Re: [PATCH v5] init: Disable defaults if init= fails

From: Andy Lutomirski
Date: Mon Oct 20 2014 - 16:15:23 EST

Next message: Dmitry Eremin-Solenikov: "[PATCH V2] ARM: debug: move StrongARM debug include to arch/arm/include/debug"
Previous message: Javier Martinez Canillas: "Re: [PATCH v2 2/2] ARM: EXYNOS: Call regulator core suspend prepare and finish functions"
Next in thread: Josh Triplett: "Re: [PATCH v5] init: Disable defaults if init= fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 14, 2014 at 2:00 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, 1 Oct 2014 11:13:14 -0700 Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>
>> On Wed, Oct 1, 2014 at 11:05 AM, <josh@xxxxxxxxxxxxxxxx> wrote:
>> > On Tue, Sep 30, 2014 at 09:53:56PM -0700, Andy Lutomirski wrote:
>> >> I significantly prefer default N. Scripts that play with init= really
>> >> don't want the fallback, and I can imagine contexts in which it could
>> >> be a security problem.
>> >
>> > While I certainly would prefer the non-fallback behavior for init as
>> > well, standard kernel practice has typically been to use "default y" for
>> > previously built-in features that become configurable. And I'd
>> > certainly prefer a compile-time configuration option like this (even
>> > with default y) over a "strictinit" kernel command-line option.
>> >
>>
>> Fair enough.
>>
>> So: "default y" for a release or two, then switch the default? Having
>> default y will annoy virtme, though it's not the end of the world.
>> Virtme is intended to work with more-or-less-normal kernels.
>>
>
> Adding another Kconfig option is tiresome. What was wrong with strictinit=?

Now that this thread has gotten absurdly wrong, any thoughts?

My preference order is:

1. The patch as is.
2. The patch, minus the config option (i.e. making it unconditional).
3. Something else.

I would very much prefer to get *something* merged. The current
behavior is problematic for scripted kernel boots that don't use
initramfs.

I can be flexible on the something else. One option would be to allow
a whole list of commands in init=, but that has compatibility issues.
Another would be adding an option like init_fallback=/bin/sh. A third
is the original strictinit mechanism. I don't really like any of
them, because they're all more complex.

IOW, the no-fallback behavior is easy to implement, easy to
understand, and has extremely predictable behavior. The fallback
behavior is more user friendly if you consider having a chance of
booting to something useful if you typo your init= option (but also a
chance of booting to something actively undesirable).

--Andy

--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Eremin-Solenikov: "[PATCH V2] ARM: debug: move StrongARM debug include to arch/arm/include/debug"
Previous message: Javier Martinez Canillas: "Re: [PATCH v2 2/2] ARM: EXYNOS: Call regulator core suspend prepare and finish functions"
Next in thread: Josh Triplett: "Re: [PATCH v5] init: Disable defaults if init= fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]