| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190222105251.GA28554@kroah.com>
Date: Fri, 22 Feb 2019 11:52:51 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Laurent Pinchart <laurent.pinchart@...asonboard.com>
Cc: Bjorn Andersson <bjorn.andersson@...aro.org>,
Vaishali Thakkar <vaishali.thakkar@...aro.org>,
andy.gross@...aro.org, david.brown@...aro.org,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
rafael@...nel.org, vkoul@...nel.org
Subject: Re: [PATCH v2 3/5] soc: qcom: socinfo: Expose custom attributes
On Fri, Feb 22, 2019 at 11:51:45AM +0200, Laurent Pinchart wrote:
> Hi Greg,
>
> On Fri, Feb 22, 2019 at 08:16:16AM +0100, Greg KH wrote:
> > On Fri, Feb 22, 2019 at 12:13:59AM +0200, Laurent Pinchart wrote:
> > > On Thu, Feb 21, 2019 at 07:57:42AM -0800, Bjorn Andersson wrote:
> > > > On Thu 21 Feb 04:18 PST 2019, Laurent Pinchart wrote:
> > > > > On Wed, Feb 20, 2019 at 10:28:29AM +0530, Vaishali Thakkar wrote:
> > > > > > The Qualcomm socinfo provides a number of additional attributes,
> > > > > > add these to the socinfo driver and expose them via debugfs
> > > > > > functionality.
> > > > >
> > > > > What is the use case for these attributes ? I fear they will be used in
> > > > > production systems, and that would require debugfs in production, which
> > > > > isn't a good idea. If you need to expose those attributes for anything
> > > > > else than debugging then we need a proper API, likely sysfs-based.
> > > >
> > > > The use case of these attributes, beyond development/debugging, are
> > > > unfortunately somewhat unknown and is the reason why they where moved to
> > > > debugfs from the earlier attempts to upstream this.
> > > >
> > > > I think the production requirements at hand prohibits debugfs to be
> > > > present, so attributes that are required beyond development/debugging
> > > > purposes would have to be migrated out to sysfs - but the idea here is
> > > > that such migration would have come with the missing motivation to add
> > > > them there today.
> > >
> > > If the use case is just debug/development, would it be enough to print
> > > this information in the kernel log at boot time ? I may be a bit
> > > paranoid, but I always worry about API abuse :-(
> >
> > Putting stuff in debugfs should be fine. No system should ever rely on
> > debugfs for a properly running system as it is being disabled on almost
> > all "sane" systems (Android included). If a vendor relies on this
> > information for a properly working system, then it does not belong in
> > debugfs.
>
> There's certainly no disagreement about that, my concern is about
> vendors who will enable debugfs to access information they need just
> because it's there.
Then they run a huge risk of relying on it.
> Do I assume correctly we can "break the debugfs ABI" in mainline by
> changing the format of the information if needed ?
Yes. The only "rule" of debugfs is that there is no rule :)
Please, break it every-other release if you want, no userspace tools
_should_ be relying on it.[1]
thanks,
greg k-h
[1] Yes, I know Android currently relies on debugfs for a number of
crash-dump type of things in ion and binder, but there is active
work upstream in AOSP to remove that dependancy as no Android device
should ever have debugfs mounted on a "normal" system for the
security reasons alone.
Powered by blists - more mailing lists