From: Dave Jones <davej@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Al Viro <viro@zeniv.linux.org.uk>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [RFC][PATCHES] iov_iter.c rewrite
Date: Mon, 8 Dec 2014 17:31:11 -0500 [thread overview]
Message-ID: <20141208223111.GA17949@redhat.com> (raw)
In-Reply-To: <CA+55aFz26Xvfs4iePpGgJotw+uwFCKduGqyM57adgfGepQYp_w@mail.gmail.com>
On Mon, Dec 08, 2014 at 02:23:06PM -0800, Linus Torvalds wrote:
> On Mon, Dec 8, 2014 at 2:14 PM, Theodore Ts'o <tytso@mit.edu> wrote:
> >
> > running trinity as root should be quite safe in a VM. :-)
>
> It's not so much the safety that I'd worry about, it's the "you can
> legitimately just reboot it or cause kernel corruption as root". You
> may not cause any problems outside of the VM, but any oopses inside
> the VM might be due to trinity just doing bad things as root, rather
> than kernel bugs..
>
> Of course, it's probably hard to hit things like laoding random
> modules etc, since even without signature requirements there are tons
> of ELF sanity checks and other things. So it might be hard to actually
> do those kinds of "corrupt kernel memory as root" things with trinity.
It also goes out of its way to avoid doing obviously stupid things,
like using /dev/mem as an fd, plus a whole bunch of similar sysfs/procfs
knobs. There are still likely a whole bunch of similar things that
might have horrible effects too. It's been on my todo for a while to
revisit that particular case and blacklist a bunch of other things.
And then there's obviously "don't do this syscall, ever" or "with these
args" type things, which could use expanding.. It's a big effort tbh.
I'm amazed that Sasha, Kirill and everyone else running it as root in
vm's aren't buried alive in false-positives.
Dave
next prev parent reply other threads:[~2014-12-08 22:31 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-04 20:20 [RFC][PATCHES] iov_iter.c rewrite Al Viro
2014-12-04 20:23 ` [RFC][PATCH 01/13] iov_iter.c: macros for iterating over iov_iter Al Viro
2014-12-04 20:23 ` [RFC][PATCH 02/13] iov_iter.c: iterate_and_advance Al Viro
2014-12-04 20:23 ` [RFC][PATCH 03/13] iov_iter.c: convert iov_iter_npages() to iterate_all_kinds Al Viro
2014-12-04 20:23 ` [RFC][PATCH 04/13] iov_iter.c: convert iov_iter_get_pages() " Al Viro
2014-12-04 20:23 ` [RFC][PATCH 05/13] iov_iter.c: convert iov_iter_get_pages_alloc() " Al Viro
2014-12-04 20:23 ` [RFC][PATCH 06/13] iov_iter.c: convert iov_iter_zero() to iterate_and_advance Al Viro
2014-12-04 20:23 ` [RFC][PATCH 07/13] iov_iter.c: get rid of bvec_copy_page_{to,from}_iter() Al Viro
2014-12-05 12:28 ` Sergei Shtylyov
2014-12-04 20:23 ` [RFC][PATCH 08/13] iov_iter.c: convert copy_from_iter() to iterate_and_advance Al Viro
2014-12-04 20:23 ` [RFC][PATCH 09/13] iov_iter.c: convert copy_to_iter() " Al Viro
2014-12-04 20:23 ` [RFC][PATCH 10/13] iov_iter.c: handle ITER_KVEC directly Al Viro
2014-12-04 20:23 ` [RFC][PATCH 11/13] csum_and_copy_..._iter() Al Viro
2014-12-04 20:23 ` [RFC][PATCH 12/13] new helper: iov_iter_kvec() Al Viro
2014-12-04 20:23 ` [RFC][PATCH 13/13] copy_from_iter_nocache() Al Viro
2014-12-08 16:46 ` [RFC][PATCHES] iov_iter.c rewrite Kirill A. Shutemov
2014-12-08 17:58 ` Al Viro
2014-12-08 18:08 ` Al Viro
2014-12-08 18:14 ` Linus Torvalds
2014-12-08 18:20 ` Al Viro
2014-12-08 18:37 ` Linus Torvalds
2014-12-08 18:46 ` Al Viro
2014-12-08 18:57 ` Linus Torvalds
2014-12-08 19:28 ` Al Viro
2014-12-08 19:48 ` Linus Torvalds
2014-12-09 1:56 ` Al Viro
2014-12-09 2:21 ` Kirill A. Shutemov
2015-04-01 2:33 ` [RFC] iov_iter_get_pages() semantics Al Viro
2015-04-01 16:45 ` Linus Torvalds
2015-04-01 18:08 ` Al Viro
2015-04-01 18:15 ` Linus Torvalds
2015-04-01 19:23 ` Al Viro
2015-04-01 18:26 ` Linus Torvalds
2015-04-01 18:34 ` Linus Torvalds
2015-04-01 20:15 ` Al Viro
2015-04-01 21:57 ` Linus Torvalds
2015-04-01 19:50 ` Al Viro
2014-12-08 18:56 ` [RFC][PATCHES] iov_iter.c rewrite Kirill A. Shutemov
2014-12-08 19:01 ` Linus Torvalds
2014-12-08 19:15 ` Dave Jones
2014-12-08 19:23 ` Kirill A. Shutemov
2014-12-08 22:14 ` Theodore Ts'o
2014-12-08 22:23 ` Linus Torvalds
2014-12-08 22:31 ` Dave Jones [this message]
2014-12-08 18:07 ` Linus Torvalds
2014-12-08 18:14 ` Al Viro
2014-12-08 18:23 ` Linus Torvalds
2014-12-08 18:35 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141208223111.GA17949@redhat.com \
--to=davej@redhat.com \
--cc=kirill@shutemov.name \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.