lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 9 Jun 2020 12:47:27 +0200
From:   Alexander Graf <graf@...zon.de>
To:     Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Greg KH <gregkh@...uxfoundation.org>
CC:     Andra Paraschiv <andraprs@...zon.com>,
        <linux-kernel@...r.kernel.org>,
        Anthony Liguori <aliguori@...zon.com>,
        Colm MacCarthaigh <colmmacc@...zon.com>,
        Bjoern Doebel <doebel@...zon.de>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Frank van der Linden <fllinden@...zon.com>,
        "Martin Pohlack" <mpohlack@...zon.de>,
        Matt Wilson <msw@...zon.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Balbir Singh <sblbir@...zon.com>,
        Stefano Garzarella <sgarzare@...hat.com>,
        Stefan Hajnoczi <stefanha@...hat.com>,
        Stewart Smith <trawets@...zon.com>,
        Uwe Dannowski <uwed@...zon.de>, <kvm@...r.kernel.org>,
        <ne-devel-upstream@...zon.com>
Subject: Re: [PATCH v3 07/18] nitro_enclaves: Init misc device providing the
 ioctl interface



On 01.06.20 05:04, Benjamin Herrenschmidt wrote:
> 
> 
> On Thu, 2020-05-28 at 15:12 +0200, Greg KH wrote:
>> So at runtime, after all is booted and up and going, you just ripped
>> cores out from under someone's feet?  :)
>>
>> And the code really handles writing to that value while the module is
>> already loaded and up and running?  At a quick glance, it didn't seem
>> like it would handle that very well as it only is checked at ne_init()
>> time.
>>
>> Or am I missing something?
>>
>> Anyway, yes, if you can dynamically do this at runtime, that's great,
>> but it feels ackward to me to rely on one configuration thing as a
>> module parameter, and everything else through the ioctl interface.
>> Unification would seem to be a good thing, right?
> 
> I personally still prefer a sysfs file :) I really don't like module
> parameters as a way to do such things.

I think we're going in circles :).

A module parameter initialized with module_param_cb gives us a sysfs 
file that can also have a default parameter set through easily available 
tooling.

The ioctl has two downsides:

   1) It relies on an external application
   2) The permission check would be strictly limited to CAP_ADMIN, sysfs 
files can have different permissions

So I fail to see how a module parameter is *not* giving both of you and 
me what we want? Of course only if it implements the callback. It was 
missing that and apologize for that oversight.


Alex



Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ