| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <669ce00ff2ff4641b78ee048cb0693e0@ausx13mpc124.AMER.DELL.COM>
Date: Wed, 1 Jun 2016 15:35:39 +0000
From: <Mario_Limonciello@...l.com>
To: <ming.lei@...onical.com>
CC: <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2 1/3] dell_rbu: Don't fallback to userhelper
> -----Original Message-----
> From: Limonciello, Mario
> Sent: Monday, May 16, 2016 1:28 PM
> To: ming.lei@...onical.com
> Cc: LKML <linux-kernel@...r.kernel.org>; Limonciello, Mario
> <Mario_Limonciello@...l.com>
> Subject: [PATCH v2 1/3] dell_rbu: Don't fallback to userhelper
>
> when loading firmware dell_rbu previously would allow a userspace
> application to craft the payload after dell_rbu was loaded and abuse the
> udev userspace API.
>
> Instead require the payload to be crafted and placed in
> /lib/firmware/dell_rbu ahead of time.
>
> This adjusts dell_rbu to immediately load the firmware from
> /lib/firmware/dell_rbu when "init" is passed into image_type using the
> kernel helper.
>
> Signed-off-by: Mario Limonciello <mario_limonciello@...l.com>
> ---
> drivers/firmware/Kconfig | 1 -
> drivers/firmware/dell_rbu.c | 2 +-
> 2 files changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig index
> 6664f11..85afe59 100644
> --- a/drivers/firmware/Kconfig
> +++ b/drivers/firmware/Kconfig
> @@ -86,7 +86,6 @@ config DELL_RBU
> tristate "BIOS update support for DELL systems via sysfs"
> depends on X86
> select FW_LOADER
> - select FW_LOADER_USER_HELPER
> help
> Say m if you want to have the option of updating the BIOS for your
> DELL system. Note you need a Dell OpenManage or Dell Update
> package (DUP) diff --git a/drivers/firmware/dell_rbu.c
> b/drivers/firmware/dell_rbu.c index 2f452f1..77b2a77 100644
> --- a/drivers/firmware/dell_rbu.c
> +++ b/drivers/firmware/dell_rbu.c
> @@ -620,7 +620,7 @@ static ssize_t write_rbu_image_type(struct file *filp,
> struct kobject *kobj,
> if (!rbu_data.entry_created) {
> spin_unlock(&rbu_data.lock);
> req_firm_rc =
> request_firmware_nowait(THIS_MODULE,
> - FW_ACTION_NOHOTPLUG, "dell_rbu",
> + FW_ACTION_HOTPLUG, "dell_rbu",
> &rbu_device->dev, GFP_KERNEL, &context,
> callbackfn_rbu);
> if (req_firm_rc) {
> --
> 2.7.4
Hi Ming,
Could you comment on these patches? There isn't currently a subsystem maintainer for dell_rbu, so I think you are the most qualified to pull these in. They have the best implications for you since you can drop all that fallback code now too.
Powered by blists - more mailing lists