lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 01 Jan 2021 13:47:38 -0800
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        linux-scsi <linux-scsi@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] SCSI fixes for 5.11-rc1

On Fri, 2021-01-01 at 13:21 -0800, Linus Torvalds wrote:
> On Fri, Jan 1, 2021 at 12:19 PM James Bottomley
> <James.Bottomley@...senpartnership.com> wrote:
> > Originally this change was slated for the merge window but a late
> > arriving build problem with CONFIG_PM=n derailed that.
> 
> So I've pulled this,

Thanks!

>  but we need to have a policy for reverting this
> quickly if it turns out to cause problems.

Sure, we'd have to revert the six patches plus the dependent PM fix.

> I'm not worried about any remaining build issues - but I'm simply
> worried about some missed case where code depended on the block layer
> passing commands through even while suspended.
> 
> The block bits would seem affect non-SCSI stuff too, how extensively
> have any random odd special case been tested?

The block bits have been in -next since 7 December, so it has had some
testing.  That said, REQ_PREEMPT doesn't affect much outside of SCSI
and IDE because we're where the original concept of at head insertion
for "special" error handling commands like request sense came from.

I'd expect the biggest field of potential problems to be in USB which
does both block/SCSI and PM.  That should have been well tested by the
PM people (as far as they can, as you know there are tons of non spec
devices out there in the space).

> So I'm not so much with you on the "the scary case is the spi domain
> validation case".  I'm more about "what about all the other random
> cases for random special drivers"

I picked on that because it's the least likely to get any testing for a
while.  However, you're right, there are other potential problem
consumers but hopefully any problem (if there is one) with the rest
will show up quickly.

James


Powered by blists - more mailing lists