Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 11 Mar 2002 20:34:25 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 11 Mar 2002 20:34:15 -0500 Received: from parcelfarce.linux.theplanet.co.uk ([195.92.249.252]:24587 "EHLO www.linux.org.uk") by vger.kernel.org with ESMTP id ; Mon, 11 Mar 2002 20:34:06 -0500 Message-ID: <3C8D5AF6.8070602@mandrakesoft.com> Date: Mon, 11 Mar 2002 20:33:42 -0500 From: Jeff Garzik User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020214 X-Accept-Language: en MIME-Version: 1.0 To: andersen@codepoet.org CC: Bill Davidsen , Linus Torvalds , LKML Subject: Re: [patch] My AMD IDE driver, v2.7 In-Reply-To: <3C8D4D12.90606@mandrakesoft.com> <20020312005840.GA13955@codepoet.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Erik Andersen wrote: >On Mon Mar 11, 2002 at 07:34:26PM -0500, Jeff Garzik wrote: > >>Reason 1: Standard kernel convention. In other ioctls, we check basic >>arguments and return EINVAL when they are wrong, even for privieleged >>ioctls. >> > >I have no argument with basic command validation. But take a >look at ide_cmd_type_parser(), for example. Do we really need a >giant switch statement listing all the allowed commands, just so >we can throw back a IDE_DRIVE_TASK_INVALID to user-space if they >decide to send down some undocumeted firmware wiping commands? >Especially since that giant struct of allowed commands is >duplicated in ide_pre_handler_parser() and ide_handler_parser() > I agree the implementation could be improved. Your first question is really philosophical. I think that people should -not- be able to send undocumented commands through the interface... and in this area IMO it pays to be paranoid. If we wanted to be ultra-super-paranoid, drop the ioctl and taskfile parser, and implement the taskfile checks via SMM mode callbacks from activity on the IDE ports ;-) That way we know the NSA is not doing something sneaky, as well as supporting unlimited SMP bit-banging from userland. Can you say ug and non-portable even to a lot of ia32 platforms. :) So, the implementation may need improvement, but we do (a) want the taskfile ioctl [and one for scsi too], and (b) want to implement some amount of mininal sanity checks on the requests. Jeff - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/