From: Mark Salyzyn <salyzyn@android.com>
To: "Łukasz Stelmach" <stlman@poczta.fm>
Cc: linux-kernel@vger.kernel.org,
"Anton Vorontsov" <anton@enomsg.org>,
"Colin Cross" <ccross@android.com>,
"Kees Cook" <keescook@chromium.org>,
"Tony Luck" <tony.luck@intel.com>,
"Krzysztof Kozlowski" <k.kozlowski@samsung.com>,
"\"Bartłomiej Żołnierkiewicz stlman@poczta.fm\""
<b.zolnierkie@samsung.com>
Subject: Re: [PATCH v4 4/5] pstore: add pmsg
Date: Wed, 28 Jan 2015 09:28:58 -0800 [thread overview]
Message-ID: <54C91C5A.400@android.com> (raw)
In-Reply-To: <871tmfz06r.fsf%stlman@poczta.fm>
On 01/13/2015 04:16 PM, Łukasz Stelmach wrote:
>> A secured user-space accessible pstore object. Writes
>> to /dev/pmsg0 are appended to the buffer, on reboot
>> the persistent contents are available in
>> /sys/fs/pstore/pmsg-ramoops-[ID].
>>
>> One possible use is syslogd, or other daemon, can
>> write messages, then on reboot provides a means to
>> triage user-space activities leading up to a panic
>> as a companion to the pstore dmesg or console logs.
>>
>> Signed-off-by: Mark Salyzyn <salyzyn@android.com>
>> ---
> I am not an expert but this smells like duplicating /dev/kmsg. If
> I remember correctly since about Linux 3.5 /dev/kmsg is writable for the
> user-space and every single process (modulo MAC/DAC) can log there. The
> messages from user-space are preserved accross reboots as a part of the
> kmsg/printk buffer anyway.
>
> What is the advantege of pmsg0 over /dev/kmsg?
- Precious little user-space content goes to kmsg (otherwise you can ask
why is there a syslogd?), there is a reason for this, user space is
notorious for containing Personal Identifiable Information whereas
kernel information does not.
- pmsg0 can take a lot of content (with a ramoops backend) and will not
disrupt/DOS the kernel logs.
- State, Binary or packetized content can go to /dev/pmsg0 and not
interfere with the text content in kmsg
- /dev/pmsg0 write is atomic
- /dev/pmsg0 is write only, there is no access to the live content
_unless_ there is a reboot.
- Personal identification which abounds in user space could be placed
into /dev/pmsg0, and there is no way except a reboot in order to extract
the content, and then /sys/fs/pstore/pmsg-ramoops-0 can be deleted, or
heavily MAC and DAC controlled to enforce protection (doing so to kmsg
would be unlivable)
Sincerely -- Mark Salyzyn
next prev parent reply other threads:[~2015-01-29 2:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-14 0:16 [PATCH v4 4/5] pstore: add pmsg Mark Salyzyn
2015-01-14 18:16 ` Kees Cook
2015-01-17 0:05 ` Luck, Tony
[not found] ` <871tmfz06r.fsf%stlman@poczta.fm>
2015-01-28 17:28 ` Mark Salyzyn [this message]
2015-01-30 20:57 ` Lukasz Stelmach
2015-02-03 16:05 ` Mark Salyzyn
2015-02-03 18:21 ` Kees Cook
2015-02-04 2:35 ` Lukasz Stelmach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54C91C5A.400@android.com \
--to=salyzyn@android.com \
--cc=anton@enomsg.org \
--cc=b.zolnierkie@samsung.com \
--cc=ccross@android.com \
--cc=k.kozlowski@samsung.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stlman@poczta.fm \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox