lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 29 Sep 2020 23:32:54 +0200
From:   Pali Rohár <pali@...nel.org>
To:     Marcel Holtmann <marcel@...tmann.org>,
        Johan Hedberg <johan.hedberg@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, Pavel Machek <pavel@....cz>,
        Luiz Augusto von Dentz <luiz.dentz@...il.com>,
        Sebastian Reichel <sre@...nel.org>,
        David Heidelberg <david@...t.cz>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Removal of HCI commands, userspace bluetooth regression?

CCing other lists and maintainers, hopefully, somebody would have a time to look at it...

On Saturday 08 August 2020 15:27:47 Pali Rohár wrote:
> On Wednesday 15 April 2020 00:56:18 Pali Rohár wrote:
> > On Sunday 09 February 2020 14:21:37 Pali Rohár wrote:
> > > On Saturday 04 January 2020 11:24:36 Pali Rohár wrote:
> > > > On Saturday 04 January 2020 10:44:52 Marcel Holtmann wrote:
> > > > > Hi Pali,
> > > > > 
> > > > > > I wrote a simple script "sco_features.pl" which show all supported
> > > > > > codecs by local HCI bluetooth adapter. Script is available at:
> > > > > > 
> > > > > > https://github.com/pali/hsphfpd-prototype/blob/prototype/sco_features.pl
> > > > > > 
> > > > > > And I found out that OCF_READ_LOCAL_CODECS HCI command cannot be send by
> > > > > > non-root user. Kernel returns "Operation not permitted" error.
> > > > > > 
> > > > > > What is reason that kernel blocks OCF_READ_LOCAL_CODECS command for
> > > > > > non-root users? Without it (audio) application does not know which
> > > > > > codecs local bluetooth adapter supports.
> > > > > > 
> > > > > > E.g. OCF_READ_LOCAL_EXT_FEATURES or OCF_READ_VOICE_SETTING commands can
> > > > > > be send also by non-root user and kernel does not block them.
> > > > > 
> > > > > actually the direct access to HCI commands is being removed. So we have no plans to add new commands into the list since that it what the kernel is suppose to handle. If we wanted to expose this, then it has to be via mgmt.
> > > > 
> > > > Hi Marcel! Thank you for information. I have not know that this API is
> > > > "deprecated" and is going to be removed. But userspace audio
> > > > applications need to know what bluetooth adapter supports, so can you
> > > > export result of these commands to userspace? My script linked above
> > > > calls: OCF_READ_VOICE_SETTING, OCF_READ_LOCAL_COMMANDS,
> > > > OCF_READ_LOCAL_EXT_FEATURES, OCF_READ_LOCAL_CODECS
> > > 
> > > Hello! Just a gently reminder for this question. How to retrieve
> > > information about supported codecs from userspace by non-root user?
> > > Because running all bluetooth audio applications by root is not really a
> > > solution. Plus if above API for root user is going to be removed, what
> > > is a replacement?
> > 
> > Hello!
> > 
> > I have not got any answer to my email from Marcel for months, so I'm
> > adding other developers to loop. Could somebody tell me that is the
> > replacement API if above one is going to be removed?
> > 
> > I was not able to find any documentation where could be described this
> > API nor information about deprecation / removal.
> > 
> > And are you aware of the fact that removing of API could potentially
> > break existing applications?
> > 
> > I really need to know which API should I use, because when I use API
> > which is going to be removed, then my application stops working. And I
> > really want to avoid it.
> > 
> > Also I have not got any response yet, how can I read list of supported
> > codecs by bluetooth adapter by ordinary non-root user? Audio application
> > needs to know list of supported codecs and it is really insane to run it
> > as root.
> 
> Hello! This is just another reminder that I have not got any reply to
> this email.
> 
> Does silence mean that audio applications are expected to work only
> under root account and ordinary users are not able to use audio and list
> supported codecs?

Hello! I have not got any reply for this issue for 10 months and if you
are going to remove (or after these 10 months you already did it?)
existing HCI API from kernel it would break existing and working
userspace application. How do you want to handle such regressions?

I think that more people in past said that there should not be
regressions in userspace applications caused by kernel changes (e.g.
removing of API).

Also, could you please say something about root requirement for listing
supported codecs? At least clarifying something like

  "kernel allows only processes with uid=0 to access list of supported
  bluetooth audio codecs, effectively means requirement of bluetooth
  audio applications to run as root; and kernel developers do not have
  a time to discuss any future changes on this topic"

would be nice to know what is current state or future, so developers of
userspace bluetooth applications would know what should they do or
expect.


I really dislike this situation when after 10 months I just get
information that API for userspace is being removed without any
replacement and without any discussion how to handle issues and
transition period.

Powered by blists - more mailing lists