Closed solardiz closed 2 years ago
@Adam-pi3 Is this "Frame pointer is not on the stack" condition possibly unexpected and problematic enough in the non-ORC builds that we should treat it as a security violation? I wonder if it's right to treat it as an ISSUE
(literal translation of the former WARN
that you had chosen for it) or maybe treat it as WATCH
or DEBUG
if it's expected to sometimes occur without an attack or maybe upgrade it to ALERT
if it's only expected to be seen when there's an attack. What do you think?
I temporarily upgraded the message to FAULT
for testing by CI in my fork - so far, 16 out of 18 checks successful, 2 pending - so it looks like this message doesn't normally appear. (Incidentally, somehow the 19th check - CodeQL - does not run in my fork.)
All 18 have passed. So, what do we set the severity of this message to? If it's ALERT
, I assume we'll need to trigger pCFI enforcement on it. Let's not have alerts without possibility of enforcement.
Per discussion with @Adam-pi3 and testing on AlmaLinux 8.5 (see https://github.com/lkrg-org/lkrg/pull/202#issuecomment-1190588572), we need this:
The issue had been overlooked because of a bug in the logging. Prior to recent changes, we had:
where
p_debug_log
andP_LKRG_WARN
were inconsistent, so this message was always suppressed.When reworking the log messages, I temporarily set this message to
DEBUG
, even though a direct translation ofWARN
to new conventions would have beenISSUE
. I did that to avoid log flood. Once we fix this issue, we should probably set this message's severity toISSUE
(and not forget to changep_debug_log
top_print_log
).