On Tue, Jun 27, 2017 at 12:00:02PM -0700, Kees Cook wrote:
> From: Daniel Micay <danielmi...@gmail.com>
>
> The WARN_ON() checking for a NULL release pointer was (sensibly)
> removed in commit ec48c940da6c ("kref: remove WARN_ON for NULL release
> functions") since it offered no protection at all about calling a NULL
> release pointer. However, it should instead be a BUG() since continuing
> with a NULL release pointer will lead to a NULL pointer execution
> anyway. Systems with an incorrectly set mmap_min_addr and no PXN/SMEP
> protection would be left open to executing userspace memory.
There's still no evidence that actually would prevented anything
exploitable?
Who would actually set mman_min_addr incorrectly?
And of course near all modern systems have SMEP/SMAP.
Surviving minor problems is actually a feature, not a bug.
Linux was always better than other Unixes here, which
are typically far too panic happy.
If you really want it, I would rather add bug/panic_on_warn sysctl
that does this for every warning but make it default to off.
That would actually cover more cases.
I could see panic_on_warn being moderately useful for debugging
when crash dumps are enabled.
-Andi
