| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Sep 2017 18:27:15 +0000
From: <Mario.Limonciello@...l.com>
To: <dvhart@...radead.org>
CC: <andy.shevchenko@...il.com>, <pali.rohar@...il.com>,
<linux-kernel@...r.kernel.org>,
<platform-driver-x86@...r.kernel.org>, <quasisec@...gle.com>
Subject: RE: [PATCH 06/12] platform/x86: dell-wmi-smbios: Add a sysfs
interface for SMBIOS tokens
> -----Original Message-----
> From: Darren Hart [mailto:dvhart@...radead.org]
> Sent: Wednesday, September 27, 2017 12:51 PM
> To: Limonciello, Mario <Mario_Limonciello@...l.com>
> Cc: andy.shevchenko@...il.com; pali.rohar@...il.com; linux-
> kernel@...r.kernel.org; platform-driver-x86@...r.kernel.org;
> quasisec@...gle.com
> Subject: Re: [PATCH 06/12] platform/x86: dell-wmi-smbios: Add a sysfs interface
> for SMBIOS tokens
>
> On Mon, Sep 25, 2017 at 05:31:05PM +0000, Mario.Limonciello@...l.com wrote:
> > > -----Original Message-----
> > > From: Andy Shevchenko [mailto:andy.shevchenko@...il.com]
> > > Sent: Monday, September 25, 2017 1:04 PM
> > > To: Pali Rohár <pali.rohar@...il.com>
> > > Cc: Limonciello, Mario <Mario_Limonciello@...l.com>; dvhart@...radead.org;
> > > LKML <linux-kernel@...r.kernel.org>; Platform Driver <platform-driver-
> > > x86@...r.kernel.org>; quasisec@...gle.com
> > > Subject: Re: [PATCH 06/12] platform/x86: dell-wmi-smbios: Add a sysfs
> interface
> > > for SMBIOS tokens
> > >
> > > On Mon, Sep 25, 2017 at 7:23 PM, Pali Rohár <pali.rohar@...il.com> wrote:
> > > > On Thursday 21 September 2017 08:57:11 Mario Limonciello wrote:
> > > >> Currently userspace tools can access system tokens via the dcdbas
> > > >> kernel module and a SMI call that will cause the platform to execute
> > > >> SMM code.
> > > >>
> > > >> With a goal in mind of deprecating the dcdbas kernel module a different
> > > >> method for accessing these tokens from userspace needs to be created.
> > > >>
> > > >> This is intentionally marked to only be readable as root as it can
> > > >> contain sensitive information about the platform's configuration.
> > > >
> > > > Darren, Andy, any comments? I'm not quite sure if such API is suitable
> > > > for long term in kernel.
> > >
> > > I would try to avoid sysfs interfaces for some particular devices.
> > > Besides we are creating a character device. Would it be suitable there?
> >
> > If the character device having 2 different ioctls for different needs is
> > acceptable I'm happy to adjust the series to do this instead.
>
> One piece of feedback I had re the char device was to see if we could avoid the
> need for the IOCTL altogether, I'd like to have that discussion before we add
> another.
My original design was sysfs files for everything but it was raised by several folks
that you run into the potential of two userspace processes stomping on each
other's data when they run the ACPI call. That's why I need to have a mutex to
protect and make sure that userspace calls get the right results.
>
> >
> > >
> > > > Basically tokens are list of tuples <id, location, value> with
> > > > possibility to active them, right?
> > > >
> >
> > I didn't add a way to activate them through this, it was only for
> > reading purpose. Activating them should be possible through the
> > SMBIOS calling interface though.
> >
>
> These are read-only as I understood it, and only with the right privileges.
> Sysfs seemed appropriate for this to me.
Andy S was against having this data as another sysfs file. From a userspace
perspective I think it's simpler to just parse a sysfs file with read only static
data as root. With the current ioctl based solution it requires userspace to run
an ioctl to determine how many tokens exist, then allocate a chunk of memory
big enough to hold all the token data and then run another ioctl to get all the tokens.
Andy S, given this change between v1 and v2 what do you feel is better?
Powered by blists - more mailing lists