| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Sep 2020 17:27:45 +0000
From: rishabhb@...eaurora.org
To: Mathieu Poirier <mathieu.poirier@...aro.org>
Cc: Bjorn Andersson <bjorn.andersson@...aro.org>,
linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org,
tsoni@...eaurora.org, psodagud@...eaurora.org,
sidgup@...eaurora.org, linux-remoteproc-owner@...r.kernel.org
Subject: Re: [PATCH v2 0/3] Expose recovery/coredump configuration from sysfs
On 2020-09-04 15:02, Mathieu Poirier wrote:
> On Thu, Sep 03, 2020 at 06:59:44PM -0500, Bjorn Andersson wrote:
>> On Tue 01 Sep 17:05 CDT 2020, Mathieu Poirier wrote:
>>
>> > Hi Rishabh,
>> >
>> > On Thu, Aug 27, 2020 at 12:48:48PM -0700, Rishabh Bhatnagar wrote:
>> > > From Android R onwards Google has restricted access to debugfs in user
>> > > and user-debug builds. This restricts access to most of the features
>> > > exposed through debugfs. This patch series adds a configurable option
>> > > to move the recovery/coredump interfaces to sysfs. If the feature
>> > > flag is selected it would move these interfaces to sysfs and remove
>> > > the equivalent debugfs interface.
>> >
>> > What I meant wast to move the coredump entry from debugfs to sysfs and from
>> > there make it available to user space using a kernel config.
>>
>> Why would we not always make this available in sysfs?
>
> At this time the options are in debugfs and vendors can decide to make
> that
> available on products if they want to. The idea behind using a kernel
> configuration once moved to sysfs was to give the same kind of options.
>
>>
>> > But thinking further on this it may be better to simply provide an API
>> > to set the coredump mode from the platform driver, the same way
>> > rproc_coredump_set_elf_info() works.
>>
>> Being able to invoke these from the platform drivers sounds like a new
>> feature. What would trigger the platform drivers to call this? Or are
>> you perhaps asking for the means of the drivers to be able to select
>> the
>> default mode?
>
> My ultimate goal is to avoid needlessly stuffing things in sysfs. My
> hope in
> suggesting a new API was that platform drivers could recognise the kind
> of
> build/environment they operate in and setup the coredump mode
> accordingly. That
> would have allowed us to leave debugfs options alone.
>
>>
>> Regarding the default mode, I think it would make sense to make the
>> default "disabled", because this is the most sensible configuration in
>> a
>> "production" environment. And the sysfs means we have a convenient
>> mechanism to configure it, even on production environments.
>>
>
> I am weary of changing something that hasn't been requested.
>
>> > That will prevent breaking a fair amount of user space code...
>> >
>>
>> We typically don't guarantee that the debugfs interfaces are stable
>> and
>> if I understand the beginning of you reply you still want to move it
>> from debugfs to sysfs - which I presume would break such scripts in
>> the
>> first place?
>
> Correct - I am sure that moving coredump and recovery options to sysfs
> will
> break user space scripts. Even if debugfs is not part of the ABI it
> would be
> nice to avoid disrupting people as much as possible.
>
>>
>>
>> I would prefer to see that we don't introduce config options for every
>> little thing, unless there's good reason for it.
>
> I totally agree. It is with great reluctance that I asked Rishab to
> proceed
> the way he did in V3. His usecase makes sense... On the flip side this
> is
> pushed down on the kernel community and I really like Christoph's
> position about
> fixing Android and leaving the kernel alone.
>
Well, removing debugfs is conscious decision taken by android due to
security
concerns and there is not we can fix there.
Would it be a terrible idea to have recovery and coredump exposed from
both
sysfs and debugfs instead of choosing one and breaking userspace code?
>>
>> Regards,
>> Bjorn
>>
>> > Let me know if that can work for you.
>> >
>> > Thanks,
>> > Mathieu
>> >
>> > > 'Coredump' and 'Recovery' are critical
>> > > interfaces that are required for remoteproc to work on Qualcomm Chipsets.
>> > > Coredump configuration needs to be set to "inline" in debug/test build
>> > > and "disabled" in production builds. Whereas recovery needs to be
>> > > "disabled" for debugging purposes and "enabled" on production builds.
>> > >
>> > > Changelog:
>> > >
>> > > v1 -> v2:
>> > > - Correct the contact name in the sysfs documentation.
>> > > - Remove the redundant write documentation for coredump/recovery sysfs
>> > > - Add a feature flag to make this interface switch configurable.
>> > >
>> > > Rishabh Bhatnagar (3):
>> > > remoteproc: Expose remoteproc configuration through sysfs
>> > > remoteproc: Add coredump configuration to sysfs
>> > > remoteproc: Add recovery configuration to sysfs
>> > >
>> > > Documentation/ABI/testing/sysfs-class-remoteproc | 44 ++++++++
>> > > drivers/remoteproc/Kconfig | 12 +++
>> > > drivers/remoteproc/remoteproc_debugfs.c | 10 +-
>> > > drivers/remoteproc/remoteproc_sysfs.c | 126 +++++++++++++++++++++++
>> > > 4 files changed, 190 insertions(+), 2 deletions(-)
>> > >
>> > > --
>> > > The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
>> > > a Linux Foundation Collaborative Project
>> > >
Powered by blists - more mailing lists