lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k0agr5hr.wl-tiwai@suse.de>
Date:   Fri, 20 May 2022 10:08:16 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     Vitaly Rodionov <vitalyr@...nsource.cirrus.com>
Cc:     Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>,
        Mark Brown <broonie@...nel.org>, <alsa-devel@...a-project.org>,
        <patches@...nsource.cirrus.com>, <linux-kernel@...r.kernel.org>,
        Stefan Binding <sbinding@...nsource.cirrus.com>
Subject: Re: [PATCH v3 16/17] ALSA: hda: cs35l41: Support Firmware switching and reloading

On Thu, 19 May 2022 19:47:48 +0200,
Vitaly Rodionov wrote:
> 
> From: Stefan Binding <sbinding@...nsource.cirrus.com>
> 
> This is required to support CS35L41 calibration.
> 
> By default, speaker protection firmware will be loaded, if
> available. However, different firmware is required to run
> the calibration sequence, so it is necessary to add support
> to be able to unload, switch and reload firmware.
> 
> This patch adds 2 ALSA Controls for each amp:
> "DSP1 Firmware Load"
> "DSP1 Firmware Type"
> 
> "DSP1 Firmware Load" can be used to unload and
> load the firmware.
> "DSP1 Firmware Type"  can be used to switch the
> target firmware to be loaded by "DSP1 Firmware Load"

Hmm.  This essentially means that you can execute the firmware load
and the whole DSP init / removal just by changing this control element
value, right?  The end-effect is too strong, IMO.  The control element
is available to all users who can access the sound device, and any
malicious program may change it randomly thousands times per second.
That is, it can easily lead to some weird issue, I'm afraid.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ