On Tue, Oct 1, 2024 at 2:12 AM Mikulas Patocka wrote:
>
> On Mon, 30 Sep 2024, Will Drewry wrote:
>
> > On Mon, Sep 30, 2024 at 1:07 PM Sami Tolvanen
> > wrote:
> > >
> > > While I agree that this sounds good in principle, devices that use the
> > > restart feature typically need to pass the reb
On 10/1/24 11:11 AM, Mikulas Patocka wrote:
...
If I add that 'reboot-on-eio' flag, should it also restart the kernel with
kernel_restart("dm-verity device corrupted")? Or, should it use a
different string?
If we are already here revisiting it, maybe think if there are more errors that
should
On Mon, 30 Sep 2024, Will Drewry wrote:
> On Mon, Sep 30, 2024 at 1:07 PM Sami Tolvanen wrote:
> >
> > On Mon, Sep 30, 2024 at 10:10 AM Will Drewry wrote:
> > >
> > > On Mon, Sep 30, 2024 at 11:27 AM Mikulas Patocka
> > > wrote:
> > > >
> > > >
> > > >
> > > > On Mon, 30 Sep 2024, Will Drewr
On Mon, Sep 30, 2024 at 1:07 PM Sami Tolvanen wrote:
>
> On Mon, Sep 30, 2024 at 10:10 AM Will Drewry wrote:
> >
> > On Mon, Sep 30, 2024 at 11:27 AM Mikulas Patocka
> > wrote:
> > >
> > >
> > >
> > > On Mon, 30 Sep 2024, Will Drewry wrote:
> > >
> > > > > The dm-verity behavior was reported as
On Mon, Sep 30, 2024 at 10:10 AM Will Drewry wrote:
>
> On Mon, Sep 30, 2024 at 11:27 AM Mikulas Patocka wrote:
> >
> >
> >
> > On Mon, 30 Sep 2024, Will Drewry wrote:
> >
> > > > The dm-verity behavior was reported as a security bug, so by default, it
> > > > should behave in the secure way - i.
On Mon, Sep 30, 2024 at 11:27 AM Mikulas Patocka wrote:
>
>
>
> On Mon, 30 Sep 2024, Will Drewry wrote:
>
> > > The dm-verity behavior was reported as a security bug, so by default, it
> > > should behave in the secure way - i.e. restart or panic on I/O error.
> > >
> > > Do you intend to use dm-v
On Mon, 30 Sep 2024, Will Drewry wrote:
> > The dm-verity behavior was reported as a security bug, so by default, it
> > should behave in the secure way - i.e. restart or panic on I/O error.
> >
> > Do you intend to use dm-verity in Android and ChromeOS in the less-secure
> > way where it retur
On Mon, Sep 30, 2024 at 6:00 AM Mikulas Patocka wrote:
>
>
>
> On Fri, 27 Sep 2024, Sami Tolvanen wrote:
>
> > > See for example openssh, the function read_config_file_depth. There is:
> > >
> > > while (getline(&line, &linesize, f) != -1) {
> > > ... process_config_line_depth
> > > }
> >
On Fri, 27 Sep 2024, Sami Tolvanen wrote:
> > See for example openssh, the function read_config_file_depth. There is:
> >
> > while (getline(&line, &linesize, f) != -1) {
> > ... process_config_line_depth
> > }
> > free(line);
> > fclose(f)
> > if (bad_options > 0)
> > fatal("%s
On Thu, Sep 26, 2024 at 1:44 PM Mikulas Patocka wrote:
>
>
>
> On Thu, 26 Sep 2024, Sami Tolvanen wrote:
>
> > On Tue, Sep 24, 2024 at 11:35 PM Milan Broz wrote:
> > >
> > > On 9/25/24 8:09 AM, Maxim Suhanov wrote:
> > > > Hello.
> > > >
> > > >> This is a very strange reasoning. I can say that r
On Thu, 26 Sep 2024, Sami Tolvanen wrote:
> On Tue, Sep 24, 2024 at 11:35 PM Milan Broz wrote:
> >
> > On 9/25/24 8:09 AM, Maxim Suhanov wrote:
> > > Hello.
> > >
> > >> This is a very strange reasoning. I can say that restarting on an IO
> > >> error
> > >> (that can happen in normal situatio
> I thought about this a bit more, and I agree with Milan. I/O errors
> can be temporary and applications should be expected to handle them.
Are we sure that I/O errors always reach a usermode reader? E.g., in
the file system metadata corruption case (like EIO for a file system
driver becoming ENO
On Tue, Sep 24, 2024 at 11:35 PM Milan Broz wrote:
>
> On 9/25/24 8:09 AM, Maxim Suhanov wrote:
> > Hello.
> >
> >> This is a very strange reasoning. I can say that restarting on an IO error
> >> (that can happen in normal situations) could cause another security issue,
> >> such as DoS. EIO is no
On Tue, 24 Sep 2024, Akilesh Kailash wrote:
> On Tue, Sep 24, 2024 at 11:45 AM Mikulas Patocka wrote:
> >
> >
> >
> > On Tue, 24 Sep 2024, Akilesh Kailash wrote:
> >
> > > On Tue, Sep 24, 2024 at 10:44 AM Sami Tolvanen
> > > wrote:
> > > >
> > > > Hi Mikulas,
> > > >
> > > > On Tue, Sep 24, 2
On Tue, 24 Sep 2024, Eric Biggers wrote:
> On Tue, Sep 24, 2024 at 03:18:29PM +0200, Mikulas Patocka wrote:
> > Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
> > happens. In theory, this could be used to subvert security, because an
> > attacker can create sectors that r
On 9/25/24 8:09 AM, Maxim Suhanov wrote:
Hello.
This is a very strange reasoning. I can say that restarting on an IO error
(that can happen in normal situations) could cause another security issue,
such as DoS. EIO is not a data integrity error; it can happen even higher
in the storage stack...
Hello.
> This is a very strange reasoning. I can say that restarting on an IO error
> (that can happen in normal situations) could cause another security issue,
> such as DoS. EIO is not a data integrity error; it can happen even higher
> in the storage stack... and the application should handle i
On 9/24/24 8:36 PM, Mikulas Patocka wrote:
On Tue, 24 Sep 2024, Akilesh Kailash wrote:
On Tue, Sep 24, 2024 at 10:44 AM Sami Tolvanen wrote:
Hi Mikulas,
On Tue, Sep 24, 2024 at 6:18 AM Mikulas Patocka wrote:
Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
happens. In
On Tue, Sep 24, 2024 at 03:18:29PM +0200, Mikulas Patocka wrote:
> Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
> happens. In theory, this could be used to subvert security, because an
> attacker can create sectors that return error with the Write Uncorrectable
> command.
On Tue, Sep 24, 2024 at 11:45 AM Mikulas Patocka wrote:
>
>
>
> On Tue, 24 Sep 2024, Akilesh Kailash wrote:
>
> > On Tue, Sep 24, 2024 at 10:44 AM Sami Tolvanen
> > wrote:
> > >
> > > Hi Mikulas,
> > >
> > > On Tue, Sep 24, 2024 at 6:18 AM Mikulas Patocka
> > > wrote:
> > > >
> > > > Maxim Suh
On Tue, 24 Sep 2024, Akilesh Kailash wrote:
> On Tue, Sep 24, 2024 at 10:44 AM Sami Tolvanen
> wrote:
> >
> > Hi Mikulas,
> >
> > On Tue, Sep 24, 2024 at 6:18 AM Mikulas Patocka wrote:
> > >
> > > Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
> > > happens. In theory, th
On Tue, Sep 24, 2024 at 10:44 AM Sami Tolvanen wrote:
>
> Hi Mikulas,
>
> On Tue, Sep 24, 2024 at 6:18 AM Mikulas Patocka wrote:
> >
> > Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
> > happens. In theory, this could be used to subvert security, because an
> > attacker can
On Tue, 24 Sep 2024, Sami Tolvanen wrote:
> Hi Mikulas,
>
> On Tue, Sep 24, 2024 at 6:18 AM Mikulas Patocka wrote:
> >
> > Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
> > happens. In theory, this could be used to subvert security, because an
> > attacker can create sect
Hi Mikulas,
On Tue, Sep 24, 2024 at 6:18 AM Mikulas Patocka wrote:
>
> Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
> happens. In theory, this could be used to subvert security, because an
> attacker can create sectors that return error with the Write Uncorrectable
> comman
Maxim Suhanov reported that dm-verity doesn't crash if an I/O error
happens. In theory, this could be used to subvert security, because an
attacker can create sectors that return error with the Write Uncorrectable
command. Some programs may misbehave if they have to deal with EIO.
This commit f
25 matches
Mail list logo
