Re: [PATCH 4.14 17/89] futex: Prevent overflow by strengthen input validation

From: Darren Hart
Date: Thu Jan 25 2018 - 16:42:38 EST


On Thu, Jan 25, 2018 at 04:21:51PM +0100, Jiri Slaby wrote:
> On 01/25/2018, 04:12 PM, Greg Kroah-Hartman wrote:
> > On Thu, Jan 25, 2018 at 03:47:32PM +0100, Jiri Slaby wrote:
> >> On 01/25/2018, 03:30 PM, Thomas Gleixner wrote:
> >>> So what's the problem?
> >>
> >> The problem I see is that every stable kernel now requires updated
> >> strace with their commit from yesterday to build correctly. In
> >> particular, the new stable kernels cause rpm build failures of strace in
> >> all our distros (based on those stable kernels). Sure, we can patch
> >> strace in every distro every nth kernel update, but it's mere
> >> impractical. Kernel should not break userspace, right?
> >
> > Well, when userspace is doing something stupid... :)
>
> No doubt... But does that mean we no longer maintain the "no userspace
> breakage even if it is stupid" rule?

One of the reasons we have been adding these earlier input validation checks to
futex has been to mitigate security exploits taking advantage of the complex
nature of the system call. Granted we should have done this initially, but if we
avoid some of these nasty exploits (and the real harm they enable), then yeah,
this is worth fixing userspace which is relying on undefined behavior.

I'd still like to out why various distros are sending garbage to uadd2 for
network setup (but that's another topic).

--
Darren Hart
VMware Open Source Technology Center