lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202006091312.F91BB4E0CE@keescook>
Date:   Tue, 9 Jun 2020 13:29:42 -0700
From:   Kees Cook <keescook@...omium.org>
To:     David Miller <davem@...emloft.net>
Cc:     stephen@...workplumber.org, o.rempel@...gutronix.de,
        andrew@...n.ch, f.fainelli@...il.com, hkallweit1@...il.com,
        kuba@...nel.org, corbet@....net, mkubecek@...e.cz,
        linville@...driver.com, david@...tonic.nl, kernel@...gutronix.de,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        linux@...linux.org.uk, mkl@...gutronix.de, marex@...x.de,
        christian.herber@....com, amitc@...lanox.com, petrm@...lanox.com
Subject: Re: [PATCH ethtool v1] netlink: add master/slave configuration
 support

On Tue, Jun 09, 2020 at 01:05:17PM -0700, David Miller wrote:
> From: Kees Cook <keescook@...omium.org>
> Date: Tue, 9 Jun 2020 12:49:48 -0700
> 
> > Okay, for now, how about:
> > 
> > - If we're dealing with an existing spec, match the language.
> 
> Yes.
> 
> > - If we're dealing with a new spec, ask the authors to fix their language.
> 
> Please be more specific about "new", if it's a passed and ratified standard
> then to me it is "existing".

Sure. But many kernel devs are also interacting with specifications as
they're being developed. We can have an eye out for this when we're in
such positions.

> > - If a new version of a spec has updated its language, adjust the kernel's.
> 
> Unless you're willing to break UAPI, which I'm not, I don't see how this is
> tenable.

We'll get there when we get there. I honestly don't think any old spec is
actually going to change their language; I look forward to being proven
wrong. But many times there is no UAPI. If it's some register states
between driver and hardware, no users sees or cares what the register
is named.

> > - If we're doing with something "internal" to the kernel (including UAPI),
> >   stop adding new instances.
> 
> Even if it is part of supporting a technology where the standard uses
> those terms?  So we'll use inconsitent terms internally?

What? I mean "internal" in the sense of "does not have an external
dependency". Maybe I should say "independent"?

> This is why I'm saying, just make sure new specs use language that is
> less controversial.  Then we just use what the specs use.
> 
> Then you don't have to figure out what to do about established UAPIs
> and such, it's a non-issue.

Yes, but there are places where people use these terms where they are
NOT part of specs, and usually there is actually _better_ terminology
to be used, and we can easily stop adding those. And we can start to
rename old "independent" cases too.

For example, if MS_SLAVE were being added now, we would rename it.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ