| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 May 2020 12:41:27 +0000
From: "Enderborg, Peter" <Peter.Enderborg@...y.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"Rafael J . Wysocki" <rafael@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] debugfs: Add mount restriction option
On 5/28/20 2:23 PM, Greg Kroah-Hartman wrote:
> On Thu, May 28, 2020 at 12:04:32PM +0000, Enderborg, Peter wrote:
>> On 5/28/20 11:27 AM, Greg Kroah-Hartman wrote:
>>> On Thu, May 28, 2020 at 08:39:02AM +0000, Enderborg, Peter wrote:
>>>> On 5/28/20 10:27 AM, Greg Kroah-Hartman wrote:
>>>>> On Thu, May 28, 2020 at 10:00:31AM +0200, Peter Enderborg wrote:
>>>>>> Since debugfs include sensitive information it need to be treated
>>>>>> carefully. But it also has many very useful debug functions for userspace.
>>>>>> With this option we can have same configuration for system with
>>>>>> need of debugfs and a way to turn it off. It is needed new
>>>>>> kernel command line parameter to be activated.
>>>>> By "configuration" do you mean "kernel configuration"? What is wrong
>>>>> with relying on the build option like we do today?
>>>>>
>>>>> You might want to reword all of this to make more sense about the
>>>>> "problem" you are trying to solve here, as I don't really understand it,
>>>>> sorry.
>>>>>
>>>>>
>>>>>> Signed-off-by: Peter Enderborg <peter.enderborg@...y.com>
>>>>>> ---
>>>>>> fs/debugfs/inode.c | 17 ++++++++++++++++-
>>>>>> lib/Kconfig.debug | 10 ++++++++++
>>>>>> 2 files changed, 26 insertions(+), 1 deletion(-)
>>>>> No documentation update? That's not good :(
>>>>>
>>>>>
>>>>>> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
>>>>>> index b7f2e971ecbc..bde37dab77e0 100644
>>>>>> --- a/fs/debugfs/inode.c
>>>>>> +++ b/fs/debugfs/inode.c
>>>>>> @@ -786,10 +786,25 @@ bool debugfs_initialized(void)
>>>>>> }
>>>>>> EXPORT_SYMBOL_GPL(debugfs_initialized);
>>>>>>
>>>>>> +static int allow_debugfs;
>>>>>> +
>>>>>> +static int __init debugfs_kernel(char *str)
>>>>>> +{
>>>>>> + if (str && !strcmp(str, "true"))
>>>>>> + allow_debugfs = true;
>>>>>> +
>>>>>> + return 0;
>>>>>> +
>>>>>> +}
>>>>>> +early_param("debugfs", debugfs_kernel);
>>>>>> +
>>>>>> static int __init debugfs_init(void)
>>>>>> {
>>>>>> int retval;
>>>>>> -
>>>>>> +#ifdef CONFIG_DEBUG_FS_MOUNT_RESTRICTED
>>>>>> + if (!allow_debugfs)
>>>>>> + return -EPERM;
>>>>>> +#endif
>>>>> But you are not restricting the ability to mount it here, you are
>>>>> removing the ability for it to even start up at all. What does this
>>>>> break for code that thinks the filesystem is registered (i.e. the call
>>>>> to simple_pin_fs() in start_creating() in fs/debugfs/inode.c?
>>>>>
>>>> If it does, the lines below is also cause the same problem.
>>> In a working system, errors in the lines below will never happen :)
>> I think it is not unreasonable to expect that debug functionality are robust enough to handle
>> system where not everything is working smoothly.
> I do not disagree, but have you tested this to ensure that your kernel
> still works when you disable debugfs in this manner?
So far only tested on fedora f32 (x86_64) and older arm64 systems.
So far only zswap that prints out that "debugfs initialization failed" and it still works fine.
> If so, great! Just trying to point out a potential problem...
Will do new patchset, im waiting a bit longer to see if there some other comments first.
> thanks,
>
> greg k-h
Powered by blists - more mailing lists