lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202010071147.F6E57A32@keescook>
Date:   Wed, 7 Oct 2020 12:17:25 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Christoph Hellwig <hch@....de>
Cc:     WeiXiong Liao <gmpy.liaowx@...il.com>,
        linux-kernel@...r.kernel.org, Richard Weinberger <richard@....at>,
        linux-mtd@...ts.infradead.org
Subject: Re: use case for register_pstore_blk?

On Wed, Oct 07, 2020 at 08:42:58PM +0200, Christoph Hellwig wrote:
> The problem with the block code is that it is completely broken.

This seems like hyperbole.

> It uses on-stack structures where it can't,

Do you mean the ones in pstore_blk_init() and pstore_blk_exit()? Those
are fine -- they're what provide the "driverless" module-param loaded
"best_effort" target. Do you seem something unsafe about it?

> it pokes into internals of the block device read/write path for
> absolutely no reason,

Do you mean psblk_generic_blk_read() and psblk_generic_blk_write()?
These are for writing to the block device... I'm happy to adjust this
if you can show me the better API. (This was being developed in the
middle of the iov_iter changes, so perhaps I missed a more appropriate
way to do things.)

> and it uses name_to_dev_t which must not be used in new code.

What?

include/linux/mount.h:
extern dev_t name_to_dev_t(const char *name);

init/do_mounts.c:
/*
 *      Convert a name into device number.  We accept the following
 *      variants:
 ...
 *      If name doesn't have fall into the categories above, we return
 *      (0,0).
 *      block_class is used to check if something is a disk name. If the
 *      disk
 *      name contains slashes, the device name has them replaced with
 *      bangs.
 */
dev_t name_to_dev_t(const char *name)

There are no comments about it being deprecated.

And even I had guessed to double-check, there isn't even a hit
on lkml about it that I can easily find:
https://lore.kernel.org/lkml/?q=name_to_dev_t+%22new+code%22
https://lore.kernel.org/lkml/?q=name_to_dev_t+deprecated

Where did this happen, where was it documented, and what should be used
instead?

> Or in other words: it is a complete piece of crap full of layering
> violations that should never have been merged in that form.

Gee thanks. I obviously don't agree with you.

> It also does not happen to share code with the mtd case.

What? Yes it does: it explicitly uses the pstore/blk configuration
callback to get the details configured at boot to identify and configure
the backing device. This is specifically designed this way to avoid
repeating the mistake of having per-backing-device configuration that is
essentially only actually used by the pstore storage layer. i.e. the very
thing I'm trying to get away from in ramoops, efi-pstore, etc: storage
configuration is tied to the pstore storage layer (i.e. pstore/blk and
pstore/zone), not the specific backing device (i.e. MTD, blk, RAM, NVRAM,
EFI variables, etc).

So, yes, I think it'd be fine to drop the unused EXPORTs, and I welcome
corrections to the generic read/write routines, I very specifically do
not want to rip out having a block device as a backing device, nor do I
want to revert the configuration management to being backing device
specific.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ