lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 21 Jul 2014 09:42:00 +0800
From:	Ming Lei <>
To:	Kees Cook <>
Cc:	Linux Kernel Mailing List <>,
	"Luis R. Rodriguez" <>,
	Greg Kroah-Hartman <>,
	James Morris <>,
	David Howells <>,
	"" <>,
	linux-security-module <>,,
	linux-wireless <>
Subject: Re: [PATCH 6/7] firmware_class: add "fd" input file

On Mon, Jul 21, 2014 at 1:43 AM, Kees Cook <> wrote:
> On Sat, Jul 19, 2014 at 8:04 PM, Ming Lei <> wrote:
>> On Tue, Jul 15, 2014 at 5:38 AM, Kees Cook <> wrote:
>>> As an alternative to loading bytes from the "data" blob when reading
>>> firmware, let kernel read from an fd, so that the LSM can reason about
>>> the origin of firmware contents during userspace on-demand loading.
>> From user space view, maybe it is better to keep previous usage and just
>> check if loading is from 'data' blob or fd in 'echo 0 > loading' of
>> firmware_loading_store(), then the 'fd' usage becomes very similar with
>> before.
> I don't think this is a good idea because otherwise there isn't a good
> way to have an "atomic" check of the firmware contents. What does it

Could you share why 'atomic' check is necessary? As we know, it isn't
real atomic, :-).

> means to write to "fd" several times, then write "data" a little,
> before writing "loading", etc? I originally wrote the patch series

That depends how firmware loader supports these cases, and won't
be difficult to handle them.

For non-fd userspace interface, it is very flexible to be capable of
supporting to load firmware data from multiple images, or in flight.
With single 'fd' interface, it won't be possible any more.

> requiring the "loading" piece, and it ended up being very complicated
> due to needing to switch the memory buffer logic back and forth.
> Everything is much much cleaner if "fd" is single-shot, and not part
> of the loading/data interface semantics.

You might not avoid the 'loading' piece completely, how does
the userspace handle non-exist firmware image? The reasonable
way is to abort the loading from userspace via 'echo -1 > loading'
since userspace already sees that, and you may choose to let kernel
side handle that, but your current patch doesn't support it yet.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists