| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200706164126.GA124329@bjorn-Precision-5520>
Date: Mon, 6 Jul 2020 11:41:26 -0500
From: Bjorn Helgaas <helgaas@...nel.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Rajat Jain <rajatja@...gle.com>,
David Woodhouse <dwmw2@...radead.org>,
Lu Baolu <baolu.lu@...ux.intel.com>,
Joerg Roedel <joro@...tes.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <lenb@...nel.org>, iommu@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org,
linux-acpi@...r.kernel.org, Raj Ashok <ashok.raj@...el.com>,
lalithambika.krishnakumar@...el.com,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Prashant Malani <pmalani@...gle.com>,
Benson Leung <bleung@...gle.com>,
Todd Broch <tbroch@...gle.com>,
Alex Levin <levinale@...gle.com>,
Mattias Nissler <mnissler@...gle.com>,
Rajat Jain <rajatxjain@...il.com>,
Bernie Keany <bernie.keany@...el.com>,
Aaron Durbin <adurbin@...gle.com>,
Diego Rivas <diegorivas@...gle.com>,
Duncan Laurie <dlaurie@...gle.com>,
Furquan Shaikh <furquan@...gle.com>,
Jesse Barnes <jsbarnes@...gle.com>,
Christian Kellner <christian@...lner.me>,
Alex Williamson <alex.williamson@...hat.com>, oohall@...il.com,
Saravana Kannan <saravanak@...gle.com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Arnd Bergmann <arnd@...db.de>,
Heikki Krogerus <heikki.krogerus@...ux.intel.com>
Subject: Re: [PATCH v2 2/7] PCI: Set "untrusted" flag for truly external
devices only
On Tue, Jun 30, 2020 at 09:55:54AM +0200, Greg Kroah-Hartman wrote:
> On Mon, Jun 29, 2020 at 09:49:38PM -0700, Rajat Jain wrote:
> > The "ExternalFacing" devices (root ports) are still internal devices that
> > sit on the internal system fabric and thus trusted. Currently they were
> > being marked untrusted.
> >
> > This patch uses the platform flag to identify the external facing devices
> > and then use it to mark any downstream devices as "untrusted". The
> > external-facing devices themselves are left as "trusted". This was
> > discussed here: https://lkml.org/lkml/2020/6/10/1049
>
> {sigh}
>
> First off, please use lore.kernel.org links, we don't control lkml.org
> and it often times has been down.
>
> Also, you need to put all of the information in the changelog, referring
> to another place isn't always the best thing, considering you will be
> looking this up in 20+ years to try to figure out why people came up
> with such a crazy design.
>
> But, the main point is, no, we did not decide on this. "trust" is a
> policy decision to make by userspace, it is independant of "location",
> while you are tieing it directly here, which is what I explicitly said
> NOT to do.
>
> So again, no, I will NAK this patch as-is, sorry, you are mixing things
> together in a way that it should not do at this point in time.
What do you see being mixed together here? I acknowledge that the
name of "pdev->untrusted" is probably a mistake. But this patch
doesn't change anything there. It only changes the treatment of the
edge case of the "ExternalFacing" ports. Previously we treated them
as being external themselves, which does seem wrong.
Powered by blists - more mailing lists