| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2016 08:32:37 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: Stephen Boyd <stephen.boyd@...aro.org> Cc: linux-kernel@...r.kernel.org, linux-arm@...ts.infradead.org, Robin Murphy <robin.murphy@....com>, Laura Abbott <labbott@...hat.com>, Arnd Bergmann <arnd@...db.de>, Marek Szyprowski <m.szyprowski@...sung.com>, Andrew Morton <akpm@...ux-foundation.org>, Mark Brown <broonie@...nel.org>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, Ming Lei <ming.lei@...onical.com> Subject: Re: [RFC/PATCHv2 v2 0/4] request_firmware() on memory constrained devices Hi Stefan, On Tue, 2016-04-19 at 18:04 -0700, Stephen Boyd wrote: > I'm sending this again to solicit feedback on if this is even the right > approach. After Mimi's patches that change where firmware loading code > is done, I've had to modify fs/exec.c and add a struct to linux/fs.h, > and that feels wrong. If that is OK, then my only other concern is > doing the security checks a page at at time vs. all at once on the > whole buffer. If there isn't any opposition to doing that I'll start > working on the necessary changes. Reading the file into memory, and then using it to calculate the file hash, was an optimization to read the file only once. All other hooks, pre-read the file a buffer at a time, calculating the file hash. If you're ok with this pre-reading, you could define a new hook named READING_FIRMWARE_DMA, or something similar. The hash could be calculated on the pre read hook (security_kernel_read_file), not on the post read hook (security_kernel_post_read_file). Validating the firmware signature on the pre-read hook, would eliminate the possibility of giving the driver unverified firmware. Mimi > Some systems are memory constrained but they need to load very > large firmwares. The firmware subsystem allows drivers to request > this firmware be loaded from the filesystem, but this requires > that the entire firmware be loaded into kernel memory first > before it's provided to the driver. This can lead to a situation > where we map the firmware twice, once to load the firmware into > kernel memory and once to copy the firmware into the final > resting place. > > This design creates needless memory pressure and delays loading > because we have to copy from kernel memory to somewhere else. > This patch sets adds support to the request firmware and DMA APIs > to map DMA buffers a page at a time and load the firmware directly > into those pages, skipping the intermediate copying step and > alleviating memory pressure during firmware loading. The drawback > is that we can't use the firmware caching feature because the > memory for the firmware cache is never allocated. > > Patches based on v4.6-rc1. > > Changes since v1: > * Rebased onto v4.6-rc1 (large conflicts due to movement of code from Mimi) > * Added some CONFIG_HAS_DMA ifdefs around code that's using DMA ops > > TODO: > * Performance metrics for DMA vs. non-DMA based loading > * Test on tiny memory parts with big firmwares > * Integrate/test with IMA/security checks > > Laura Abbott (1): > dma-mapping: Add dma_remap() APIs > > Stephen Boyd (2): > ARM64: dma: Add support for NO_KERNEL_MAPPING attribute > firmware: Support requesting firmware directly into DMA memory > > Vikram Mulukutla (1): > firmware_class: Provide infrastructure to make fw caching optional > > arch/arm64/mm/dma-mapping.c | 78 ++++++++++++++-- > drivers/base/firmware_class.c | 192 +++++++++++++++++++++++++++++----------- > fs/exec.c | 95 +++++++++++++++----- > include/linux/dma-mapping.h | 35 ++++++++ > include/linux/firmware.h | 13 +++ > include/linux/fs.h | 14 ++- > security/integrity/ima/ima_fs.c | 3 +- > 7 files changed, 347 insertions(+), 83 deletions(-) >
Powered by blists - more mailing lists