lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 8 Sep 2018 18:18:53 -0700
From:   Olof Johansson <olof@...om.net>
To:     Jolly Shah <jolly.shah@...inx.com>
Cc:     "ard.biesheuvel@...aro.org" <ard.biesheuvel@...aro.org>,
        Ingo Molnar <mingo@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        matt@...eblueprint.co.uk, Sudeep Holla <sudeep.holla@....com>,
        hkallweit1@...il.com, Kees Cook <keescook@...omium.org>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Michael Turquette <mturquette@...libre.com>,
        Stephen Boyd <sboyd@...eaurora.org>,
        Michal Simek <michal.simek@...inx.com>,
        Rob Herring <robh+dt@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        linux-clk <linux-clk@...r.kernel.org>, rajanv@...inx.com,
        Linux ARM Mailing List <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        DTML <devicetree@...r.kernel.org>, Jolly Shah <jollys@...inx.com>
Subject: Re: [PATCH v11 03/11] firmware: xilinx: Add zynqmp IOCTL API for
 device control

Hi,

On Fri, Aug 3, 2018 at 10:53 AM, Jolly Shah <jolly.shah@...inx.com> wrote:
> From: Rajan Vaja <rajanv@...inx.com>
>
> Add ZynqMP firmware IOCTL API to control and configure
> devices like PLLs, SD, Gem, etc.
>
> Signed-off-by: Rajan Vaja <rajanv@...inx.com>
> Signed-off-by: Jolly Shah <jollys@...inx.com>

This patch worries me somewhat. It's a transparent pass-through ioctl
driver. Is there a spec available for what the implemented IOCTLs are?

Should some of them be proper drivers instead of an opaque
pass-through like this? Could some of them have stability impact on
the platform such that there are security concerns and the list of
arguments should somehow be sanitized?

What's the intended usecase anyway? Just a debug tool during
development, or something that you expect heavy use of by some
userspace middleware?


-Olof

Powered by blists - more mailing lists