| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jKDrPDFz=iFD9XnB2OfcG_fgQuaQT96PCJi=+dhL7UB5w@mail.gmail.com>
Date: Tue, 27 Feb 2018 15:23:03 -0800
From: Kees Cook <keescook@...omium.org>
To: "Luis R. Rodriguez" <mcgrof@...nel.org>
Cc: Greg KH <gregkh@...uxfoundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Shuah Khan <shuah@...nel.org>,
Martin Fuzzey <mfuzzey@...keon.com>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
David Howells <dhowells@...hat.com>, pali.rohar@...il.com,
Takashi Iwai <tiwai@...e.de>, arend.vanspriel@...adcom.com,
Rafał Miłecki <zajec5@...il.com>,
nbroeking@...com, Vikram Mulukutla <markivx@...eaurora.org>,
stephen.boyd@...aro.org, Mark Brown <broonie@...nel.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
David Woodhouse <dwmw2@...radead.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Abhay_Salunke@...l.com, bjorn.andersson@...aro.org,
jewalt@...innovations.com, LKML <linux-kernel@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH v2 09/11] firmware: enable to force disable the fallback
mechanism at run time
On Fri, Feb 23, 2018 at 6:46 PM, Luis R. Rodriguez <mcgrof@...nel.org> wrote:
> You currently need four different kernel builds to test the firmware
> API fully. By adding a proc knob to force disable the fallback mechanism
> completely we are able to reduce the amount of kernels you need built
> to test the firmware API down to two.
>
> Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>
Acked-by: Kees Cook <keescook@...omium.org>
-Kees
> ---
> drivers/base/firmware_fallback.c | 5 +++++
> drivers/base/firmware_fallback.h | 4 ++++
> drivers/base/firmware_fallback_table.c | 9 +++++++++
> 3 files changed, 18 insertions(+)
>
> diff --git a/drivers/base/firmware_fallback.c b/drivers/base/firmware_fallback.c
> index cbce9a950cd8..13fa5ff2b46c 100644
> --- a/drivers/base/firmware_fallback.c
> +++ b/drivers/base/firmware_fallback.c
> @@ -643,6 +643,11 @@ static bool fw_force_sysfs_fallback(unsigned int opt_flags)
>
> static bool fw_run_sysfs_fallback(unsigned int opt_flags)
> {
> + if (fw_fallback_config.ignore_sysfs_fallback) {
> + pr_info_once("Ignoring firmware sysfs fallback due to debugfs knob\n");
> + return false;
> + }
> +
> if ((opt_flags & FW_OPT_NOFALLBACK))
> return false;
>
> diff --git a/drivers/base/firmware_fallback.h b/drivers/base/firmware_fallback.h
> index ca7e69a8417b..dfebc644ed35 100644
> --- a/drivers/base/firmware_fallback.h
> +++ b/drivers/base/firmware_fallback.h
> @@ -14,12 +14,16 @@
> * as if one had enabled CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y.
> * Useful to help debug a CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y
> * functionality on a kernel where that config entry has been disabled.
> + * @ignore_sysfs_fallback: force to disable the sysfs fallback mechanism.
> + * This emulates the behaviour as if we had set the kernel
> + * config CONFIG_FW_LOADER_USER_HELPER=n.
> * @old_timeout: for internal use
> * @loading_timeout: the timeout to wait for the fallback mechanism before
> * giving up, in seconds.
> */
> struct firmware_fallback_config {
> unsigned int force_sysfs_fallback;
> + unsigned int ignore_sysfs_fallback;
> int old_timeout;
> int loading_timeout;
> };
> diff --git a/drivers/base/firmware_fallback_table.c b/drivers/base/firmware_fallback_table.c
> index 77300d5e9c52..5e990b0330c7 100644
> --- a/drivers/base/firmware_fallback_table.c
> +++ b/drivers/base/firmware_fallback_table.c
> @@ -39,6 +39,15 @@ struct ctl_table firmware_config_table[] = {
> .extra1 = &zero,
> .extra2 = &one,
> },
> + {
> + .procname = "ignore_sysfs_fallback",
> + .data = &fw_fallback_config.ignore_sysfs_fallback,
> + .maxlen = sizeof(unsigned int),
> + .mode = 0644,
> + .proc_handler = proc_douintvec_minmax,
> + .extra1 = &zero,
> + .extra2 = &one,
> + },
> { }
> };
> EXPORT_SYMBOL_GPL(firmware_config_table);
> --
> 2.16.2
>
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists