| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Oct 2022 07:53:27 +0900 From: Damien Le Moal <damien.lemoal@...nsource.wdc.com> To: "Maciej S. Szmigiero" <mail@...iej.szmigiero.name> Cc: linux-ide@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/2] ata: allow enabling FUA support in Kconfig On 10/7/22 07:20, Damien Le Moal wrote: > On 10/6/22 22:06, Maciej S. Szmigiero wrote: >> On 6.10.2022 01:38, Damien Le Moal wrote: >>> On 9/27/22 04:51, Maciej S. Szmigiero wrote: >>>> From: "Maciej S. Szmigiero" <maciej.szmigiero@...cle.com> >>>> >>>> Currently, if one wants to make use of FUA support in libata it is >>>> necessary to provide an explicit kernel command line parameter in order to >>>> enable it (for drives that report such support). >>>> >>>> In terms of Git archaeology: FUA support was enabled by default in early >>>> libata versions but was disabled soon after. >>>> Since then there were a few attempts to enable this support by default: >>>> [1] (for NCQ drives only), [2] (for all drives). >>>> However, the second change had to be reverted after a report came of >>>> an incompatibility with the HDD in 2011 Mac Mini. >>>> >>>> Enabling FUA avoids having to emulate it by issuing an extra drive cache >>>> flush for every request that have this flag set. >>>> Since FUA support is required by the ATA/ATAPI spec for any drive that >>>> supports LBA48 and so these days should be pretty widespread let's provide >>>> an ability to enable it by default in Kconfig. >>> >>> This can be done by adding "libata.fua=1" to the CONFIG_CMDLINE option. So >>> I do not see the need to add yet another config option. >> >> A specific Kconfig option is more structured than a free-form >> CONFIG_CMDLINE (which is also technically a per-arch option, but seems >> to be widely supported across arches). >> >> That's why there is a lot (100+) of similar Kconfig default-changing >> options, a quick sample of these (in no particular order): >> SOUND_OSS_CORE_PRECLAIM, SND_INTEL_BYT_PREFER_SOF, LSM, >> SECURITY_SELINUX_CHECKREQPROT_VALUE, SECURITY_LOADPIN_ENFORCE, >> SECURITY_APPARMOR_DEBUG_MESSAGES, IP_VS_TAB_BITS, IP_SET_MAX, >> MAC80211_HAS_RC, SLUB_DEBUG_ON, KFENCE_SAMPLE_INTERVAL, PRINTK_TIME, >> DEBUG_OBJECTS_ENABLE_DEFAULT, RCU_NOCB_CPU_DEFAULT_ALL, ... >> >> libata currently has only one similar option: SATA_MOBILE_LPM_POLICY, >> so it's not like a person performing kernel configuration is >> overloaded with questions here. >> >> But at the same time, I respect your decision as a maintainer of >> this code. > > I am not dead set on pushing back on this, but as usual, whenever we can > avoid adding config options, we should. Given that libata has had fua > disabled forever, I am not convinced yet that there is a strong need for > that new option. But if distros prefer the config option approach, we can > make that happen. > > If anything, I would be tempted to switch fua support to on by default > after some time if we do not get many reports of broken drives. You did > mention that old mac minis drives did not like it, but these are not even > blacklisted in libata-scsi. They should. Only one model of maxtor drives > is. We should add an ATA_HORKAGE_NO_FUA flag and start a proper blacklist > of drives not liking fua. Without that in place, switching to on by > default as your config option allows could break many (old) systems. To be extra clear, I think that this fua module parameter is silly. If a drive says it supports fua, we should use it and not have a global parameter to disable it for all drives. So no config option needed for it. That is also why I am not keen on taking that config option. It is not really improving anything at all and would prefer nuking the fua module argument and have a proper blacklisting of buggy drives. But such a change is painful as we'll be able to update the blacklist with users getting corrupted FSes on buggy drives. The time may have come to do this change though as the number of buggy drives out there is hopefully small enough now. > > >> >>> >>> Patch 1 looks good. I will queue it up once rc1 is out. >> >> Thanks, >> Maciej >> >> > -- Damien Le Moal Western Digital Research
Powered by blists - more mailing lists