From: Chris Ball <cjb@laptop.org>
To: Andrei Warkentin <andreiw@motorola.com>
Cc: Arnd Bergmann <arnd@arndb.de>, linux-mmc@vger.kernel.org
Subject: Re: [PATCHv4] MMC: MMC boot partitions support.
Date: Thu, 31 Mar 2011 15:37:04 -0400 [thread overview]
Message-ID: <m3fwq3ulnj.fsf@pullcord.laptop.org> (raw)
In-Reply-To: <AANLkTinQts_R5RaWw=ZkREQaVbAD8A4NxDj0o9+EaBGQ@mail.gmail.com> (Andrei Warkentin's message of "Thu, 31 Mar 2011 14:17:49 -0500")
Hi,
On Thu, Mar 31 2011, Andrei Warkentin wrote:
> Plus what if you do intend to have a file system there? Other than
> complexity and non-obvious usage, I don't see
> anything gained by this. I wouldn't worry about ways of misusing this.
> As I've said, in the only case it matters (some embedded device
> booting from the boot partition), the user would have to gain root
> access, build a kernel giving access to the boot partitions and be
> able to boot into it. So a warning in Kconfig is sufficient.
>
> If you guys feel concerned, then we can add another Kconfig option
> that will allow write access to the boot partitions.
I'm willing to come around to saying that the risk is acceptable, and
that people who overwrite /dev/mmcblk0b0 on their rooted Android phones
won't blame us (at least, not deservedly) for it.
But I'm still concerned after your Kconfig options are added, because
I'm just not reassured by Kconfig options in principle, because of the
case where *the person who built the kernel* is not the same as the
*user who is running commands*. Imagine that CyanogenMod (or even
Qualcomm!) distributes a kernel with this Kconfig option turned on --
because they don't realize how dangerous it is, perhaps, or because they
had a use for it during development -- to see where I'm coming from.
Now, the presence of block devices that brick machines when overwritten
isn't a new phenomenon, so we've got a fair amount of precedence behind
us if we simply expose what we see and expect that users won't do
something unrecoverable. But I'm trying to think about if there's
anything we can do to *minimize* that risk, and have people know what's
going on before they do something they shouldn't. (I think I like Arnd's
suggestion of explicitly having "boot" in the device name rather than
just "b", because that does lend a feeling of "this partition is really
important".)
Does that help clarify my position? Would be happy to hear any other
suggestions on what the right affordance to shoot for is.
Thanks,
- Chris.
--
Chris Ball <cjb@laptop.org> <http://printf.net/>
One Laptop Per Child
next prev parent reply other threads:[~2011-03-31 19:31 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-19 11:18 MMC/eMMC partitioning support Andrei Warkentin
2011-03-19 11:18 ` [RFC] MMC: MMC boot partitions support Andrei Warkentin
2011-03-19 12:13 ` Andrei Warkentin
2011-03-21 14:19 ` [PATCH] " Andrei Warkentin
2011-03-22 3:54 ` [PATCHv3] " Andrei Warkentin
2011-03-22 21:11 ` MMC partitions support (4th revision) Andrei Warkentin
2011-03-22 21:11 ` [PATCHv4] MMC: MMC boot partitions support Andrei Warkentin
2011-03-29 22:45 ` Andrei Warkentin
2011-03-30 12:03 ` Arnd Bergmann
2011-03-30 20:07 ` Andrei Warkentin
2011-03-30 22:43 ` Chris Ball
2011-03-30 22:46 ` Chris Ball
2011-03-30 23:18 ` Andrei Warkentin
2011-03-30 23:34 ` Chris Ball
2011-03-31 6:57 ` Andrei Warkentin
2011-03-31 11:01 ` Arnd Bergmann
2011-03-31 19:17 ` Andrei Warkentin
2011-03-31 19:37 ` Chris Ball [this message]
2011-03-31 20:01 ` Andrei Warkentin
2011-03-31 20:03 ` Chris Ball
2011-03-31 20:01 ` Andrei Warkentin
2011-04-01 9:23 ` Arnd Bergmann
2011-04-01 14:52 ` Chris Ball
2011-04-01 9:21 ` Arnd Bergmann
2011-03-31 11:17 ` Arnd Bergmann
2011-03-31 19:29 ` Andrei Warkentin
2011-04-01 10:38 ` Arnd Bergmann
2011-04-01 18:42 ` Andrei Warkentin
2011-04-01 19:25 ` Arnd Bergmann
2011-04-01 19:42 ` Andrei Warkentin
2011-04-04 12:22 ` [PATCH] " Andrei Warkentin
2011-04-04 11:52 ` Andrei Warkentin
2011-04-11 21:13 ` [patchv3 1/4] MMC: Rename erase_timeout to cmd_timeout_ms Andrei Warkentin
2011-04-11 21:13 ` [patchv3 2/4] MMC: SDHCI R1B command handling + MMC_CAP_ERASE Andrei Warkentin
2011-04-12 9:06 ` Dong, Chuanxiao
2011-04-12 18:05 ` Andrei Warkentin
2011-04-13 1:59 ` Dong, Chuanxiao
2011-04-13 5:44 ` Andrei Warkentin
2011-04-15 21:34 ` Cyril Hrubis
2011-08-10 13:30 ` Chris Ball
2011-04-11 21:13 ` [patchv3 3/4] MMC: Allow setting CMD timeout for CMD6 (SWITCH) Andrei Warkentin
2011-04-11 21:13 ` [patchv3 4/4] MMC: MMC boot partitions support Andrei Warkentin
2011-04-11 22:00 ` Chris Ball
2011-04-11 22:10 ` Andrei Warkentin
2011-04-11 22:22 ` Chris Ball
2011-04-11 22:18 ` Andrei Warkentin
2011-04-11 23:10 ` [patchv4 1/2] MMC: block.c cleanup for host claim/release Andrei Warkentin
2011-04-11 23:10 ` [patchv4 2/2] MMC: MMC boot partitions support Andrei Warkentin
2011-04-11 23:20 ` [patchv3 4/4] " Chris Ball
2011-04-11 23:24 ` Andrei Warkentin
2011-04-21 1:13 ` Chris Ball
2011-04-21 1:30 ` Chris Ball
2011-04-21 5:09 ` Philip Rakity
2011-04-21 5:22 ` Chris Ball
2011-04-21 5:31 ` Andrei Warkentin
2011-04-21 6:07 ` [RFC] MMC: Block: Ensure hardware partitions don't mess with mmcblk device naming Andrei Warkentin
2011-04-21 8:17 ` Andrei Warkentin
2011-04-21 14:44 ` Chris Ball
2011-04-22 0:20 ` Chris Ball
2011-04-22 3:46 ` [PATCH] " Andrei Warkentin
2011-04-22 3:50 ` Andrei Warkentin
2011-04-22 22:34 ` Chris Ball
2011-04-21 4:31 ` [patchv3 4/4] MMC: MMC boot partitions support Jaehoon Chung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3fwq3ulnj.fsf@pullcord.laptop.org \
--to=cjb@laptop.org \
--cc=andreiw@motorola.com \
--cc=arnd@arndb.de \
--cc=linux-mmc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).