Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1409876ybh; Thu, 23 Jul 2020 08:13:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwinojTO0Nsx1QZn7PwnQ26huqoqttILtFKNvmmB0wEcIdNt26Ws7cHIkL5xsccNJuvpfyL X-Received: by 2002:aa7:cf94:: with SMTP id z20mr4772623edx.82.1595517238700; Thu, 23 Jul 2020 08:13:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595517238; cv=none; d=google.com; s=arc-20160816; b=FNcDl44H4z3dVP2I6QSR9uVc4S0YIn+U+3+e1so+Cjcq5Omh/gdnSAZPEffX/sfrHF jhpm7t2Il+li5A/2hh81wbVzJbDz72lEMaIBVDokAEbpHydMt5nuye4qRYaDKrkEzd0D lcG7l9b3iiM1UTkJJE/lCNUE0velesTb899SEgcjtVa+zRPYKLYnYpyNDeRijeBeW8ya 79iSba51g2feGgmmpwsbLqPJeeQwNGasjZ22h8jXtUhVmDkcEEkxsylXv1h5+6e2WBP8 /3iPmj3Vv6+l/FZiN59qZXMbjqTbZujfPE5O6vO5em+C+qUaaCjZB2FdJnFMAul6m0y+ vKHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=ZlR9iRWS/DaT2oInBDv0D6VleH0dl7QKcfTkexlT9fo=; b=iNkzfakehNtV81V+LTok2Jlpp2O/fr6EmrR51VDklIjP2kNCm/HUW2DH7PpoAdZoMH MFggi2KFo0BJL1VeSyA7IQhILg0y1JIKynrTjoTmOsuGjX5jq4CcYkZBM+/PpnQaxqTw cHEfHpARrhxQ0lQiR3p4T9+O5TknnlW3MEwmMcHgCvnYgImYE17wi1xDC8Ko0cKs4dd1 Hm31k2cEnhodQuF9BXj4oBVuteD9wyRcQuRfiDcJMjkYUAhxrgF3bEtjChQSM9dxt11y dAmvMLK5vsbceHVavspf7KqqVHSMbvfF2jy7PSmyz9xcmDu/oaIYFTWWc9942a71tq0m WPXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="S/CnPJoh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bz20si2285956ejc.90.2020.07.23.08.13.35; Thu, 23 Jul 2020 08:13:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="S/CnPJoh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728853AbgGWPLL (ORCPT + 99 others); Thu, 23 Jul 2020 11:11:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:49430 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727940AbgGWPLL (ORCPT ); Thu, 23 Jul 2020 11:11:11 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4AD1C20771; Thu, 23 Jul 2020 15:11:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1595517070; bh=lou3FzXpILjbYCI2pCqDsP5iW+uI60hWnt6VY6f+T1k=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=S/CnPJohw4SwWxEh9+nl4JiRDRW9qOvCptekC2LJ8toUnt9kaHIranDC0G1jrEKJs Wu6csYX0EZRXTVZwUo2/3hnVAK5nvdHRjIeNb5RwXNvgu7dlg55W+05MREWzpVJ2oj B7Zh8lsCKWmkoGf1Jb6DXXLeP7hGOMFmUUFcPVTA= Date: Thu, 23 Jul 2020 17:11:14 +0200 From: Greg Kroah-Hartman To: Peter Enderborg Cc: linux-kernel@vger.kernel.org, "Rafael J . Wysocki" , Andrew Morton , Jonathan Corbet , linux-doc@vger.kernel.org, Randy Dunlap , Steven Rostedt , Ingo Molnar Subject: Re: [PATCH v8 0/2] debugfs: Add access restriction option Message-ID: <20200723151114.GA2793748@kroah.com> References: <20200617133738.6631-1-peter.enderborg@sony.com> <20200716071511.26864-1-peter.enderborg@sony.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200716071511.26864-1-peter.enderborg@sony.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 16, 2020 at 09:15:09AM +0200, Peter Enderborg wrote: > Since debugfs include sensitive information it need to be treated > carefully. But it also has many very useful debug functions for userspace. > With this option we can have same configuration for system with > need of debugfs and a way to turn it off. This gives a extra protection > for exposure on systems where user-space services with system > access are attacked. > > v2. Removed MOUNT as part of restrictions. Added API's restrictions as > separate restriction. > v3 Updated Documentation after Randy Dunlap reviews and suggestions. > v4 Removed #ifdefs from inode.c and using internal.h for configuration > and now using BIT() for that. Function is now always on, and are > instead selected by a built in default or command line parameter. > Changed return value on debug_mount > Reported-by: kernel test robot > Im not sure about that it is right > v5 Added notes to config help suggested by GregKH. > Removed _BIT from names, white-space and tab. > (checkpatch did not complain). > v6 Using ALLOW instead of ACCESS as name on BIT's. Change the fs to > mount to make it clear and easy to understand. > v7 Updated Kconfig.debug with Randy Dunlap corrections. > v8 Spell fixes from Randy and using else-if for command argument > parser. > > Thanks for sticking with this, now queued up! greg k-h