lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Aug 2016 21:54:02 -0300 From: Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com> To: Samuel Mendoza-Jonas <sam@...dozajonas.com> Cc: kexec@...ts.infradead.org, Stewart Smith <stewart@...ux.vnet.ibm.com>, Baoquan He <bhe@...hat.com>, linuxppc-dev@...ts.ozlabs.org, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>, Paul Mackerras <paulus@...ba.org>, Eric Biederman <ebiederm@...ssion.com>, Thomas Gleixner <tglx@...utronix.de>, Dave Young <dyoung@...hat.com>, Andrew Morton <akpm@...ux-foundation.org>, Vivek Goyal <vgoyal@...hat.com> Subject: Re: [PATCH v5 11/13] powerpc: Allow userspace to set device tree properties in kexec_file_load Hello Sam, Thanks for the quick response. Am Freitag, 12 August 2016, 10:45:00 schrieb Samuel Mendoza-Jonas: > On Thu, 2016-08-11 at 20:08 -0300, Thiago Jung Bauermann wrote: > > @@ -908,4 +909,245 @@ bool find_debug_console(const void *fdt, int > > chosen_node) return false; > > } > > > > +/** > > + * struct allowed_node - a node in the whitelist and its allowed > > properties. + * @name: node name or full node path > > + * @properties: NULL-terminated array of names or > > name=value pairs + * > > + * If name starts with /, then the node has to be at the specified path > > in + * the device tree (including unit addresses for all nodes in the > > path). + * If it doesn't, then the node can be anywhere in the device > > tree. + * > > + * An entry in properties can specify a string value that the property > > must + * have by using the "name=value" format. If the entry ends with > > =, it means + * that the property must be empty. > > + */ > > +static struct allowed_node { > > + const char *name; > > + const char *properties[9]; > > +} allowed_nodes[] = { > > + { > > + .name = "/chosen", > > + .properties = { > > + "stdout-path", > > + "linux,stdout-path", > > + NULL, > > + } > > + }, > > + { > > + .name = "vga", > > + .properties = { > > + "device_type=display", > > + "assigned-addresses", > > + "width", > > + "height", > > + "depth", > > + "little-endian=", > > + "linux,opened=", > > + "linux,boot-display=",ss > > + NULL, > > + } > > + }, > > +}; > > Hi Thiago, > > As much as this solves problems for *me*, I suspect adding 'vga' here > might be the subject of some discussion. Having /chosen whitelisted makes > sense on it's own, but 'vga' and its properties are very specific without > much explanation. > > If everyone's happy to have it there, cool! If not, I have the majority > of a patch that handles the original reason for these property updates > separately in the kernel rather than from userspace. If needed I'll clean > it up and we can handle it that way. Ok, that's good to know. I'm fine with it either way. In any case, 'vga' in this patch also serves a good real-life example of a non-trivial binding outside of /chosen that we might want to whitelist in the future. -- []'s Thiago Jung Bauermann IBM Linux Technology Center
Powered by blists - more mailing lists