lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5102C780.3090402@redhat.com>
Date:	Fri, 25 Jan 2013 18:57:20 +0100
From:	Paolo Bonzini <pbonzini@...hat.com>
To:	Tejun Heo <tj@...nel.org>
CC:	linux-kernel@...r.kernel.org, pmatouse@...hat.com,
	"James E.J. Bottomley" <JBottomley@...allels.com>,
	linux-scsi@...nel.org, Jens Axboe <axboe@...nel.dk>
Subject: Re: [PATCH 06/13] sg_io: whitelist a few more commands for multimedia
 devices

Il 25/01/2013 18:28, Tejun Heo ha scritto:
> On Fri, Jan 25, 2013 at 06:16:04PM +0100, Paolo Bonzini wrote:
>> > Well, you can find broken devices for pretty much every command in the
>> > list.  Anyhow, the other two commands are obsolete so I'm okay with
>> > leaving them out, if only for the sake of avoiding useless email threads.
> Once we open the commands to userland this way, it's difficult to
> throttle it back again.

I think the right place to throttle them back would be with a per-device
quirk, but I understand being conservative since we're talking about two
obsolete commands.

> I just fail to see the point of allowing
> everything possible.  There's a way to override it (is that in yet?)

No, it's not.  I made it patch 13/13 in this series.

> and we can always extend the list later, so please do the minimal set
> with justification

I cannot really give justification for single commands.  What this is
going to be used for is virt, but I cannot know of all OSes and all
proprietary software in the wild.  You have to some extent accept that
if it is in the standard, somebody had the need for it, usually a big
database vendor.

And because someone _will_ use it from my point of view, I can only give
justification to leave stuff _out_.  In general I did so if the command
can disrupt someone else, as would be the case for persistent
reservations.  It was not really always respected for the existing
table, for example I'd have left out LOG SELECT, but the series is
already controversial enough, so one thing at a time.

I put these three commands in because I wanted to include somewhere all
the commands that were in my list, and I had no reason to leave them
out.  Two of them are obsolete, so if you prefer to keep them out I'll
move them, end of the story. :)

> and can you please stop labeling reviews as "useless"?

Reviews are not useless, but championing the inclusion of two obsolete
commands in a list is not a good use of bandwidth.  Because the choice
is arbitrary, the discussion can degenerate too easily into repeatedly
saying the same thing over and over.  All I'm trying to do is avoid it.

Paolo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ