From: Rob Landley <rob@landley.net>
To: Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>
Cc: Josh Triplett <josh@joshtriplett.org>,
frowand.list@gmail.com,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Chuck Ebbert <cebbert.lkml@gmail.com>,
Randy Dunlap <rdunlap@infradead.org>,
Shuah Khan <shuah.kh@samsung.com>
Subject: Re: [PATCH v5] init: Disable defaults if init= fails
Date: Wed, 15 Oct 2014 10:18:56 -0500 [thread overview]
Message-ID: <543E9060.8060300@landley.net> (raw)
In-Reply-To: <20141014140052.2f114c158ffe6cd953020f1c@linux-foundation.org>
On 10/14/14 16:00, Andrew Morton wrote:
> On Wed, 1 Oct 2014 11:13:14 -0700 Andy Lutomirski <luto@amacapital.net> wrote:
>
>> On Wed, Oct 1, 2014 at 11:05 AM, <josh@joshtriplett.org> wrote:
>>> On Tue, Sep 30, 2014 at 09:53:56PM -0700, Andy Lutomirski wrote:
>>>> I significantly prefer default N. Scripts that play with init= really
>>>> don't want the fallback, and I can imagine contexts in which it could
>>>> be a security problem.
>>>
>>> While I certainly would prefer the non-fallback behavior for init as
>>> well, standard kernel practice has typically been to use "default y" for
>>> previously built-in features that become configurable. And I'd
>>> certainly prefer a compile-time configuration option like this (even
>>> with default y) over a "strictinit" kernel command-line option.
>>>
>>
>> Fair enough.
>>
>> So: "default y" for a release or two, then switch the default? Having
>> default y will annoy virtme, though it's not the end of the world.
>> Virtme is intended to work with more-or-less-normal kernels.
>>
>
> Adding another Kconfig option is tiresome. What was wrong with strictinit=?
Adding kernel command line options isn't tiresome? A quick grep of
kernel-parameters.txt ballparks us at around 600 of them so far, and the
one you're proposing one would would translate to "and I really mean it".
Chopping out legacy code with an ifconfig is a step to deprecating it
and eventually removing it. Adding code to do less is bloat that will
stay there forever.
The old behavior is surprising, most people putting together systems in
the past 10 years probably aren't aware it does that unless they got bit
by it. You can't specify a series of fallback inits from the command
line, only the magic hardcoded values can provide a random mix of places
to look for "init" (including in /etc/init for some reason? Has that
_ever_ been a thing?) and then calling a different program entirely
("sh") at a hardwired absolute path because reasons.
Initramfs does not do this fallback nonsense, it has one place it looks
("/init") and rdinit= changes that without magic fallbacks to the old
one if it's not found. If you specify rdinit= it won't even look for
"/init":
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
if (sys_access((const char __user *) ramdisk_execute_command, 0)
!= 0) {
ramdisk_execute_command = NULL;
prepare_namespace();
}
(I.E. if it finds the one and only rdinit command name in ramfs, it
doesn't overmount it with the root= contents. Once overmounted, any
other init programs in ramfs wouldn't matter.)
The current behavior is inconsistent and crazy, and only there for
legacy reasons. We _already_ don't do it for newer codepaths. That's why
chopping it out with kconfig (and immediately deprecating the config
option) makes more sense than adding extra code to not do it.
Rob
next prev parent reply other threads:[~2014-10-15 15:19 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-29 2:40 [PATCH v5] init: Disable defaults if init= fails Andy Lutomirski
2014-09-30 12:12 ` Chuck Ebbert
2014-10-01 0:41 ` Frank Rowand
2014-10-01 0:58 ` Rob Landley
2014-10-01 1:52 ` Frank Rowand
2014-10-01 3:16 ` Rob Landley
2014-10-01 4:53 ` Andy Lutomirski
2014-10-01 18:05 ` josh
2014-10-01 18:13 ` Andy Lutomirski
2014-10-01 22:42 ` josh
2014-10-14 21:00 ` Andrew Morton
2014-10-14 21:21 ` Andy Lutomirski
2014-10-15 5:46 ` Frank Rowand
2014-10-15 5:56 ` Andy Lutomirski
2014-10-15 6:37 ` Frank Rowand
2014-10-15 15:18 ` Rob Landley [this message]
2014-10-20 20:14 ` Andy Lutomirski
2014-10-20 21:01 ` Josh Triplett
2014-10-20 21:28 ` Andrew Morton
2014-10-20 21:34 ` Andy Lutomirski
2014-10-20 21:41 ` Andrew Morton
2014-10-20 21:42 ` Andy Lutomirski
2014-10-20 21:44 ` Andrew Morton
2014-10-20 22:04 ` [PATCH] init: Remove CONFIG_INIT_FALLBACK Andy Lutomirski
2014-10-20 22:06 ` josh
2014-10-21 3:45 ` Rob Landley
2014-10-21 4:02 ` Andy Lutomirski
2014-10-21 4:15 ` Rob Landley
2014-10-21 9:53 ` Geert Uytterhoeven
2014-10-21 10:05 ` Josh Triplett
2014-10-14 0:47 ` [PATCH v5] init: Disable defaults if init= fails Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543E9060.8060300@landley.net \
--to=rob@landley.net \
--cc=akpm@linux-foundation.org \
--cc=cebbert.lkml@gmail.com \
--cc=frowand.list@gmail.com \
--cc=josh@joshtriplett.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=rdunlap@infradead.org \
--cc=shuah.kh@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.