lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 5 Jun 2015 17:53:59 +0100
From:	Mark Brown <broonie@...nel.org>
To:	Richard Fitzgerald <rf@...nsource.wolfsonmicro.com>
Cc:	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	patches@...nsource.wolfsonmicro.com
Subject: Re: [PATCH 2/2] regmap: Fix permissions on debugfs cache controls

On Fri, Jun 05, 2015 at 04:53:54PM +0100, Richard Fitzgerald wrote:
> On Fri, Jun 05, 2015 at 04:25:37PM +0100, Mark Brown wrote:

> > Honestly it wasn't supposed to be working at all.  We can have a
> > discussion about if it makes sense for it to work, that's not a totally
> > unreasonable thing though I'd really want to taint the kernel if anyone
> > actually does it (particularly for cache only) since it seems even more
> > likely to interact poorly with drivers than random register writes.

> > We'll also want to sync the cache when transitioning from cache only to
> > normal operation I think, or provide a way of doing that.

> We use writability of these all the time for all sorts of debugging so
> it would be bad for us if it actually stopped being writeable.

Sure, like I say it's not totally unreasonable.

> Our expectations are that you're on your own if you fiddle with the
> cache settings via debugfs. Other people's might be different. But that's
> the current behaviour so if anyone is currently using the accidental
> writability this patch will preserve that behaviour (broken or not).
> And if they aren't using it, it doesn't matter.

This is why we want it to taint - it doesn't stop people doing anything,
it just means that if they report bugs (potentially in something totally
unrelated) then any oopses or whatever will say someone was doing
something behind the back of the kernel which might've broken the world.

> I think it's preferable to avoid changing the behaviour of regmap
> as a side effect of improving debugfs and worry later, separately,
> about whether to improve the way regmap handles this.

The current behaviour is a bug in regmap.

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ