lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMuHMdVf+EsN8n9iON186xCZETafGscOOB4AXOZpaH0Aui-2=A@mail.gmail.com>
Date:   Fri, 10 Dec 2021 08:57:25 +0100
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Stephen Boyd <sboyd@...nel.org>
Cc:     Michael Turquette <mturquette@...libre.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-clk <linux-clk@...r.kernel.org>
Subject: Re: [PATCH] clk: Emit a stern warning with writable debugfs enabled

Hi Stephen,

On Fri, Dec 10, 2021 at 2:42 AM Stephen Boyd <sboyd@...nel.org> wrote:
> We don't want vendors to be enabling this part of the clk code and
> shipping it to customers. Exposing the ability to change clk frequencies
> and parents via debugfs is potentially damaging to the system if folks
> don't know what they're doing. Emit a strong warning so that the message
> is clear: don't enable this outside of development systems.
>
> Fixes: 37215da5553e ("clk: Add support for setting clk_rate via debugfs")
> Cc: Geert Uytterhoeven <geert+renesas@...der.be>
> Signed-off-by: Stephen Boyd <sboyd@...nel.org>

Thanks for your patch!

> --- a/drivers/clk/clk.c
> +++ b/drivers/clk/clk.c
> @@ -3383,6 +3383,24 @@ static int __init clk_debug_init(void)
>  {
>         struct clk_core *core;
>
> +#ifdef CLOCK_ALLOW_WRITE_DEBUGFS
> +       pr_warn("\n");
> +       pr_warn("********************************************************************\n");
> +       pr_warn("**     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE           **\n");
> +       pr_warn("**                                                                **\n");
> +       pr_warn("**  WRITEABLE clk DebugFS SUPPORT HAS BEEN ENABLED IN THIS KERNEL **\n");
> +       pr_warn("**                                                                **\n");
> +       pr_warn("** This means that this kernel is built to expose clk operations  **\n");
> +       pr_warn("** such as parent or rate setting, enabling, disabling, etc.      **\n");
> +       pr_warn("** to userspace, which may compromise security on your system.    **\n");
> +       pr_warn("**                                                                **\n");
> +       pr_warn("** If you see this message and you are not debugging the          **\n");
> +       pr_warn("** kernel, report this immediately to your vendor!                **\n");
> +       pr_warn("**                                                                **\n");
> +       pr_warn("**     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE           **\n");
> +       pr_warn("********************************************************************\n");

So how many variants of such blocks do we have now in the kernel?

> +#endif
> +
>         rootdir = debugfs_create_dir("clk", NULL);
>
>         debugfs_create_file("clk_summary", 0444, rootdir, &all_lists,
>
> base-commit: fa55b7dcdc43c1aa1ba12bca9d2dd4318c2a0dbf
> prerequisite-patch-id: e0d3f8e3fa43b55e55d7c4cee7c4902ae06ea4e0
> --
> https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/
> https://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi.git

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ