lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 25 Mar 2019 19:59:30 -0600
From:   shuah <shuah@...nel.org>
To:     Brian Norris <briannorris@...omium.org>
Cc:     David Valleau <valleau@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux USB Mailing List <linux-usb@...r.kernel.org>,
        Michael Grzeschik <m.grzeschik@...gutronix.de>,
        Valentina Manea <valentina.manea.m@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Sasha Levin <alexander.levin@...rosoft.com>,
        shuah <shuah@...nel.org>
Subject: Re: [PATCH] tools: usb: usbip: adding support for older kernel
 versions

On 3/25/19 7:29 PM, Brian Norris wrote:
> Hi Shuah,
> 
> On Mon, Mar 25, 2019 at 5:04 PM shuah <shuah@...nel.org> wrote:
>> Agreed. Let's move forward with the assumption that this won't happen
>> in the future.
> 

I would amend that to say, unless absolutely necessary. The user
exported information is stable after fixing the kernel address
pointer leaks. If something pops up that requires changes, I will
have to make a call on that.

> Great! Are you going to propose a Documentation/ABI/ patch to help
> with that? e.g., Documentation/ABI/testing/sysfs-platform-vhci-hcd?
> I'm frankly not that familiar with usbip (I'm just trying to help
> David out) and might not be the best person for describing the details
> exposed here.
> 

ABI will need to documented at some point. :) This driver moved from
staging to mainline around 3.18 time frame. So what you are seeing is
adaption and enhancements. Some background on this driver might help
understand some of the growing pains. :) This is one of the reasons,
I strongly recommend not using old tool on new kernels and make sure
you are on the latest stable releases. For more details on the nature
if security fixes:

https://events.linuxfoundation.org/wp-content/uploads/2017/11/One-Small-Step-to-Harden-USB-Over-IP-on-Linux-Shuah-Khan-Samsung-OSG.pdf

> And are you planning to try something else to maintain compatibility
> pre-[1]? I'm not saying you have to, but you mentioned it and I'd like
> to know if we're doing any duplicate work.
> 

1. I plan to fix the tool to make it run on older kernels (pre-USB 3.0).
2. I don't plan to support old tool running on new kernels. It doesn't
make sense considering the security fixes. You can use the latest on
older kernels (pre-USB 3.0).
3. I am going to assume you are *using* the latest stable kernels that
have the security fixes.

thanks,
-- Shuah

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ