From: Mark Salyzyn <salyzyn@android.com>
To: "Łukasz Stelmach" <stlman@poczta.fm>
Cc: linux-kernel@vger.kernel.org,
"Anton Vorontsov" <anton@enomsg.org>,
"Colin Cross" <ccross@android.com>,
"Kees Cook" <keescook@chromium.org>,
"Tony Luck" <tony.luck@intel.com>,
"Krzysztof Kozlowski" <k.kozlowski@samsung.com>,
"\"Bartłomiej Żołnierkiewicz stlman@poczta.fm\""
<b.zolnierkie@samsung.com>
Subject: Re: [PATCH v4 4/5] pstore: add pmsg
Date: Wed, 28 Jan 2015 09:28:58 -0800 [thread overview]
Message-ID: <54C91C5A.400@android.com> (raw)
In-Reply-To: <871tmfz06r.fsf%stlman@poczta.fm>
On 01/13/2015 04:16 PM, Łukasz Stelmach wrote:
>> A secured user-space accessible pstore object. Writes
>> to /dev/pmsg0 are appended to the buffer, on reboot
>> the persistent contents are available in
>> /sys/fs/pstore/pmsg-ramoops-[ID].
>>
>> One possible use is syslogd, or other daemon, can
>> write messages, then on reboot provides a means to
>> triage user-space activities leading up to a panic
>> as a companion to the pstore dmesg or console logs.
>>
>> Signed-off-by: Mark Salyzyn <salyzyn@android.com>
>> ---
> I am not an expert but this smells like duplicating /dev/kmsg. If
> I remember correctly since about Linux 3.5 /dev/kmsg is writable for the
> user-space and every single process (modulo MAC/DAC) can log there. The
> messages from user-space are preserved accross reboots as a part of the
> kmsg/printk buffer anyway.
>
> What is the advantege of pmsg0 over /dev/kmsg?
- Precious little user-space content goes to kmsg (otherwise you can ask
why is there a syslogd?), there is a reason for this, user space is
notorious for containing Personal Identifiable Information whereas
kernel information does not.
- pmsg0 can take a lot of content (with a ramoops backend) and will not
disrupt/DOS the kernel logs.
- State, Binary or packetized content can go to /dev/pmsg0 and not
interfere with the text content in kmsg
- /dev/pmsg0 write is atomic
- /dev/pmsg0 is write only, there is no access to the live content
_unless_ there is a reboot.
- Personal identification which abounds in user space could be placed
into /dev/pmsg0, and there is no way except a reboot in order to extract
the content, and then /sys/fs/pstore/pmsg-ramoops-0 can be deleted, or
heavily MAC and DAC controlled to enforce protection (doing so to kmsg
would be unlivable)
Sincerely -- Mark Salyzyn
next prev parent reply other threads:[~2015-01-29 2:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-14 0:16 [PATCH v4 4/5] pstore: add pmsg Mark Salyzyn
2015-01-14 18:16 ` Kees Cook
2015-01-17 0:05 ` Luck, Tony
[not found] ` <871tmfz06r.fsf%stlman@poczta.fm>
2015-01-28 17:28 ` Mark Salyzyn [this message]
2015-01-30 20:57 ` Lukasz Stelmach
2015-02-03 16:05 ` Mark Salyzyn
2015-02-03 18:21 ` Kees Cook
2015-02-04 2:35 ` Lukasz Stelmach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54C91C5A.400@android.com \
--to=salyzyn@android.com \
--cc=anton@enomsg.org \
--cc=b.zolnierkie@samsung.com \
--cc=ccross@android.com \
--cc=k.kozlowski@samsung.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stlman@poczta.fm \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.