linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: "John Stultz" <john.stultz@linaro.org>,
	lkml <linux-kernel@vger.kernel.org>,
	devel@driverdev.osuosl.org,
	"Linux API" <linux-api@vger.kernel.org>,
	"Santosh Shilimkar" <santosh.shilimkar@ti.com>,
	"Arve Hjønnevåg" <arve@android.com>,
	"Sumit Semwal" <sumit.semwal@linaro.org>,
	"Rebecca Schultz Zavin" <rebecca@android.com>,
	"Christoffer Dall" <christoffer.dall@linaro.org>,
	"Anup Patel" <anup.patel@linaro.org>
Subject: Re: [PATCH] staging: android: binder: move to the "real" part of the kernel
Date: Mon, 20 Oct 2014 06:01:13 +0800	[thread overview]
Message-ID: <20141019220113.GA3780@kroah.com> (raw)
In-Reply-To: <20141018223630.497988fa@alan.etchedpixels.co.uk>

On Sat, Oct 18, 2014 at 10:36:30PM +0100, One Thousand Gnomes wrote:
> > Do we really need someone to do more work that has been done on it in
> > the past as an official "maintainer"?  I'll be glad to do it, as I doubt
> > it will require any time at all.
> 
> Well every time in the past that Al Viro looked in its direction he broke
> it so probably. Someone is going to have to clean up or fix the fact it
> pokes around in the depths of the low level fd I/O code and calls stuff
> like __fd_install and __alloc_fd directly, or mend it if it breaks.

As it is, it is ok, but bad things happen if you allow more than one
process to open the device node.  In android systems, that doesn't
happen, so all should be acceptable.

> I'm curious what Al Viro thinks of it

His last comments were along the lines of "don't let anything open that
device node other than libbinder".

> > > Currently in the android space no one but libbinder should use the
> > > kernel interface.
> > 
> > That is correct.  If you do that, you deserve all of the pain and
> > suffering and rooted machines you will get.
> 
> So what is the Android side model for its security. That probably also
> should be described so nobody goes off and uses it for something like
> systemd because "it looked neat".

The side model is "one owner that knows what they are doing as they have
root privileges".  I don't know a way to codify that, and we all know no
one reads documentation...

> > But all of the changes will be in new code.  Be it kdbus, or something
> > else if that doesn't work out.  This existing binder.c file will not be
> > changing at all.  This existing ABI, and codebase, is something that we
> > have to maintain forever for those millions of devices out there in the
> > real world today. 
> 
> 95% of those devices are locked down, most of them have non replaceable
> batteries that will dead and irreplacable (sanely anyway) in 3-5 years.
> "Forever" in the phone world is mercifully rather short.

I still see brand new devices with 2 year old Android userspace being
shipped today.  With a total mis-mash of random kernel versions,
depending on what the SoC supported.  If we can delete this in 2-5
years, I would be really happy.

thanks,

greg k-h

  reply	other threads:[~2014-10-19 22:02 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-16 12:47 [PATCH] staging: android: binder: move to the "real" part of the kernel Greg Kroah-Hartman
2014-10-16 14:18 ` Michael Kerrisk (man-pages)
2014-10-16 23:14   ` Greg Kroah-Hartman
2014-10-20 12:45     ` Dan Carpenter
2014-10-21 10:01     ` Pavel Machek
2014-10-16 17:09 ` John Stultz
2014-10-16 23:12   ` Greg Kroah-Hartman
2014-10-17  3:25     ` John Stultz
2014-10-17  8:01       ` Greg Kroah-Hartman
2014-10-18 21:36     ` One Thousand Gnomes
2014-10-19 22:01       ` Greg Kroah-Hartman [this message]
2014-10-21 10:36     ` Pavel Machek
2014-10-21 14:12       ` Arnd Bergmann
2014-10-21 20:05         ` Pavel Machek
2014-10-17  9:26 ` Dan Carpenter
2014-10-19 22:05   ` Greg Kroah-Hartman
2014-10-20  9:20     ` Dan Carpenter
2014-10-20 23:32       ` Arve Hjønnevåg
2014-10-22  3:10         ` Rom Lemarchand
2014-10-22  3:16           ` Joe Perches
2014-10-24  5:00           ` Dan Carpenter
2014-10-17  9:43 ` Christoph Hellwig
2014-10-19 22:04   ` Greg Kroah-Hartman
2014-10-21 10:46     ` Christoph Hellwig
2014-10-20 17:06 ` Arnd Bergmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20141019220113.GA3780@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=anup.patel@linaro.org \
    --cc=arve@android.com \
    --cc=christoffer.dall@linaro.org \
    --cc=devel@driverdev.osuosl.org \
    --cc=gnomes@lxorguk.ukuu.org.uk \
    --cc=john.stultz@linaro.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rebecca@android.com \
    --cc=santosh.shilimkar@ti.com \
    --cc=sumit.semwal@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).