lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1353111905.10939.12.camel@misato.fc.hp.com>
Date:	Fri, 16 Nov 2012 17:25:05 -0700
From:	Toshi Kani <toshi.kani@...com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	"Rafael J. Wysocki" <rjw@...k.pl>,
	Vasilis Liaskovitis <vasilis.liaskovitis@...fitbricks.com>,
	linux-acpi@...r.kernel.org, isimatu.yasuaki@...fujitsu.com,
	wency@...fujitsu.com, lenb@...nel.org,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [RFC PATCH v2 0/3] acpi: Introduce prepare_remove device
 operation

On Fri, 2012-11-16 at 16:22 -0800, Greg Kroah-Hartman wrote:
> On Fri, Nov 16, 2012 at 05:08:53PM -0700, Toshi Kani wrote:
> > > > > > > > > So the question is, does the ACPI core have to do that and if so, then why?
> > > > > > > > 
> > > > > > > > The problem is that acpi_memory_devcie_remove() can fail.  However,
> > > > > > > > device_release_driver() is a void function, so it cannot report its
> > > > > > > > error.  Here are function flows for SCI, sysfs eject and unbind.
> > > > > > > 
> > > > > > > Then don't ever let acpi_memory_device_remove() fail.  If the user wants
> > > > > > > it gone, it needs to go away.  Just like any other device in the system
> > > > > > > that can go away at any point in time, you can't "fail" that.
> > > > > > 
> > > > > > That would be ideal, but we cannot delete a memory device that contains
> > > > > > kernel memory.  I am curious, how do you deal with a USB device that is
> > > > > > being mounted in this case?
> > > > > 
> > > > > As the device is physically gone now, we deal with it and clean up
> > > > > properly.
> > > > > 
> > > > > And that's the point here, what happens if the memory really is gone?
> > > > > You will still have to handle it now being removed, you can't "fail" a
> > > > > physical removal of a device.
> > > > > 
> > > > > If you remove a memory device that has kernel memory on it, well, you
> > > > > better be able to somehow remap it before the kernel needs it :)
> > > > 
> > > > :)
> > > > 
> > > > Well, we are not trying to support surprise removal here.  All three
> > > > use-cases (SCI, eject, and unbind) are for graceful removal.  Therefore
> > > > they should fail if the removal operation cannot complete in graceful
> > > > way.
> > > 
> > > Then handle that in the ACPI bus code, it isn't anything that the driver
> > > core should care about, right?
> > 
> > Unfortunately not.  Please take a look at the function flow for the
> > unbind case in my first email.  This request directly goes to
> > driver_unbind(), which is a driver core function.
> 
> Yes, and as the user asked for the driver to be unbound from the device,
> it can not fail.
> 
> And that is WAY different from removing the memory from the system
> itself.  Don't think that this is the "normal" way that memory should be
> removed, that is what stuff like "eject" was created for the PCI slots.
> 
> Don't confuse the two things here, unbinding a driver from a device
> should not remove the memory from the system, it doesn't do that for any
> other type of 'unbind' call for any other bus.  The device is still
> present, just that specific driver isn't controlling it anymore.
> 
> In other words, you should NEVER have a normal userspace flow that is
> trying to do unbind.  unbind is only for radical things like
> disconnecting a driver from a device if a userspace driver wants to
> control it, or a hacked up way to implement revoke() for a device.
> 
> Again, no driver core changes are needed here.

Okay, we might be able to make the eject case to fail if an ACPI driver
is not bound to a device.  This way, the unbind case may be harmless to
proceed.  Let us think about this further on this (but we may come up
again :). 

Thanks,
-Toshi 





--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ