lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMRc=MdD9g4WiBCP0qYGuy5e3pnQf5MUHTqkUOnrUvcWUYK27A@mail.gmail.com>
Date: Wed, 3 Sep 2025 13:05:27 +0200
From: Bartosz Golaszewski <brgl@...ev.pl>
To: Andy Shevchenko <andriy.shevchenko@...el.com>
Cc: Andy Shevchenko <andy.shevchenko@...il.com>, Linus Walleij <linus.walleij@...aro.org>, 
	Bjorn Andersson <andersson@...nel.org>, Konrad Dybcio <konradybcio@...nel.org>, 
	Alexey Klimov <alexey.klimov@...aro.org>, Lorenzo Bianconi <lorenzo@...nel.org>, 
	Sean Wang <sean.wang@...nel.org>, Matthias Brugger <matthias.bgg@...il.com>, 
	AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>, 
	Paul Cercueil <paul@...pouillou.net>, Kees Cook <kees@...nel.org>, 
	Andy Shevchenko <andy@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, 
	David Hildenbrand <david@...hat.com>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, 
	"Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, 
	Mike Rapoport <rppt@...nel.org>, Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>, 
	Dong Aisheng <aisheng.dong@....com>, Fabio Estevam <festevam@...il.com>, 
	Shawn Guo <shawnguo@...nel.org>, Jacky Bai <ping.bai@....com>, 
	Pengutronix Kernel Team <kernel@...gutronix.de>, NXP S32 Linux Team <s32@....com>, 
	Sascha Hauer <s.hauer@...gutronix.de>, Tony Lindgren <tony@...mide.com>, 
	Haojian Zhuang <haojian.zhuang@...aro.org>, Geert Uytterhoeven <geert+renesas@...der.be>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, 
	Danilo Krummrich <dakr@...nel.org>, Neil Armstrong <neil.armstrong@...aro.org>, 
	Mark Brown <broonie@...nel.org>, linux-gpio@...r.kernel.org, 
	linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org, 
	linux-mediatek@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org, 
	linux-mips@...r.kernel.org, linux-hardening@...r.kernel.org, 
	linux-mm@...ck.org, imx@...ts.linux.dev, linux-omap@...r.kernel.org, 
	linux-renesas-soc@...r.kernel.org, 
	Bartosz Golaszewski <bartosz.golaszewski@...aro.org>, 
	Konrad Dybcio <konrad.dybcio@....qualcomm.com>
Subject: Re: [PATCH v7 16/16] pinctrl: qcom: make the pinmuxing strict

On Wed, Sep 3, 2025 at 12:53 PM Andy Shevchenko
<andriy.shevchenko@...el.com> wrote:
>
> On Wed, Sep 03, 2025 at 12:41:48PM +0200, Bartosz Golaszewski wrote:
> > On Wed, Sep 3, 2025 at 12:38 PM Andy Shevchenko
> > <andriy.shevchenko@...el.com> wrote:
> > > On Wed, Sep 03, 2025 at 12:34:00PM +0200, Bartosz Golaszewski wrote:
> > > > On Wed, Sep 3, 2025 at 12:22 PM Andy Shevchenko
> > > > <andriy.shevchenko@...el.com> wrote:
> > > > > On Wed, Sep 03, 2025 at 09:33:34AM +0200, Bartosz Golaszewski wrote:
> > > > > > On Tue, Sep 2, 2025 at 10:46 PM Andy Shevchenko
> > > > > > <andy.shevchenko@...il.com> wrote:
> > > > > > > On Tue, Sep 2, 2025 at 8:42 PM Bartosz Golaszewski <brgl@...ev.pl> wrote:
> > > > > > > > On Tue, Sep 2, 2025 at 4:38 PM Andy Shevchenko
> > > > > > > > <andriy.shevchenko@...el.com> wrote:
> > > > > > > > > On Tue, Sep 02, 2025 at 01:59:25PM +0200, Bartosz Golaszewski wrote:
>
> ...
>
> > > > > > > > > > The strict flag in struct pinmux_ops disallows the usage of the same pin
> > > > > > > > > > as a GPIO and for another function. Without it, a rouge user-space
> > > > > > > > > > process with enough privileges (or even a buggy driver) can request a
> > > > > > > > > > used pin as GPIO and drive it, potentially confusing devices or even
> > > > > > > > > > crashing the system. Set it globally for all pinctrl-msm users.
> > > > > > > > >
> > > > > > > > > How does this keep (or allow) I²C generic recovery mechanism to work?
> > > > > >
> > > > > > Anyway, what is your point? I don't think it has any impact on this.
> > > > >
> > > > > If we have a group of pins that are marked as I²C, and we want to use recovery
> > > > > via GPIOs, would it be still possible to request as GPIO when controller driver
> > > > > is in the strict mode?
> > > >
> > > > Yes, if you mark that function as a "GPIO" function in the pin
> > > > controller driver.
> > >
> > > How would it prevent from requesting from user space?
> >
> > It wouldn't, we don't discriminate between user-space and in-kernel
> > GPIO users. A function either is a GPIO or isn't. Can you point me to
> > the driver you're thinking about or is this a purely speculative
> > question?
>
> The recovery mechanism is in I²C core and many drivers use that.
> I'm not aware of Qualcomm drivers in particular. But mechanism is
> in use in I²C DesignWare which is distributed a lot among platforms,
> so using word 'purely' is incorrect, and word 'speculative' is a bit
> strong, but you can think of the issue coming later on when somebody
> does something like this.
>
> The same applies to the in-band wakeup UART mechanism.
>
> Which means that with this series we will relax it back anyway for
> the above mentioned cases.
>
> (Not sure, but SPI DesignWare requires programming SPI native chip selects even
>  if the GPIO is used for that, this might have also some implications, but here
>  it's for real 'purely speculative'.)
>

The high-level answer is: yes, a pin that will be used by GPIOLIB
needs the function it's muxed to, to be marked as "GPIOable" in its
parent pin controller if it's strict. That's still better than the
current situation.

I can imagine we could differentiate between in-kernel and user-space
users of GPIOs and then make it impossible for the latter to request
certain pins while they could still be requested in the kernel but
that's outside of the scope of this series.

I don't see why this would stop these patches though, as they don't
break anything unless you decide to make your pin controller strict in
which situation you'd need to verify which functions can GPIOs anyway.

Bartosz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ