| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Jan 2013 10:13:26 -0800 From: Tejun Heo <tj@...nel.org> To: Paolo Bonzini <pbonzini@...hat.com> Cc: linux-kernel@...r.kernel.org, pmatouse@...hat.com, "James E.J. Bottomley" <JBottomley@...allels.com>, linux-scsi@...nel.org, Jens Axboe <axboe@...nel.dk> Subject: Re: [PATCH 06/13] sg_io: whitelist a few more commands for multimedia devices Hey, Paolo. On Fri, Jan 25, 2013 at 06:57:20PM +0100, Paolo Bonzini wrote: > And because someone _will_ use it from my point of view, I can only give > justification to leave stuff _out_. In general I did so if the command > can disrupt someone else, as would be the case for persistent > reservations. It was not really always respected for the existing > table, for example I'd have left out LOG SELECT, but the series is > already controversial enough, so one thing at a time. I'm not sure how well I can explain this but something being in the spec and something in wide use are two different things, and people, including the ones in hw vendors, tend not to pay too much attention / resources to stuff which aren't used widely and commands which aren't in wide use are much more likely to have errors in their implementation or be abused - e.g. overridden for vendor specific command as part of weird init sequence to select device mode or whatnot. Another aspect is that sometimes opcodes are recycled and people of course don't try to recycle opcodes which are in wide use. They choose the ones which failed to gain much traction and became obsolete. The recycled command might not be suitable for exposing to userland. So, there are actual costs coming from exposing them, which is fine if the benefit can offset them enough, but what would be the benefit of exposing commands which aren't being used? The only thing I can think of is that of avoiding the annoyance of expanding the list later? But, as you said, exposing commands by default mean that we're more likely to need blacklists in the future, so that doesn't seem like that much of winning to me. Discovering use cases is actually much easier than finding broken devices for some obscure commands. > > and can you please stop labeling reviews as "useless"? > > Reviews are not useless, but championing the inclusion of two obsolete > commands in a list is not a good use of bandwidth. Because the choice > is arbitrary, the discussion can degenerate too easily into repeatedly > saying the same thing over and over. All I'm trying to do is avoid it. Seems like I was too twitchy. My apologies. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists