lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Jan 2021 16:57:34 +0100
From:   Daniel Vetter <daniel@...ll.ch>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Phillip Susi <phill@...susis.net>, Pavel Machek <pavel@....cz>,
        Randy Dunlap <rdunlap@...radead.org>,
        LKML <linux-kernel@...r.kernel.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        dri-devel <dri-devel@...ts.freedesktop.org>
Subject: Re: fbcon: remove soft scrollback code (missing Doc. patch)

On Sat, Jan 9, 2021 at 12:11 AM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Fri, Jan 8, 2021 at 11:13 AM Phillip Susi <phill@...susis.net> wrote:
> >
> > > Could we pause this madness? Scrollback is still useful. I needed it
> > > today... it was too small, so command results I was looking for
> > > already scrolled away, but... life will be really painful with 0
> > > scrollback.
> >
> > > You'll need it, too... as soon as you get oops and will want to see
> > > errors just prior to that oops.
> >
> > > If it means I get to maintain it... I'm not happy about it but that's
> > > better than no scrollback.
> >
> > Amen!  What self respecting admin installs a gui on servers?  What do we
> > have to do to get this back in?  What was so buggy with this code that
> > it needed to be removed?  Why was it such a burden to just leave it be?
>
> It really was buggy, with security implications. And we have no maintainers.
>
> So the scroll-back code can't come back until we have a maintainer and
> a cleaner and simpler implementation.
>
> And no, maintaining it really doesn't mean "just get it back to the
> old broken state".
>
> So far I haven't actually seen any patches, which means that it's not
> coming back.
>
> The good news? If you have an actual text VGA console, that should
> still work just fine.

Also on anything that is remotely modern (i.e. runs a drm kernel
modesetting driver undearneath the fbdev/fbcon stack) there's a pile
more issues on top of just the scrollback/fbcon code being a mess.
Specifically the locking is somewhere between yolo and outright
deadlocks. This holds even more so if the use case here is "I want
scrollback for an oops". There's rough sketches for how it could be
solved, but it's all very tricky work.

Also, we need testcases for this, both in-kernel unit-test style stuff
and uapi testcases. Especially the full interaction on a modern stack
between /dev/fb/0, /dev/drm/card0, vt ioctls and the console is a pure
nightmare.

Altogether this is a few years of full time hacking to get this back
into shape, and until that's happening and clearly getting somewhere
the only reasonable thing to do is to delete features in response to
syzkaller crashes.

Also adding dri-devel since defacto that's the only place where
display people hang out nowadays.
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ