Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <202109301132.E29DB764E8@keescook>
Date: Thu, 30 Sep 2021 11:36:26 -0700
From: Kees Cook <keescook@...omium.org>
To: Alexander Popov <alex.popov@...ux.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	Jonathan Corbet <corbet@....net>,
	Paul McKenney <paulmck@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Peter Zijlstra <peterz@...radead.org>,
	Joerg Roedel <jroedel@...e.de>, Maciej Rozycki <macro@...am.me.uk>,
	Muchun Song <songmuchun@...edance.com>,
	Viresh Kumar <viresh.kumar@...aro.org>,
	Robin Murphy <robin.murphy@....com>,
	Randy Dunlap <rdunlap@...radead.org>,
	Lu Baolu <baolu.lu@...ux.intel.com>, Petr Mladek <pmladek@...e.com>,
	Luis Chamberlain <mcgrof@...nel.org>, Wei Liu <wl@....org>,
	John Ogness <john.ogness@...utronix.de>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Alexey Kardashevskiy <aik@...abs.ru>,
	Christophe Leroy <christophe.leroy@...roup.eu>,
	Jann Horn <jannh@...gle.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Mark Rutland <mark.rutland@....com>,
	Andy Lutomirski <luto@...nel.org>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Steven Rostedt <rostedt@...dmis.org>,
	Will Deacon <will.deacon@....com>,
	David S Miller <davem@...emloft.net>,
	Borislav Petkov <bp@...en8.de>, kernel-hardening@...ts.openwall.com,
	linux-hardening@...r.kernel.org, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org, notify@...nel.org
Subject: Re: [PATCH] Introduce the pkill_on_warn boot parameter

On Thu, Sep 30, 2021 at 09:27:43PM +0300, Alexander Popov wrote:
> On 30.09.2021 02:31, Andrew Morton wrote:
> > On Wed, 29 Sep 2021 22:01:33 +0300 Alexander Popov <alex.popov@...ux.com> wrote:
> > 
> >> On 29.09.2021 21:58, Alexander Popov wrote:
> >> [...]
> >> If you are fine with this approach, I will prepare a patch adding the
> >> pkill_on_warn sysctl.
> > 
> > Why do we need a boot parameter?  Isn't a sysctl all we need for this
> > feature? 
> 
> I would say we need both sysctl and boot parameter for pkill_on_warn.
> That would be consistent with panic_on_warn, ftrace_dump_on_oops and
> oops/panic_on_oops.

If you want to change it at runtime, just make a sysctl: it will
be available as a bootparam since v5.8. See commit 3db978d480e2
("kernel/sysctl: support setting sysctl parameters from kernel command
line")

-- 
Kees Cook

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.