lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20200910174611.GC579940@xps15>
Date:   Thu, 10 Sep 2020 11:46:11 -0600
From:   Mathieu Poirier <mathieu.poirier@...aro.org>
To:     rishabhb@...eaurora.org
Cc:     Bjorn Andersson <bjorn.andersson@...aro.org>,
        linux-remoteproc@...r.kernel.org, linux-kernel@...r.kernel.org,
        tsoni@...eaurora.org, psodagud@...eaurora.org,
        sidgup@...eaurora.org, linux-remoteproc-owner@...r.kernel.org,
        arnaud.pouliquen@...com
Subject: Re: [PATCH v2 0/3] Expose recovery/coredump configuration from sysfs

On Wed, Sep 09, 2020 at 05:27:46PM +0000, rishabhb@...eaurora.org wrote:
> On 2020-09-04 15:02, Mathieu Poirier wrote:
> > On Thu, Sep 03, 2020 at 06:59:44PM -0500, Bjorn Andersson wrote:
> > > On Tue 01 Sep 17:05 CDT 2020, Mathieu Poirier wrote:
> > > 
> > > > Hi Rishabh,
> > > >
> > > > On Thu, Aug 27, 2020 at 12:48:48PM -0700, Rishabh Bhatnagar wrote:
> > > > > From Android R onwards Google has restricted access to debugfs in user
> > > > > and user-debug builds. This restricts access to most of the features
> > > > > exposed through debugfs. This patch series adds a configurable option
> > > > > to move the recovery/coredump interfaces to sysfs. If the feature
> > > > > flag is selected it would move these interfaces to sysfs and remove
> > > > > the equivalent debugfs interface.
> > > >
> > > > What I meant wast to move the coredump entry from debugfs to sysfs and from
> > > > there make it available to user space using a kernel config.
> > > 
> > > Why would we not always make this available in sysfs?
> > 
> > At this time the options are in debugfs and vendors can decide to make
> > that
> > available on products if they want to.  The idea behind using a kernel
> > configuration once moved to sysfs was to give the same kind of options.
> > 
> > > 
> > > > But thinking further on this it may be better to simply provide an API
> > > > to set the coredump mode from the platform driver, the same way
> > > > rproc_coredump_set_elf_info() works.
> > > 
> > > Being able to invoke these from the platform drivers sounds like a new
> > > feature. What would trigger the platform drivers to call this? Or are
> > > you perhaps asking for the means of the drivers to be able to select
> > > the
> > > default mode?
> > 
> > My ultimate goal is to avoid needlessly stuffing things in sysfs.  My
> > hope in
> > suggesting a new API was that platform drivers could recognise the kind
> > of
> > build/environment they operate in and setup the coredump mode
> > accordingly.  That
> > would have allowed us to leave debugfs options alone.
> > 
> > > 
> > > Regarding the default mode, I think it would make sense to make the
> > > default "disabled", because this is the most sensible configuration
> > > in a
> > > "production" environment. And the sysfs means we have a convenient
> > > mechanism to configure it, even on production environments.
> > > 
> > 
> > I am weary of changing something that hasn't been requested.
> > 
> > > > That will prevent breaking a fair amount of user space code...
> > > >
> > > 
> > > We typically don't guarantee that the debugfs interfaces are stable
> > > and
> > > if I understand the beginning of you reply you still want to move it
> > > from debugfs to sysfs - which I presume would break such scripts in
> > > the
> > > first place?
> > 
> > Correct - I am sure that moving coredump and recovery options to sysfs
> > will
> > break user space scripts.  Even if debugfs is not part of the ABI it
> > would be
> > nice to avoid disrupting people as much as possible.
> > 
> > > 
> > > 
> > > I would prefer to see that we don't introduce config options for every
> > > little thing, unless there's good reason for it.
> > 
> > I totally agree.  It is with great reluctance that I asked Rishab to
> > proceed
> > the way he did in V3.  His usecase makes sense... On the flip side this
> > is
> > pushed down on the kernel community and I really like Christoph's
> > position about
> > fixing Android and leaving the kernel alone.
> > 
> Well, removing debugfs is conscious decision taken by android due to
> security
> concerns and there is not we can fix there.
> Would it be a terrible idea to have recovery and coredump exposed from both
> sysfs and debugfs instead of choosing one and breaking userspace code?

Yes, two interfaces to do the same thing is not acceptable.

That being said Arnaud Pouliquen had the excellent idea of using the newly added
remoteproc character device.   

> > > 
> > > Regards,
> > > Bjorn
> > > 
> > > > Let me know if that can work for you.
> > > >
> > > > Thanks,
> > > > Mathieu
> > > >
> > > > > 'Coredump' and 'Recovery' are critical
> > > > > interfaces that are required for remoteproc to work on Qualcomm Chipsets.
> > > > > Coredump configuration needs to be set to "inline" in debug/test build
> > > > > and "disabled" in production builds. Whereas recovery needs to be
> > > > > "disabled" for debugging purposes and "enabled" on production builds.
> > > > >
> > > > > Changelog:
> > > > >
> > > > > v1 -> v2:
> > > > > - Correct the contact name in the sysfs documentation.
> > > > > - Remove the redundant write documentation for coredump/recovery sysfs
> > > > > - Add a feature flag to make this interface switch configurable.
> > > > >
> > > > > Rishabh Bhatnagar (3):
> > > > >   remoteproc: Expose remoteproc configuration through sysfs
> > > > >   remoteproc: Add coredump configuration to sysfs
> > > > >   remoteproc: Add recovery configuration to sysfs
> > > > >
> > > > >  Documentation/ABI/testing/sysfs-class-remoteproc |  44 ++++++++
> > > > >  drivers/remoteproc/Kconfig                       |  12 +++
> > > > >  drivers/remoteproc/remoteproc_debugfs.c          |  10 +-
> > > > >  drivers/remoteproc/remoteproc_sysfs.c            | 126 +++++++++++++++++++++++
> > > > >  4 files changed, 190 insertions(+), 2 deletions(-)
> > > > >
> > > > > --
> > > > > The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> > > > > a Linux Foundation Collaborative Project
> > > > >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ