cc: Kees Cook , linux-hardening@vger.kernel.org, kernel-hardening@lists.openwall.com, Greg KH , Linus Torvalds , Seth Jenkins , "Eric W . Biederman" , Andy Lutomirski , linux-kernel@vger.kernel.org Subject: Re: [PATCH] exit: Put an upper limit on how often we can oops Message-ID: <20221107211440.GA4233@openwall.com> References: <20221107201317.324457-1-jannh@google.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221107201317.324457-1-jannh@google.com> User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 07, 2022 at 09:13:17PM +0100, Jann Horn wrote: > +oops_limit > +========== > + > +Number of kernel oopses after which the kernel should panic when > +``panic_on_oops`` is not set. Rather than introduce this separate oops_limit, how about making panic_on_oops (and maybe all panic_on_*) take the limit value(s) instead of being Boolean? I think this would preserve the current behavior at panic_on_oops = 0 and panic_on_oops = 1, but would introduce your desired behavior at panic_on_oops = 10000. We can make 10000 the new default. If a distro overrides panic_on_oops, it probably sets it to 1 like RHEL does. Are there distros explicitly setting panic_on_oops to 0? If so, that could be a reason to introduce the separate oops_limit. I'm not advocating one way or the other - I just felt this should be explicitly mentioned and decided on. Alexander