lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230324004919.GHZBzzj1FzwEZclTCL@fat_crate.local> Date: Fri, 24 Mar 2023 01:49:19 +0100 From: Borislav Petkov <bp@...en8.de> To: kyle-meyer <kyle.meyer@....com> Cc: dimitri.sivanich@....com, steve.wahl@....com, tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, tony.luck@...el.com, qiuxu.zhuo@...el.com, yazen.ghannam@....com, linux-kernel@...r.kernel.org, linux-edac@...r.kernel.org Subject: Re: [PATCH] RAS/CEC: Move non-debug attributes out of debugfs On Thu, Mar 23, 2023 at 03:22:01PM -0500, kyle-meyer wrote: > From: Kyle Meyer <kyle.meyer@....com> > > When kernel lockdown is in effect, use of debugfs is not permitted. Move > decay_interval and action_threshold out of debugfs, from debugfs/ras/cec > to sysfs/system/devices/machinecheck/cec. All those knobs are in debugfs because we wanted to discuss the proper interface design first and only then cast them in stone. I guess that has not happened yet. What you're doing is certainly not what we had in mind so just because some lockdown policy says so, is not good enough. > diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c > index 2eec60f50057..1a3eaa501ae4 100644 > --- a/arch/x86/kernel/cpu/mce/core.c > +++ b/arch/x86/kernel/cpu/mce/core.c > @@ -2376,10 +2376,11 @@ static void mce_enable_ce(void *all) > __mcheck_cpu_init_timer(); > } > > -static struct bus_type mce_subsys = { > +struct bus_type mce_subsys = { > .name = "machinecheck", > .dev_name = "machinecheck", > }; > +EXPORT_SYMBOL_GPL(mce_subsys); Nope, this is not going to happen. Besides, that error collector is used on x86 but it is generic enough so that it can be used by other arches. So if anything, it should not be exposed in the x86's "machinecheck" hierarchy but somewhere generic. And until that proper interface has been hammered out, you can just as well disable it in your lockdown configs. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists