lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bb84da73d1df468da1707a2af09eb2de@AUSX13MPC105.AMER.DELL.COM>
Date:   Wed, 2 Oct 2019 16:00:55 +0000
From:   <Mario.Limonciello@...l.com>
To:     <yehezkelshb@...il.com>
CC:     <mika.westerberg@...ux.intel.com>, <linux-usb@...r.kernel.org>,
        <andreas.noever@...il.com>, <michael.jamet@...el.com>,
        <rajmohan.mani@...el.com>,
        <nicholas.johnson-opensource@...look.com.au>, <lukas@...ner.de>,
        <gregkh@...uxfoundation.org>, <stern@...land.harvard.edu>,
        <anthony.wong@...onical.com>, <linux-kernel@...r.kernel.org>
Subject: RE: [RFC PATCH 17/22] thunderbolt: Add initial support for USB4

> -----Original Message-----
> From: Yehezkel Bernat <yehezkelshb@...il.com>
> Sent: Wednesday, October 2, 2019 10:37 AM
> To: Limonciello, Mario
> Cc: Mika Westerberg; linux-usb@...r.kernel.org; Andreas Noever; Michael
> Jamet; Rajmohan Mani; nicholas.johnson-opensource@...look.com.au; Lukas
> Wunner; gregkh@...uxfoundation.org; stern@...land.harvard.edu; Anthony
> Wong; LKML
> Subject: Re: [RFC PATCH 17/22] thunderbolt: Add initial support for USB4
> 
> 
> [EXTERNAL EMAIL]
> 
> On Wed, Oct 2, 2019 at 6:09 PM <Mario.Limonciello@...l.com> wrote:
> >
> > > -----Original Message-----
> > > From: Mika Westerberg <mika.westerberg@...ux.intel.com>
> > > Sent: Wednesday, October 2, 2019 3:39 AM
> > > To: Limonciello, Mario
> > > Cc: linux-usb@...r.kernel.org; andreas.noever@...il.com;
> > > michael.jamet@...el.com; YehezkelShB@...il.com;
> rajmohan.mani@...el.com;
> > > nicholas.johnson-opensource@...look.com.au; lukas@...ner.de;
> > > gregkh@...uxfoundation.org; stern@...land.harvard.edu;
> > > anthony.wong@...onical.com; linux-kernel@...r.kernel.org
> > > Subject: Re: [RFC PATCH 17/22] thunderbolt: Add initial support for USB4
> > >
> > >
> > > [EXTERNAL EMAIL]
> > >
> > > On Tue, Oct 01, 2019 at 06:14:23PM +0000, Mario.Limonciello@...l.com
> wrote:
> > > > One more thought; would you consider exporting to sysfs sw-
> > > >config.vendor_id?
> > > > Maybe an attribute that is switch_vendor?
> > > >
> > > > Userland fwupd also does validation on the NVM and will need to follow
> this.
> > > > The same check will go into fwupd to match the vendor and lack of
> > > nvm_non_active0
> > > > to mark the device as not updatable.  When the checks in the kernel get
> > > relaxed,
> > > > some NVM parsing will have to make it over to fwupd too to relax the check
> at
> > > that point.
> > >
> > > The original idea was that the kernel does the basic validation and
> > > userspace then does more complex checks. Currently you can compare the
> > > two NVM images (active one and the new) and find that information there.
> > > I think fwupd is doing just that already. Is that not enough?
> >
> > I guess for fwupd we can do this without the extra attribute:
> >
> > 1) If no NVM files or nvm_version: means unsupported vendor -show that
> messaging somewhere.
> > This means kernel doesn't know the vendor.
> >
> > 2) If NVM file and nvm_version: means kernel knows it
> > *fwupd checks the vendor offset for intel.
> > -> intel: good, proceed
> > ->something else: fwupd needs to learn the format for the new vendor, show
> messaging
> >
> > There is the unlikely case that kernel knows new vendor format and vendor
> NVM happened to have
> > same value as Intel vendor ID in same location of Intel NVM but another
> meaning.
> > Hopefully that doesn't happen :)
> 
> It's not even "same location - another meaning", the vendor ID comes from the
> DROM section, so it takes a few internal jumps inside the NVM to find the
> location. One of the "pointers" or section headers will be broken for sure.
> 
> And after this, we need to find the NVM in LVFS and it has to pass validation in
> a few other locations. The chances are so low that I'd think it isn't worth
> worrying about it.

And now I remember why the back of my mind was having this thought of wanting
sysfs attribute in the first place.  The multiple jumps means that a lot more of the
NVM has to be dumped to get that data, which slows down fwupd startup significantly.
However the kernel has this information handy already from thunderbolt init and can
easily export an attribute which can then come from udev with no startup penalty.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ