From: Jeff Garzik <jgarzik@mandrakesoft.com>
To: andersen@codepoet.org
Cc: Bill Davidsen <davidsen@tmr.com>,
Linus Torvalds <torvalds@transmeta.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [patch] My AMD IDE driver, v2.7
Date: Mon, 11 Mar 2002 20:33:42 -0500 [thread overview]
Message-ID: <3C8D5AF6.8070602@mandrakesoft.com> (raw)
In-Reply-To: <Pine.LNX.3.96.1020311185647.27404G-100000@gatekeeper.tmr.com> <3C8D4D12.90606@mandrakesoft.com> <20020312005840.GA13955@codepoet.org>
Erik Andersen wrote:
>On Mon Mar 11, 2002 at 07:34:26PM -0500, Jeff Garzik wrote:
>
>>Reason 1: Standard kernel convention. In other ioctls, we check basic
>>arguments and return EINVAL when they are wrong, even for privieleged
>>ioctls.
>>
>
>I have no argument with basic command validation. But take a
>look at ide_cmd_type_parser(), for example. Do we really need a
>giant switch statement listing all the allowed commands, just so
>we can throw back a IDE_DRIVE_TASK_INVALID to user-space if they
>decide to send down some undocumeted firmware wiping commands?
>Especially since that giant struct of allowed commands is
>duplicated in ide_pre_handler_parser() and ide_handler_parser()
>
I agree the implementation could be improved.
Your first question is really philosophical. I think that people should
-not- be able to send undocumented commands through the interface...
and in this area IMO it pays to be paranoid.
If we wanted to be ultra-super-paranoid, drop the ioctl and taskfile
parser, and implement the taskfile checks via SMM mode callbacks from
activity on the IDE ports ;-) That way we know the NSA is not doing
something sneaky, as well as supporting unlimited SMP bit-banging from
userland. Can you say ug and non-portable even to a lot of ia32
platforms. :)
So, the implementation may need improvement, but we do (a) want the
taskfile ioctl [and one for scsi too], and (b) want to implement some
amount of mininal sanity checks on the requests.
Jeff
next prev parent reply other threads:[~2002-03-12 1:34 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-11 15:13 [patch] My AMD IDE driver, v2.7 Vojtech Pavlik
2002-03-11 16:36 ` Martin Dalecki
2002-03-11 20:49 ` Rik van Riel
2002-03-11 22:45 ` Alan Cox
2002-03-11 22:39 ` Linus Torvalds
2002-03-11 22:45 ` Vojtech Pavlik
2002-03-11 22:53 ` Linus Torvalds
2002-03-12 0:14 ` Bill Davidsen
2002-03-12 0:34 ` Jeff Garzik
2002-03-12 0:58 ` Erik Andersen
2002-03-12 1:33 ` Jeff Garzik [this message]
2002-03-12 1:41 ` Linus Torvalds
2002-03-12 1:50 ` Jeff Garzik
2002-03-11 18:50 ` gmack
2002-03-12 2:19 ` Linus Torvalds
2002-03-12 2:34 ` Jeff Garzik
2002-03-12 11:21 ` Martin Dalecki
2002-03-12 2:54 ` J. Dow
2002-03-12 6:32 ` Vojtech Pavlik
2002-03-14 15:12 ` Pavel Machek
2002-03-13 18:42 ` Horst von Brand
2002-03-13 19:11 ` Andre Hedrick
2002-03-12 6:25 ` Vojtech Pavlik
2002-03-12 7:13 ` Erik Andersen
2002-03-12 16:40 ` Bill Davidsen
2002-03-12 0:51 ` Linus Torvalds
2002-03-12 1:41 ` Jeff Garzik
2002-03-12 1:44 ` Linus Torvalds
2002-03-12 2:22 ` Jeff Garzik
2002-03-12 2:33 ` Linus Torvalds
2002-03-12 2:37 ` Jeff Garzik
2002-03-12 3:34 ` Olivier Galibert
2002-03-12 4:13 ` Jeff Garzik
2002-03-14 14:13 ` Pavel Machek
2002-03-15 11:05 ` Jeff Garzik
2002-03-18 19:20 ` Pavel Machek
2002-03-19 9:29 ` Vojtech Pavlik
2002-03-19 21:21 ` Pavel Machek
2002-03-19 21:56 ` Vojtech Pavlik
2002-03-20 8:00 ` Daniela Engert
2002-03-20 18:11 ` Bill Davidsen
2002-03-20 18:46 ` Daniela Engert
2002-03-20 22:15 ` Pavel Machek
2002-03-20 23:09 ` Daniel Kobras
2002-03-19 22:33 ` Andre Hedrick
2002-03-20 0:25 ` Alan Cox
2002-03-15 14:45 ` Alan Cox
2002-03-12 11:23 ` Martin Dalecki
2002-03-12 2:50 ` J. Dow
2002-03-12 3:10 ` Jeff Garzik
2002-03-12 3:28 ` Linus Torvalds
2002-03-12 3:46 ` Jeff Garzik
2002-03-12 6:10 ` J. Dow
2002-03-12 3:58 ` Linus Torvalds
2002-03-12 4:26 ` Jeff Garzik
2002-03-12 4:40 ` Linus Torvalds
2002-03-12 6:26 ` J. Dow
2002-03-12 11:44 ` Martin Dalecki
2002-03-12 4:31 ` Linus Torvalds
2002-03-12 5:05 ` Jeff Garzik
2002-03-12 5:20 ` Linus Torvalds
2002-03-12 11:39 ` Martin Dalecki
2002-03-12 4:49 ` Erik Andersen
2002-03-12 5:08 ` Linus Torvalds
2002-03-12 11:36 ` Martin Dalecki
2002-03-12 6:05 ` J. Dow
2002-03-12 4:41 ` Erik Andersen
2002-03-12 4:48 ` Jeff Garzik
2002-03-12 6:30 ` J. Dow
2002-03-12 6:29 ` J. Dow
2002-03-12 16:36 ` Bill Davidsen
2002-03-12 2:57 ` Alan Cox
2002-03-12 2:49 ` Jeff Garzik
2002-03-12 11:17 ` Alan Cox
2002-03-13 8:14 ` ide filters / 'ide dump' / 'bio dump' bert hubert
2002-03-13 10:11 ` Jeff Garzik
2002-03-13 12:05 ` Malcolm Beattie
2002-03-13 17:17 ` Linus Torvalds
2002-03-12 11:10 ` [patch] My AMD IDE driver, v2.7 Martin Dalecki
2002-03-12 0:33 ` benh
2002-03-12 20:21 ` Gunther Mayer
2002-03-12 16:33 ` Bill Davidsen
2002-03-12 11:00 ` Martin Dalecki
2002-03-12 15:59 ` Vojtech Pavlik
2002-03-12 16:11 ` Martin Dalecki
2002-03-12 16:21 ` Vojtech Pavlik
2002-03-12 16:26 ` Martin Dalecki
2002-03-12 16:33 ` Vojtech Pavlik
2002-03-12 16:41 ` Martin Dalecki
2002-03-13 0:01 ` Russell King
2002-03-12 16:43 ` Martin Dalecki
2002-03-12 16:50 ` Vojtech Pavlik
2002-03-12 16:58 ` Martin Dalecki
2002-03-14 14:02 ` Pavel Machek
2002-03-15 11:13 ` Vojtech Pavlik
2002-03-18 19:21 ` Pavel Machek
2002-03-12 16:44 ` Sebastian Droege
2002-03-13 19:43 ` Bill Davidsen
2002-03-12 16:17 ` Martin Dalecki
2002-03-12 16:27 ` Vojtech Pavlik
2002-03-12 16:32 ` Martin Dalecki
2002-03-12 20:00 ` [patch] PIIX driver rewrite Vojtech Pavlik
2002-03-12 20:35 ` Sebastian Droege
2002-03-12 20:34 ` Vojtech Pavlik
2002-03-12 21:07 ` Sebastian Droege
2002-03-12 21:19 ` Vojtech Pavlik
2002-03-11 23:01 ` [patch] My AMD IDE driver, v2.7 Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C8D5AF6.8070602@mandrakesoft.com \
--to=jgarzik@mandrakesoft.com \
--cc=andersen@codepoet.org \
--cc=davidsen@tmr.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.