From: "H. Peter Anvin" <hpa@zytor.com>
To: Dave Young <dyoung@redhat.com>
Cc: Matt Fleming <matt@console-pimps.org>,
linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
x86@kernel.org, mjg59@srcf.ucam.org,
James.Bottomley@HansenPartnership.com, vgoyal@redhat.com,
ebiederm@xmission.com, horms@verge.net.au,
kexec@lists.infradead.org, bp@alien8.de, Greg KH <greg@kroah.com>
Subject: Re: [patch 0/7 v2] kexec kernel efi runtime support
Date: Sun, 10 Nov 2013 18:21:09 -0800 [thread overview]
Message-ID: <52803F15.3080204@zytor.com> (raw)
In-Reply-To: <20131111021356.GC4407@dhcp-16-126.nay.redhat.com>
On 11/10/2013 06:13 PM, Dave Young wrote:
>
> Huang Ying <ying.huang@intel.com> created the debugfs file for boot_params.
> His first version patch tried sysfs, but sysfs is not designed for such
> binary blobs so finally it go to debugfs.
>
That is a misunderstanding. Binary blobs can exist in sysfs as long as
the blob is something that is inherently a blob. This is admittedly a
corner case, but it is without any doubt a protocol-defined binary
structure.
The reason it was put in debugfs is that there was no non-debug user for
it at the time.
> Any idea for this is welcome, till now I have no better idea for such kind
> of data. We should have another *fs instead of using debugfs.
The problem with debugfs is that things go into debugfs with largely no
auditing. As a result, mounting debugfs is very likely to mean that
your system is exploitable one way or another.
-hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
To: Dave Young <dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: Matt Fleming
<matt-HNK1S37rvNbeXh+fF434Mdi2O/JbrIOy@public.gmane.org>,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org,
Greg KH <greg-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>,
x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org,
horms-/R6kz+dDXgpPR4JQBCEnsQ@public.gmane.org,
bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
vgoyal-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org
Subject: Re: [patch 0/7 v2] kexec kernel efi runtime support
Date: Sun, 10 Nov 2013 18:21:09 -0800 [thread overview]
Message-ID: <52803F15.3080204@zytor.com> (raw)
In-Reply-To: <20131111021356.GC4407-je1gSBvt1TcFLmT5oZ11vB/sF2h8X+2i0E9HWUfgJXw@public.gmane.org>
On 11/10/2013 06:13 PM, Dave Young wrote:
>
> Huang Ying <ying.huang-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> created the debugfs file for boot_params.
> His first version patch tried sysfs, but sysfs is not designed for such
> binary blobs so finally it go to debugfs.
>
That is a misunderstanding. Binary blobs can exist in sysfs as long as
the blob is something that is inherently a blob. This is admittedly a
corner case, but it is without any doubt a protocol-defined binary
structure.
The reason it was put in debugfs is that there was no non-debug user for
it at the time.
> Any idea for this is welcome, till now I have no better idea for such kind
> of data. We should have another *fs instead of using debugfs.
The problem with debugfs is that things go into debugfs with largely no
auditing. As a result, mounting debugfs is very likely to mean that
your system is exploitable one way or another.
-hpa
WARNING: multiple messages have this Message-ID (diff)
From: "H. Peter Anvin" <hpa@zytor.com>
To: Dave Young <dyoung@redhat.com>
Cc: Matt Fleming <matt@console-pimps.org>,
linux-efi@vger.kernel.org, mjg59@srcf.ucam.org,
Greg KH <greg@kroah.com>,
x86@kernel.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org,
James.Bottomley@HansenPartnership.com, horms@verge.net.au,
bp@alien8.de, ebiederm@xmission.com, vgoyal@redhat.com
Subject: Re: [patch 0/7 v2] kexec kernel efi runtime support
Date: Sun, 10 Nov 2013 18:21:09 -0800 [thread overview]
Message-ID: <52803F15.3080204@zytor.com> (raw)
In-Reply-To: <20131111021356.GC4407@dhcp-16-126.nay.redhat.com>
On 11/10/2013 06:13 PM, Dave Young wrote:
>
> Huang Ying <ying.huang@intel.com> created the debugfs file for boot_params.
> His first version patch tried sysfs, but sysfs is not designed for such
> binary blobs so finally it go to debugfs.
>
That is a misunderstanding. Binary blobs can exist in sysfs as long as
the blob is something that is inherently a blob. This is admittedly a
corner case, but it is without any doubt a protocol-defined binary
structure.
The reason it was put in debugfs is that there was no non-debug user for
it at the time.
> Any idea for this is welcome, till now I have no better idea for such kind
> of data. We should have another *fs instead of using debugfs.
The problem with debugfs is that things go into debugfs with largely no
auditing. As a result, mounting debugfs is very likely to mean that
your system is exploitable one way or another.
-hpa
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2013-11-11 2:22 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-05 8:20 [patch 0/7 v2] kexec kernel efi runtime support dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-05 8:20 ` [patch 1/7 v2] Add function efi_remap_region for remapping to saved virt address dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-14 1:38 ` Dave Young
2013-11-14 1:38 ` Dave Young
2013-11-14 1:38 ` Dave Young
2013-11-15 23:02 ` Toshi Kani
2013-11-15 23:02 ` Toshi Kani
2013-11-15 23:02 ` Toshi Kani
2013-11-18 2:09 ` Dave Young
2013-11-18 2:09 ` Dave Young
2013-11-18 2:09 ` Dave Young
2013-11-18 9:37 ` Dave Young
2013-11-18 9:37 ` Dave Young
2013-11-18 9:37 ` Dave Young
2013-11-05 8:20 ` [patch 2/7 v2] x86 efi: reserve boot service fix dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-15 23:10 ` Toshi Kani
2013-11-15 23:10 ` Toshi Kani
2013-11-15 23:10 ` Toshi Kani
2013-11-05 8:20 ` [patch 3/7 v2] Cleanup efi_enter_virtual_mode function dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-14 1:39 ` Dave Young
2013-11-14 1:39 ` Dave Young
2013-11-14 1:39 ` Dave Young
2013-11-15 23:21 ` Toshi Kani
2013-11-15 23:21 ` Toshi Kani
2013-11-15 23:21 ` Toshi Kani
2013-11-18 2:08 ` Dave Young
2013-11-18 2:08 ` Dave Young
2013-11-18 2:08 ` Dave Young
2013-11-05 8:20 ` [patch 4/7 v2] export more efi table variable to sysfs dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-12 0:40 ` Greg KH
2013-11-12 0:40 ` Greg KH
2013-11-12 0:40 ` Greg KH
2013-11-12 8:19 ` Dave Young
2013-11-12 8:19 ` Dave Young
2013-11-12 8:19 ` Dave Young
2013-11-12 8:24 ` Dave Young
2013-11-12 8:24 ` Dave Young
2013-11-12 8:24 ` Dave Young
2013-11-12 8:31 ` Greg KH
2013-11-12 8:31 ` Greg KH
2013-11-12 8:31 ` Greg KH
2013-11-05 8:20 ` [patch 5/7 v2] export efi runtime memory mapping " dyoung
2013-11-05 8:20 ` dyoung
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-14 1:50 ` Dave Young
2013-11-14 1:50 ` Dave Young
2013-11-14 1:50 ` Dave Young
2013-11-18 2:16 ` Dave Young
2013-11-18 2:16 ` Dave Young
2013-11-18 2:16 ` Dave Young
2013-11-19 12:18 ` Matt Fleming
2013-11-19 12:18 ` Matt Fleming
2013-11-19 12:18 ` Matt Fleming
2013-11-05 8:20 ` [patch 6/7 v2] passing kexec necessary efi data via setup_data dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-14 1:52 ` Dave Young
2013-11-14 1:52 ` Dave Young
2013-11-14 1:52 ` Dave Young
2013-11-05 8:20 ` [patch 7/7 v2] x86: add xloadflags bit for efi runtime support on kexec dyoung
2013-11-05 8:20 ` dyoung
2013-11-05 8:20 ` dyoung-H+wXaHxf7aLQT0dZR+AlfA
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-13 15:50 ` Matt Fleming
2013-11-14 1:53 ` Dave Young
2013-11-14 1:53 ` Dave Young
2013-11-14 1:53 ` Dave Young
2013-11-13 16:20 ` H. Peter Anvin
2013-11-13 16:20 ` H. Peter Anvin
2013-11-13 16:20 ` H. Peter Anvin
2013-11-14 1:36 ` Dave Young
2013-11-14 1:36 ` Dave Young
2013-11-14 1:36 ` Dave Young
2013-11-05 14:40 ` [patch 0/7 v2] kexec kernel efi runtime support Borislav Petkov
2013-11-05 14:40 ` Borislav Petkov
2013-11-05 14:40 ` Borislav Petkov
2013-11-08 14:31 ` Matt Fleming
2013-11-08 14:31 ` Matt Fleming
2013-11-08 14:31 ` Matt Fleming
2013-11-09 3:57 ` Dave Young
2013-11-09 3:57 ` Dave Young
2013-11-09 3:57 ` Dave Young
2013-11-09 5:01 ` H. Peter Anvin
2013-11-09 5:01 ` H. Peter Anvin
2013-11-09 5:01 ` H. Peter Anvin
2013-11-11 2:13 ` Dave Young
2013-11-11 2:13 ` Dave Young
2013-11-11 2:13 ` Dave Young
2013-11-11 2:21 ` H. Peter Anvin [this message]
2013-11-11 2:21 ` H. Peter Anvin
2013-11-11 2:21 ` H. Peter Anvin
2013-11-11 2:47 ` Dave Young
2013-11-11 2:47 ` Dave Young
2013-11-11 2:47 ` Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52803F15.3080204@zytor.com \
--to=hpa@zytor.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=bp@alien8.de \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=greg@kroah.com \
--cc=horms@verge.net.au \
--cc=kexec@lists.infradead.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matt@console-pimps.org \
--cc=mjg59@srcf.ucam.org \
--cc=vgoyal@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.