lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 May 2019 21:30:38 +0200
From:   Arend Van Spriel <arend.vanspriel@...adcom.com>
To:     Hans de Goede <hdegoede@...hat.com>,
        Victor Bravo <1905@...blk.com>,
        Kalle Valo <kvalo@...eaurora.org>
Cc:     Franky Lin <franky.lin@...adcom.com>,
        Hante Meuleman <hante.meuleman@...adcom.com>,
        Chi-Hsien Lin <chi-hsien.lin@...ress.com>,
        Wright Feng <wright.feng@...ress.com>,
        "David S. Miller" <davem@...emloft.net>,
        linux-wireless@...r.kernel.org,
        brcm80211-dev-list.pdl@...adcom.com,
        brcm80211-dev-list@...ress.com, linux-kernel@...r.kernel.org,
        Luis Chamberlain <mcgrof@...nel.org>
Subject: Re: [PATCH RFC] brcmfmac: sanitize DMI strings v2

+ Luis (for real this time)

On 5/6/2019 6:05 PM, Hans de Goede wrote:
> Hi,
> 
> On 06-05-19 17:24, Victor Bravo wrote:
>> On Mon, May 06, 2019 at 03:26:28PM +0300, Kalle Valo wrote:
>>> Hans de Goede <hdegoede@...hat.com> writes:
>>>
>>>> If we're going to do some filtering, then I suggest we play it safe 
>>>> and also
>>>> disallow other chars which may be used as a separator somewhere, 
>>>> specifically
>>>> ':' and ','.
>>>>
>>>> Currently upstream linux-firmware has these files which rely on the DMI
>>>> matching:
>>>>
>>>> brcmfmac4330-sdio.Prowise-PT301.txt
>>>> brcmfmac43430-sdio.Hampoo-D2D3_Vi8A1.txt
>>>> brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt
>>>>
>>>> The others are either part of the DMI override table for devices 
>>>> with unsuitable
>>>> DMI strings like "Default String"; or are device-tree based.
>>>>
>>>> So as long as we don't break those 3 (or break the ONDA one but get 
>>>> a symlink
>>>> in place) we can sanitize a bit more then just non-printable and '/'.
>>>>
>>>> Kalle, Arend, what is your opinion on this?
>>>>
>>>> Note I do not expect the ONDA V80 Plus to have a lot of Linux users,
>>>> but it definitely has some.
>>>
>>> To me having spaces in filenames is a bad idea, but on the other hand we
>>> do have the "don't break existing setups" rule, so it's not so simple. I
>>> vote for not allowing spaces, I think that's the best for the long run,
>>> but don't know what Arend thinks.

Hi,

Had a day off today so I did see some of the discussion, but was not 
able to chime in until now.

To be honest I always disliked spaces in filenames, but that does not 
necessarily make it a bad idea. What I would like to know is why 
built-in firmware can not deal with spaces in the firmware file names. I 
think Hans mentioned it in the thread and it crossed my mind as well 
last night. From driver perspective, being brcmfmac or any other for 
that matter, there is only one API to request firmware and in my opinion 
it should behave the same no matter where the firmware is coming from. I 
would prefer to fix that for built-in firmware, but we need to 
understand where this limitation is coming from. Hopefully Luis can 
elaborate on that.

>>
>> I have found a fresh judicate on this:
>> https://lkml.org/lkml/2018/12/22/221
>>
>> It seems clear that we have to support at least spaces for some time
>> (maybe wih separate config option which will be deprecated but on by
>> defaut until old files are considered gone).
> 
> Ah that issue, well that is not really comparable in that case a lot of
> peoples setups were completely broken by that commit and it was a
> quite surprising behavior change in a userspace facing API.
> 
> The nvram loading path already does 2 tries, I really don't want to
> unnecessary complicate it with a third try.
> 
> The Onda V80 Plus is a X86 based Windows / Android dual boot tablet,
> as said before I do not expect a ton of users to be running regular
> Linux on it.
> 
> Given Kalle's clear preference for getting rid of the spaces lets
> just do that. But first we must get a symlink added to linux-firmware
> using the name with the _, newer kernels requiring a newer linux-firmware
> to match is not unheard of AFAIK, so combined with the limited amount
> of users I think this is a reasonable compromise.

Right. In the brcm folder we have bcm4329-fullmac-4.bin for older 
kernels and brcmfmac4329-sdio.bin for later kernels when we switched to 
stricter firmware naming convention.

> Kalle, do you agree with getting the symlink added to linux-firmware
> ASAP as a fix for the V80 Plus issue; or do you want to see a fallback
> to the un-cleaned name as you suggested before ?

How many releases have an issue and how many V80 Plus users running 
regular linux are actually using built-in firmware. And is it really a 
regression for them? Not saying it does not require fixing. However, as 
stated above I would prefer to fix the built-in firmware limitation if 
possible and backport that fix if it is only a few kernel releases 
provided stable allows such a backport.

Regards,
Arend

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ