| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Jul 2020 20:48:55 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Bjorn Helgaas <helgaas@...nel.org>
Cc: Rajat Jain <rajatja@...gle.com>,
David Woodhouse <dwmw2@...radead.org>,
Lu Baolu <baolu.lu@...ux.intel.com>,
Joerg Roedel <joro@...tes.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <lenb@...nel.org>, iommu@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org,
linux-acpi@...r.kernel.org, Raj Ashok <ashok.raj@...el.com>,
lalithambika.krishnakumar@...el.com,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Prashant Malani <pmalani@...gle.com>,
Benson Leung <bleung@...gle.com>,
Todd Broch <tbroch@...gle.com>,
Alex Levin <levinale@...gle.com>,
Mattias Nissler <mnissler@...gle.com>,
Rajat Jain <rajatxjain@...il.com>,
Bernie Keany <bernie.keany@...el.com>,
Aaron Durbin <adurbin@...gle.com>,
Diego Rivas <diegorivas@...gle.com>,
Duncan Laurie <dlaurie@...gle.com>,
Furquan Shaikh <furquan@...gle.com>,
Jesse Barnes <jsbarnes@...gle.com>,
Christian Kellner <christian@...lner.me>,
Alex Williamson <alex.williamson@...hat.com>, oohall@...il.com,
Saravana Kannan <saravanak@...gle.com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Arnd Bergmann <arnd@...db.de>,
Heikki Krogerus <heikki.krogerus@...ux.intel.com>
Subject: Re: [PATCH v2 2/7] PCI: Set "untrusted" flag for truly external
devices only
On Mon, Jul 06, 2020 at 11:41:26AM -0500, Bjorn Helgaas wrote:
> On Tue, Jun 30, 2020 at 09:55:54AM +0200, Greg Kroah-Hartman wrote:
> > On Mon, Jun 29, 2020 at 09:49:38PM -0700, Rajat Jain wrote:
> > > The "ExternalFacing" devices (root ports) are still internal devices that
> > > sit on the internal system fabric and thus trusted. Currently they were
> > > being marked untrusted.
> > >
> > > This patch uses the platform flag to identify the external facing devices
> > > and then use it to mark any downstream devices as "untrusted". The
> > > external-facing devices themselves are left as "trusted". This was
> > > discussed here: https://lkml.org/lkml/2020/6/10/1049
> >
> > {sigh}
> >
> > First off, please use lore.kernel.org links, we don't control lkml.org
> > and it often times has been down.
> >
> > Also, you need to put all of the information in the changelog, referring
> > to another place isn't always the best thing, considering you will be
> > looking this up in 20+ years to try to figure out why people came up
> > with such a crazy design.
> >
> > But, the main point is, no, we did not decide on this. "trust" is a
> > policy decision to make by userspace, it is independant of "location",
> > while you are tieing it directly here, which is what I explicitly said
> > NOT to do.
> >
> > So again, no, I will NAK this patch as-is, sorry, you are mixing things
> > together in a way that it should not do at this point in time.
>
> What do you see being mixed together here? I acknowledge that the
> name of "pdev->untrusted" is probably a mistake. But this patch
> doesn't change anything there. It only changes the treatment of the
> edge case of the "ExternalFacing" ports. Previously we treated them
> as being external themselves, which does seem wrong.
I don't see the patch here, and it's been a while but I think there is a
mixture of "location" and "trust" happening here with a single value
when they should be separate.
Hopefully the next round of this patch series will be better.
thanks,
greg k-h
Powered by blists - more mailing lists