Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2245775imm; Thu, 27 Sep 2018 09:37:16 -0700 (PDT) X-Google-Smtp-Source: ACcGV63pbxNXEf5Puz7Tk1g9qtJRpr4maalarKBHoZniw3rs654+Oc0rltUH0dffRcoTpfnIbc1f X-Received: by 2002:a63:ab0c:: with SMTP id p12-v6mr11243415pgf.190.1538066236183; Thu, 27 Sep 2018 09:37:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538066236; cv=none; d=google.com; s=arc-20160816; b=OBLH+NaFZ7K3/Nd2k+KJEel6iFwvzqMbsuPySdNh2BUWL1dg7LW4LuUZzyFbMgSuy8 uFm921Ig0ugpCMan+iDHvax5Ac8IXsFWNqBs6M8KMxQPoSFyinrDGvZ/vqrcDh1Hg75M oPwd5gtQWdBeXhYQdq6UazWzIZBM4gHfRMOQNylvw+ZIu8zpJLbASQOgT7BeDzUFKIvT rr98k+iovP+Fv1cWI1uKx0m1lejK53VvqtOki1wnMNZ3UtK1suWj3zKPv8rBJUzM0S4T KZdqorb2f3uxrGnYFpxECehGYfnU3WEba0yPjQXm8gAK5UtfrGx+n21gGgSn48AkV1Ka qPUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=IK2mbpwVLvXJ888D4txI+JajMjzT21QDDVE/b8HggmE=; b=NSQUyPVR26u2gutrQ4UJIbs3NcBSZlfnWax73XOs+sLhlYaDebQf8F3oIsogPCj5tI 1ts934wkh7Wfz5QUkdNfBJcDkLh11Jo+iL0gS+WNI6iq2ne2VbO9OvDukFCyoTE9hnG7 e6RqDiTA9U8nDK0Kiy2VTkYsSS0D7T8Q4V0iSI3c40zYm+ybbF1p7ccs11nDkWYhZQjg ThEN41gUlwTAgADv9xZdjyWjFqHxiZzCruxTHgcmsC++NiJ59Z8nT7NUfWttcGjgIzoZ UCUL1FDEysLffmHFGgWNIulR270BMPHJPOIhIlvhEHXXJ6Q3/VTiUu6TrY2qxKFaSVgz lKgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=I5QxbZbC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a9-v6si2366435pgj.224.2018.09.27.09.36.55; Thu, 27 Sep 2018 09:37:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=I5QxbZbC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728117AbeI0Wzd (ORCPT + 99 others); Thu, 27 Sep 2018 18:55:33 -0400 Received: from mail-yw1-f65.google.com ([209.85.161.65]:46323 "EHLO mail-yw1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727335AbeI0Wzd (ORCPT ); Thu, 27 Sep 2018 18:55:33 -0400 Received: by mail-yw1-f65.google.com with SMTP id j131-v6so1319597ywc.13 for ; Thu, 27 Sep 2018 09:36:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IK2mbpwVLvXJ888D4txI+JajMjzT21QDDVE/b8HggmE=; b=I5QxbZbCsiACM6vRpKmU1LLI7dTAOfWuPHdR1/qEJQN77lem5ZX0+bPOnwnkh9NGZr TgsH2qujk+vN83iVM/kilhNWeuv9XoIEJDBHKfr9sghvGx5Vvg43kCKWC7GdOfqbKna0 Ex9B8KEQiFKU3JRYQd7hpfiaEBJk91IcNulf0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IK2mbpwVLvXJ888D4txI+JajMjzT21QDDVE/b8HggmE=; b=psT2eLWd2iFdIXrBcZ7VS5Mo89GhA72A6YRFv0E0kkvwu435TjmOeLKay4sU0S05dJ kBFPm28YYnw3MEMfUK/sGdC80IaaC7CvYYg3Zi6A1cYtDSMTuTOB9vb5p6q0I7ATIw2B kF51K2or+FeuSebA7RKUQy+JAO25liYgwoiTGg3ayaRIVgVQ1kthpWFk5fmeseSV+/df JXSj4dW+D6KID3V/pOYc30CfBcMyD9lSEYRdD/BI/LBNtSZ+xd0X/jilI6GDfY+awKZR oCWPP85DaIjr6lIv060E/zgpqNDaax/+oItVgJciI0XgEyRimd7QVQ+mvW3CLZwPBrMZ oC0g== X-Gm-Message-State: ABuFfoiuCYTdaNqDQaDTe7xq5Vo66PkBWZXVtuxfEBxBbElJliMVAApj k/wAGIiMpH5ZKRgwTjm1t434SpfFbho= X-Received: by 2002:a81:3e25:: with SMTP id l37-v6mr6191945ywa.28.1538066186611; Thu, 27 Sep 2018 09:36:26 -0700 (PDT) Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com. [209.85.219.173]) by smtp.gmail.com with ESMTPSA id 129-v6sm1747974ywm.87.2018.09.27.09.36.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Sep 2018 09:36:25 -0700 (PDT) Received: by mail-yb1-f173.google.com with SMTP id 184-v6so1386827ybg.1 for ; Thu, 27 Sep 2018 09:36:24 -0700 (PDT) X-Received: by 2002:a25:249:: with SMTP id 70-v6mr6393127ybc.421.1538066184508; Thu, 27 Sep 2018 09:36:24 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Thu, 27 Sep 2018 09:36:23 -0700 (PDT) In-Reply-To: <20180927142328.GA4074@redhat.com> References: <20180927142328.GA4074@redhat.com> From: Kees Cook Date: Thu, 27 Sep 2018 09:36:23 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 0/2] boot to a mapped device To: Mike Snitzer Cc: Richard Weinberger , helen.koike@collabora.com, device-mapper development , Alasdair G Kergon , LKML , Enric Balletbo i Serra , Will Drewry , "open list:DOCUMENTATION" , linux-lvm@redhat.com, kernel@collabora.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 27, 2018 at 7:23 AM, Mike Snitzer wrote: > On Wed, Sep 26 2018 at 3:16am -0400, > Richard Weinberger wrote: > >> Helen, >> >> On Wed, Sep 26, 2018 at 7:01 AM Helen Koike wrote: >> > >> > This series is reviving an old patchwork. >> > Booting from a mapped device requires an initramfs. This series is >> > allows for device-mapper targets to be configured at boot time for >> > use early in the boot process (as the root device or otherwise). >> >> What is the reason for this patch series? >> Setting up non-trivial root filesystems/storage always requires an >> initramfs, there is nothing >> wrong about this. > > Exactly. If phones or whatever would benefit from this patchset then > say as much. I think some of the context for the series was lost in commit logs, but yes, both Android and Chrome OS do not use initramfs. The only thing that was needed to do this was being able to configure dm devices on the kernel command line, so the overhead of a full initramfs was seen as a boot time liability, a boot image size liability (e.g. Chrome OS has a limited amount of storage available for the boot image that is covered by the static root of trust signature), and a complexity risk: everything that is needed for boot could be specified on the kernel command line, so better to avoid the whole initramfs dance. So, instead, this plumbs the dm commands directly instead of bringing up a full userspace and performing ioctls. > I will not accept this patchset at this time. > >> > Example, the following could be added in the boot parameters. >> > dm="lroot,,,rw, 0 4096 linear 98:16 0, 4096 4096 linear 98:32 0" root=/dev/dm-0 >> >> Hmmm, the new dm= parameter is anything but easy to get right. > > No, it isn't.. exposes way too much potential for users hanging > themselves. IIRC, the changes in syntax were suggested back when I was trying to drive this series: https://www.redhat.com/archives/dm-devel/2016-February/msg00199.html And it matches the "concise" format in dmsetup: https://sourceware.org/git/?p=lvm2.git;a=commit;h=827be01758ec5adb7b9d5ea75b658092adc65534 What do you feel are next steps? Thanks! -Kees -- Kees Cook Pixel Security