[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160316160248.GE23593@thunk.org>
Date: Wed, 16 Mar 2016 12:02:48 -0400
From: Theodore Ts'o <tytso@....edu>
To: Doug Ledford <dledford@...hat.com>
Cc: Al Viro <viro@...iv.linux.org.uk>,
Mike Marciniszyn <infinipath@...el.com>,
linux-rdma@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Dennis Dalessandro <dennis.dalessandro@...el.com>,
ira weiny <ira.weiny@...el.com>,
Jubin John <jubin.john@...el.com>
Subject: Re: [WTF] utterly tasteless ABI in hfi1 (around
->write()/->write_iter())
On Wed, Mar 16, 2016 at 11:46:31AM -0400, Doug Ledford wrote:
> I can't speak for Mike, but I never said "It's Special". I said it's a
> driver internal thing with only one consumer and the kernel driver and
> the user space consumer are a matched pair. If this were a general API
> for use by any old program I would agree with you, but since it isn't, I
> wasn't that concerned about whether it got fixed. If it broke, Intel
> had both pieces and could fix it. And with that in mind I said "ince
> this is an internal driver interface that only Intel uses, I'm not
> inclined to force them to rewrite their driver and their library just
> because their particular usage took you off guard."
The thing which is really scary about the "we own both pieces, so we
can be sloppy with the interface design" is there is the question of
whether there are any security issues with such an interface. Maybe
the assumption is that only root will get to access the interface, but
as we're seeing with user namespaces, very often these assumptions are
getting upended.
So certainly if I were a bad guy working at the NSA^H^H^H^H KGB trying
to find a zero-day that I would keep in my agency's back pocket,
interfaces designed with this kind of attitude would be the first
place I would look.
> For the hfi1 driver (and OPA in general), we do have the ability to do a
> new API. But, going back to what I said before, I just don't care that
> much. It's Intel internal stuff as far as I'm concerned. If they do
> something fragile and it breaks, then that's all on their hands.
Except if there's a security vulernability, then it's on our
collective heads as kernel developers. Unless we want to tell people,
"don't use intel hardware, it's written by device driver authors who
are sloppy"....
- Ted
Powered by blists - more mailing lists