From: Josh Triplett <josh@joshtriplett.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Rob Landley <rob@landley.net>,
Frank Rowand <frowand.list@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Chuck Ebbert <cebbert.lkml@gmail.com>,
Randy Dunlap <rdunlap@infradead.org>,
Shuah Khan <shuah.kh@samsung.com>
Subject: Re: [PATCH v5] init: Disable defaults if init= fails
Date: Mon, 20 Oct 2014 14:01:55 -0700 [thread overview]
Message-ID: <20141020210155.GD29486@jtriplet-mobl1> (raw)
In-Reply-To: <CALCETrVg_rFmSCSnyztRtvANQLd9k_G+bU8FiQB_5O5ecUd99w@mail.gmail.com>
On Mon, Oct 20, 2014 at 01:14:54PM -0700, Andy Lutomirski wrote:
> On Tue, Oct 14, 2014 at 2:00 PM, Andrew Morton
> <akpm@linux-foundation.org> wrote:
> > On Wed, 1 Oct 2014 11:13:14 -0700 Andy Lutomirski <luto@amacapital.net> wrote:
> >
> >> On Wed, Oct 1, 2014 at 11:05 AM, <josh@joshtriplett.org> wrote:
> >> > On Tue, Sep 30, 2014 at 09:53:56PM -0700, Andy Lutomirski wrote:
> >> >> I significantly prefer default N. Scripts that play with init= really
> >> >> don't want the fallback, and I can imagine contexts in which it could
> >> >> be a security problem.
> >> >
> >> > While I certainly would prefer the non-fallback behavior for init as
> >> > well, standard kernel practice has typically been to use "default y" for
> >> > previously built-in features that become configurable. And I'd
> >> > certainly prefer a compile-time configuration option like this (even
> >> > with default y) over a "strictinit" kernel command-line option.
> >> >
> >>
> >> Fair enough.
> >>
> >> So: "default y" for a release or two, then switch the default? Having
> >> default y will annoy virtme, though it's not the end of the world.
> >> Virtme is intended to work with more-or-less-normal kernels.
> >>
> >
> > Adding another Kconfig option is tiresome. What was wrong with strictinit=?
>
> Now that this thread has gotten absurdly wrong, any thoughts?
>
> My preference order is:
>
> 1. The patch as is.
> 2. The patch, minus the config option (i.e. making it unconditional).
> 3. Something else.
Agreed.
> I would very much prefer to get *something* merged. The current
> behavior is problematic for scripted kernel boots that don't use
> initramfs.
>
> I can be flexible on the something else. One option would be to allow
> a whole list of commands in init=, but that has compatibility issues.
> Another would be adding an option like init_fallback=/bin/sh. A third
> is the original strictinit mechanism. I don't really like any of
> them, because they're all more complex.
I agree, particularly because they *add* more logic rather than
*removing* logic. In this case, I think a Kconfig option makes sense,
because it controls additional behavior (the init fallback mechanism).
Plus, adding more code to control init fallback at runtime then means I
have more code to compile out to make the kernel smaller, so I'd end up
adding that Kconfig option anyway. :)
> IOW, the no-fallback behavior is easy to implement, easy to
> understand, and has extremely predictable behavior. The fallback
> behavior is more user friendly if you consider having a chance of
> booting to something useful if you typo your init= option (but also a
> chance of booting to something actively undesirable).
Here's an alternative proposal: how about we change the default
*without* a Kconfig option, see if anyone screams, and if they do, we
add that code back in under a Kconfig option as in your current patch?
Would that make your Kconfig senses stop tingling, Andrew? :)
- Josh Triplett
next prev parent reply other threads:[~2014-10-20 21:02 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-29 2:40 [PATCH v5] init: Disable defaults if init= fails Andy Lutomirski
2014-09-30 12:12 ` Chuck Ebbert
2014-10-01 0:41 ` Frank Rowand
2014-10-01 0:58 ` Rob Landley
2014-10-01 1:52 ` Frank Rowand
2014-10-01 3:16 ` Rob Landley
2014-10-01 4:53 ` Andy Lutomirski
2014-10-01 18:05 ` josh
2014-10-01 18:13 ` Andy Lutomirski
2014-10-01 22:42 ` josh
2014-10-14 21:00 ` Andrew Morton
2014-10-14 21:21 ` Andy Lutomirski
2014-10-15 5:46 ` Frank Rowand
2014-10-15 5:56 ` Andy Lutomirski
2014-10-15 6:37 ` Frank Rowand
2014-10-15 15:18 ` Rob Landley
2014-10-20 20:14 ` Andy Lutomirski
2014-10-20 21:01 ` Josh Triplett [this message]
2014-10-20 21:28 ` Andrew Morton
2014-10-20 21:34 ` Andy Lutomirski
2014-10-20 21:41 ` Andrew Morton
2014-10-20 21:42 ` Andy Lutomirski
2014-10-20 21:44 ` Andrew Morton
2014-10-20 22:04 ` [PATCH] init: Remove CONFIG_INIT_FALLBACK Andy Lutomirski
2014-10-20 22:06 ` josh
2014-10-21 3:45 ` Rob Landley
2014-10-21 4:02 ` Andy Lutomirski
2014-10-21 4:15 ` Rob Landley
2014-10-21 9:53 ` Geert Uytterhoeven
2014-10-21 10:05 ` Josh Triplett
2014-10-14 0:47 ` [PATCH v5] init: Disable defaults if init= fails Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141020210155.GD29486@jtriplet-mobl1 \
--to=josh@joshtriplett.org \
--cc=akpm@linux-foundation.org \
--cc=cebbert.lkml@gmail.com \
--cc=frowand.list@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=rdunlap@infradead.org \
--cc=rob@landley.net \
--cc=shuah.kh@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox