lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Mar 2019 23:20:59 +0530
From:   Gaurav Kohli <gkohli@...eaurora.org>
To:     Srinivas Kandagatla <srinivas.kandagatla@...aro.org>,
        linux-kernel@...r.kernel.org
Cc:     linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH v2] nvmem: core: Set no-read-write provider to avoid
 userspace read/write


On 3/20/2019 9:56 PM, Srinivas Kandagatla wrote:
>
>
> On 20/03/2019 15:50, Gaurav Kohli wrote:
>>
>> On 3/20/2019 8:04 PM, Srinivas Kandagatla wrote:
>>>
>>>
>>> On 17/03/2019 14:12, Gaurav Kohli wrote:
>>>> Current nvmem framework allows user space to read all register space
>>>> populated by nvmem binary file, In case we don't want to expose value
>>>> of registers to userspace and only want kernel space to read cell
>>>> value from nvmem_cell_read_u32.
>>>>
>>>> To protect the same, Add no-read-write property to prevent read
>>>> from userspace.
>>>>
>>>
>>> Can you explain the real need of this?
>>> Is there any issue you are noticing while reading nvmem content from 
>>> userspace?
>>>
>> Hi Srinivas,
>>
>>
>> No, We are not observing any issue, nvmem is dumping the data properly.
>>
>> But there are certain register, which we don't want to expose to user 
>> space and want kernel space can only read via nvmem_cell_read.
> Am guessing these are some kind of keys or something that you do not 
> want user to see.
>
Hi Srinivas,

Thanks.

Yes exactly, there are certain keys or even certain bit that we don't 
want to expose to user.


> Is root only option not helping you in this case?
Yes we want to protect at root level as well, i mean it is better if we 
can avoid exposing to userspace at all.
>
> We could go down the route of adding new config option something like 
> CONFIG_NVMEM_NO_SYSFS_ENTRY to prevent adding nvmem entry in userspace.
>
> Let me know if you are happy to create a patch for this change?

I am happy with either way config option or dt binding(seems easy), 
please let me know we will post new patch for the same.

In config option, do i have to remove all binary creation code of nvmem 
, correct? or simply put a check like dt binding option

so user cannot read it.

Thanks

Gaurav

>
> Thanks,
> srini
>
>>
>> In existing design, even if we read cell from kernel space, nvmem 
>> binary files is still populated to user space unconditionally.
>>
>> Regards
>>
>> Gaurav

-- 
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center,
Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ