lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 24 Oct 2016 17:09:13 -0700
From:   Dmitry Torokhov <dmitry.torokhov@...il.com>
To:     Andrew Duggan <aduggan@...aptics.com>
Cc:     Nick Dyer <nick@...anahar.org>,
        Christopher Heiny <cheiny@...aptics.com>,
        Guenter Roeck <linux@...ck-us.net>,
        Chris Healy <cphealy@...il.com>, linux-input@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] Input: synaptics-rmi4 - allow number of PDT pages to
 be specified

On Mon, Oct 24, 2016 at 05:03:30PM -0700, Andrew Duggan wrote:
> On 10/24/2016 04:39 PM, Dmitry Torokhov wrote:
> >On Mon, Oct 24, 2016 at 11:55:22PM +0100, Nick Dyer wrote:
> >>We have encountered some RMI4 firmwares where there are blank pages in between
> >>PDT pages which contain functions. Add a device tree property which can be set
> >>to force reading the first N pages.
> >Cann we get updated firmware instead? This seems like violation of RMI
> >protocol. Or, if it is allowed by the protocol, can we avoid DT
> >parameter and keep scanning until the end?
> 
> It is a violation of the RMI4 spec and we found at least one other
> device with misconfigured firmware, so this problem extends beyond
> just a single device. We are adding steps to our verification
> process to make sure we catch these misconfigurations in the future.
> But, I'm not sure we can guarantee that a device with this issue
> didn't go into production.
> 
> I like Guenter's suggestion of requiring two empty pages to stop
> scanning. If we did that for all devices it would add one extra read
> to the PDT scan, but we would avoid us having to maintain a list of
> devices or set additional parameters.

OK, if that fixes broken firmware then that's what I would prefer.

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ