Hello Linus, Thanks for your reply (despite some strong words).
On 05.03.2018 23:15, Linus Torvalds wrote: > This is the first I see of any of this, it was apparently not actually > posted to lkml or anything like that. I described that below. > Honestly, what I see just makes me go "this is security-masturbation". Let me quote the cover letter of this patch series. STACKLEAK (initially developed by PaX Team): - reduces the information that can be revealed through kernel stack leak bugs; - blocks some uninitialized stack variable attacks (e.g. CVE-2017-17712, CVE-2010-2963); - introduces some runtime checks for kernel stack overflow detection. It blocks the Stack Clash attack against the kernel. So it seems to be a useful feature. > It doesn't actually seem to help *find* bugs at all. As such, it's > another "paper over and forget" thing that just adds fairly high > overhead when it's enabled. The cover letter also contains the information about the performance impact. It's 0.6% on the compiling the kernel (with Ubuntu config) and approx 4% on a very intensive hackbench test. > I'm NAK'ing it sight-unseen (see above) just because I'm tired of > these kinds of pointless things that don't actually strive to improve > on the kernel, just add more and more overhead for nebulous "things > may happen", and that just make the code uglier. > > Why wasn't it even posted to lkml? That's my mistake. I started to learn that feature 9 month ago, just before Qualys published the Stack Clash attack (which is blocked by STACKLEAK). I sent first WIP versions to a short list of people (and had a lot of feedback to work with). But later unfortunately I didn't adjust the list of recipients. That was not done intentionally. > And why isn't the focus of security people on tools to _analyse_ and > find problems? You know, I like KASAN and kernel fuzzing as well: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b Best regards, Alexander