Re: /drivers/char/Kconfig Bug Kernel Patch

Re: /drivers/char/Kconfig Bug Kernel Patch

[Arnd Bergmann]

On Tuesday, December 13, 2016 1:30:39 PM CET Max Bires wrote:
> While trying to turn off the port device in defconfig, I ran into a bug
> caused by the fact that the Kconfig for port didn't have a string after the
> bool declaration. I fixed this in the attached patch (though I figure the
> description might need tuning up). Let me know if there's anything else I
> need to do.

The change looks reasonable, however there are a few things to improve
to get the patch applied:

- clarify that the current behavior is not a bug, but was done intentionally.
  Making the option user-visible would help avoid a potential attack vector
  and make the kernel smaller, both of which are useful.

- remove the "Change-id" line from the submission, it has no meaning in 
  an upstream kernel

- send the patch inline rather than as an attachment, this is usually done
  with git-send-email.

	Arnd

Re: /drivers/char/Kconfig Bug Kernel Patch

[Max Bires]

On Tue, Dec 13, 2016 at 1:37 PM, Arnd Bergmann <arnd@arndb.de> wrote:
>
> On Tuesday, December 13, 2016 1:30:39 PM CET Max Bires wrote:
> > While trying to turn off the port device in defconfig, I ran into a bug
> > caused by the fact that the Kconfig for port didn't have a string after the
> > bool declaration. I fixed this in the attached patch (though I figure the
> > description might need tuning up). Let me know if there's anything else I
> > need to do.
>
> The change looks reasonable, however there are a few things to improve
> to get the patch applied:
>
> - clarify that the current behavior is not a bug, but was done intentionally.
>   Making the option user-visible would help avoid a potential attack vector
>   and make the kernel smaller, both of which are useful.
>
> - remove the "Change-id" line from the submission, it has no meaning in
>   an upstream kernel
>
> - send the patch inline rather than as an attachment, this is usually done
>   with git-send-email.
>
>         Arnd
-First and second points have been addressed; I had some trouble with
send-email, so let me know if the following isn't acceptable inlining.

>From c4a21c2ac0c587094000a3daeb13eec6056dc63f Mon Sep 17 00:00:00 2001
From: Max <jbires@google.com>
Date: Fri, 9 Dec 2016 15:16:47 -0800
Subject: [PATCH] char: lack of bool string made CONFIG_DEVPORT always on

Without a bool string present, using "# CONFIG_DEVPORT is not set" in
defconfig files would not actually unset devport. This ensured that
/dev/port was always on, but there are reasons a user may wish to disable
it (smaller kernel, attack surface reduction) if it's not being used. Adding
a message here in order to make this user visible.

Signed-off-by: Max Bires <jbires@google.com>
---
 drivers/char/Kconfig | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 7ad3127..70e626c 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -589,10 +589,13 @@ config TELCLOCK
 	  controlling the behavior of this hardware.

 config DEVPORT
-	bool
+	bool "/dev/port character device"
 	depends on !M68K
 	depends on ISA || PCI
 	default y
+  help
+    Say Y here if you want to support the /dev/port device. The
+	  /dev/port device is similar to /dev/mem, but for I/O ports.

 config DCC_TTY
 	tristate "DCC tty driver"
-- 
2.8.0.rc3.226.g39d4020

Re: /drivers/char/Kconfig Bug Kernel Patch

[Josh Triplett]

> From c4a21c2ac0c587094000a3daeb13eec6056dc63f Mon Sep 17 00:00:00 2001
> From: Max <jbires@google.com>
> Date: Fri, 9 Dec 2016 15:16:47 -0800
> Subject: [PATCH] char: lack of bool string made CONFIG_DEVPORT always on
> 
> Without a bool string present, using "# CONFIG_DEVPORT is not set" in
> defconfig files would not actually unset devport. This ensured that
> /dev/port was always on, but there are reasons a user may wish to disable
> it (smaller kernel, attack surface reduction) if it's not being used. Adding
> a message here in order to make this user visible.
> 
> Signed-off-by: Max Bires <jbires@google.com>

This patch seems reasonable to me.

>  drivers/char/Kconfig | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
> index 7ad3127..70e626c 100644
> --- a/drivers/char/Kconfig
> +++ b/drivers/char/Kconfig
> @@ -589,10 +589,13 @@ config TELCLOCK
>  	  controlling the behavior of this hardware.
> 
>  config DEVPORT
> -	bool
> +	bool "/dev/port character device"
>  	depends on !M68K
>  	depends on ISA || PCI
>  	default y
> +  help
> +    Say Y here if you want to support the /dev/port device. The
> +	  /dev/port device is similar to /dev/mem, but for I/O ports.
> 
>  config DCC_TTY
>  	tristate "DCC tty driver"
> -- 
> 2.8.0.rc3.226.g39d4020

Re: /drivers/char/Kconfig Bug Kernel Patch

[Greg KH]

On Tue, Dec 13, 2016 at 02:42:18PM -0800, Max Bires wrote:
> On Tue, Dec 13, 2016 at 1:37 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> >
> > On Tuesday, December 13, 2016 1:30:39 PM CET Max Bires wrote:
> > > While trying to turn off the port device in defconfig, I ran into a bug
> > > caused by the fact that the Kconfig for port didn't have a string after the
> > > bool declaration. I fixed this in the attached patch (though I figure the
> > > description might need tuning up). Let me know if there's anything else I
> > > need to do.
> >
> > The change looks reasonable, however there are a few things to improve
> > to get the patch applied:
> >
> > - clarify that the current behavior is not a bug, but was done intentionally.
> >   Making the option user-visible would help avoid a potential attack vector
> >   and make the kernel smaller, both of which are useful.
> >
> > - remove the "Change-id" line from the submission, it has no meaning in
> >   an upstream kernel
> >
> > - send the patch inline rather than as an attachment, this is usually done
> >   with git-send-email.
> >
> >         Arnd
> -First and second points have been addressed; I had some trouble with
> send-email, so let me know if the following isn't acceptable inlining.
> 
> >From c4a21c2ac0c587094000a3daeb13eec6056dc63f Mon Sep 17 00:00:00 2001
> From: Max <jbires@google.com>
> Date: Fri, 9 Dec 2016 15:16:47 -0800
> Subject: [PATCH] char: lack of bool string made CONFIG_DEVPORT always on
> 
> Without a bool string present, using "# CONFIG_DEVPORT is not set" in
> defconfig files would not actually unset devport. This ensured that
> /dev/port was always on, but there are reasons a user may wish to disable
> it (smaller kernel, attack surface reduction) if it's not being used. Adding
> a message here in order to make this user visible.

It's not ok, you don't see patches look like this on the mailing list,
right?  Please use git send-email to do this properly as a stand-alone
patch/email.

Also, your "From:" line doesn't match your signed-off-by line :(


> Signed-off-by: Max Bires <jbires@google.com>
> ---
>  drivers/char/Kconfig | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
> index 7ad3127..70e626c 100644
> --- a/drivers/char/Kconfig
> +++ b/drivers/char/Kconfig
> @@ -589,10 +589,13 @@ config TELCLOCK
>  	  controlling the behavior of this hardware.
> 
>  config DEVPORT
> -	bool
> +	bool "/dev/port character device"
>  	depends on !M68K
>  	depends on ISA || PCI
>  	default y
> +  help
> +    Say Y here if you want to support the /dev/port device. The

No tabs?

thanks,

greg k-h