Hi!
On 4/26/22 04:43, Pedro Miguel Justo wrote:
> So, I finished compiling my kernel with CONFIG_HARDENED_USERCOPY disabled.
> Guess what:
>
> pmsjt@debian:~$ uname -a
> Linux debian 5.17.3-rt17 #2 SMP Mon Apr 25 16:55:00 PDT 2022 ia64 GNU/Linux
>
> Yup, the system starts just fine with the most recent kernel. So, two things
> we can infer from this:
> - Yes, usercopy validation appears to be broken. The contours of how broken
> it is are yet unknown
but we’ll have to investigate to see what part of the validation is failing.
> - hardened_usercopy=off seems to be ignored by current kernels. When passing
> this option the system
was still failing just the same.
We can certainly send a pull request to the Debian kernel packaging repository
to disable
CONFIG_HARDENED_USERCOPY although I'm not sure what ramifications that would
have.
But since the feature is broken on Itanium anyway, I guess it won't hurt.
Adrian
--
.''`. John Paul Adrian Glaubitz
: :' : Debian Developer
`. `' Physicist
`- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
