| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jun 2017 20:00:30 +0200
From: Pali Rohár <pali.rohar@...il.com>
To: Darren Hart <dvhart@...radead.org>
Cc: Christoph Hellwig <hch@...radead.org>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Mario Limonciello <mario_limonciello@...l.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Rafael Wysocki <rjw@...ysocki.net>,
Andy Lutomirski <luto@...capital.net>,
LKML <linux-kernel@...r.kernel.org>,
platform-driver-x86@...r.kernel.org
Subject: Re: WMI and Kernel:User interface
On Tuesday 13 June 2017 19:40:27 Darren Hart wrote:
> On Tue, Jun 13, 2017 at 07:16:11PM +0200, Pali Rohár wrote:
> > On Tuesday 13 June 2017 17:38:57 Darren Hart wrote:
> > > I'll mention this again I suspect in this thread, but rather than
> > > a "WMI filter" we can implement a "WMI proxy". If a kernel
> > > driver needs to own certain WMI calls for LED or Radio
> > > management, for example, all such calls can be proxied through
> > > that driver. It can do the necessary work to update its own
> > > state, and still perform the requested funtion, transparent to
> > > the userspace caller. This should accommodate the addition of
> > > new drivers and features to kernel drivers, without precluding
> > > the development of userspace management or platform daemons.
> >
> > Such WMI proxy implemented in every WMI driver has one design
> > problem:
> >
> > There would be two different kernel APIs to configure some firmware
> > settings. E.g. if particular WMI method implements turning on/off
> > radio devices, then functionality would be exported to userspace
> > via:
> >
> > 1) standard kernel rfkill interface which is device/driver/firmware
> > neutral (and any rfkill application can control it)
> >
> > 2) platform/firmware specific WMI method via newly standard
> > /dev/wmi* interface -- and only vendor specific application could
> > do that and it would work only for this one specific WMI GUID
> > device
>
> Yes, platform specific control is what WMI is for.
>
> > I do not like idea to have two kernel <--> userspace interfaces to
> > control one thing, plus one interface would be platform dependent.
> >
> > In my opinion any management application which want to control
> > radio switches should use option 1) rfkill interface.
>
> Agreed, they should.
>
> > And I do not see reason for exporting same duplicate, but platform
> > dependent interface from kernel to userspace.
>
> So this question boils down to: do we export WMI to userspace or not?
>
> The WMI GUIDs and methods will not be divided across convenient Linux
> subsystem boundaries allowing us to pick and choose what we export.
> If we export WMI to userspace, we will be providing another means of
> access. Sometimes, this may cause conflict, and the answer may just
> be "don't do that".
>
> There are plenty of other examples of things you can do to screw up
> the state of your system if you have the right permissions for which
> the answer is "don't do that". Consider MEM(4), SETPCI(8), ...
> /dev/sda ... for example.
I know. There is also iopl(3). But this nor above examples are not tools
for such activity. (Yes, there is e.g. lspci which can be switched to
use iopl(3), but also it is not for normal usage.)
But on the other hand proposed WMI API designed are for such usage and
developers are directly motivated to use it.
> So we can either export them and possibly offer some means of
> proxying where necessary, or we can not export them.
I just tried to show that proposed proxy has above problem and looks
like anti-pattern for linux kernel. As this should be evaluated when
going to accept or reject it.
--
Pali Rohár
pali.rohar@...il.com
Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists