| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMRc=MdD9g4WiBCP0qYGuy5e3pnQf5MUHTqkUOnrUvcWUYK27A@mail.gmail.com> Date: Wed, 3 Sep 2025 13:05:27 +0200 From: Bartosz Golaszewski <brgl@...ev.pl> To: Andy Shevchenko <andriy.shevchenko@...el.com> Cc: Andy Shevchenko <andy.shevchenko@...il.com>, Linus Walleij <linus.walleij@...aro.org>, Bjorn Andersson <andersson@...nel.org>, Konrad Dybcio <konradybcio@...nel.org>, Alexey Klimov <alexey.klimov@...aro.org>, Lorenzo Bianconi <lorenzo@...nel.org>, Sean Wang <sean.wang@...nel.org>, Matthias Brugger <matthias.bgg@...il.com>, AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>, Paul Cercueil <paul@...pouillou.net>, Kees Cook <kees@...nel.org>, Andy Shevchenko <andy@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, David Hildenbrand <david@...hat.com>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>, Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko <mhocko@...e.com>, Dong Aisheng <aisheng.dong@....com>, Fabio Estevam <festevam@...il.com>, Shawn Guo <shawnguo@...nel.org>, Jacky Bai <ping.bai@....com>, Pengutronix Kernel Team <kernel@...gutronix.de>, NXP S32 Linux Team <s32@....com>, Sascha Hauer <s.hauer@...gutronix.de>, Tony Lindgren <tony@...mide.com>, Haojian Zhuang <haojian.zhuang@...aro.org>, Geert Uytterhoeven <geert+renesas@...der.be>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, Danilo Krummrich <dakr@...nel.org>, Neil Armstrong <neil.armstrong@...aro.org>, Mark Brown <broonie@...nel.org>, linux-gpio@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org, linux-mediatek@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org, linux-mips@...r.kernel.org, linux-hardening@...r.kernel.org, linux-mm@...ck.org, imx@...ts.linux.dev, linux-omap@...r.kernel.org, linux-renesas-soc@...r.kernel.org, Bartosz Golaszewski <bartosz.golaszewski@...aro.org>, Konrad Dybcio <konrad.dybcio@....qualcomm.com> Subject: Re: [PATCH v7 16/16] pinctrl: qcom: make the pinmuxing strict On Wed, Sep 3, 2025 at 12:53 PM Andy Shevchenko <andriy.shevchenko@...el.com> wrote: > > On Wed, Sep 03, 2025 at 12:41:48PM +0200, Bartosz Golaszewski wrote: > > On Wed, Sep 3, 2025 at 12:38 PM Andy Shevchenko > > <andriy.shevchenko@...el.com> wrote: > > > On Wed, Sep 03, 2025 at 12:34:00PM +0200, Bartosz Golaszewski wrote: > > > > On Wed, Sep 3, 2025 at 12:22 PM Andy Shevchenko > > > > <andriy.shevchenko@...el.com> wrote: > > > > > On Wed, Sep 03, 2025 at 09:33:34AM +0200, Bartosz Golaszewski wrote: > > > > > > On Tue, Sep 2, 2025 at 10:46 PM Andy Shevchenko > > > > > > <andy.shevchenko@...il.com> wrote: > > > > > > > On Tue, Sep 2, 2025 at 8:42 PM Bartosz Golaszewski <brgl@...ev.pl> wrote: > > > > > > > > On Tue, Sep 2, 2025 at 4:38 PM Andy Shevchenko > > > > > > > > <andriy.shevchenko@...el.com> wrote: > > > > > > > > > On Tue, Sep 02, 2025 at 01:59:25PM +0200, Bartosz Golaszewski wrote: > > ... > > > > > > > > > > > The strict flag in struct pinmux_ops disallows the usage of the same pin > > > > > > > > > > as a GPIO and for another function. Without it, a rouge user-space > > > > > > > > > > process with enough privileges (or even a buggy driver) can request a > > > > > > > > > > used pin as GPIO and drive it, potentially confusing devices or even > > > > > > > > > > crashing the system. Set it globally for all pinctrl-msm users. > > > > > > > > > > > > > > > > > > How does this keep (or allow) I²C generic recovery mechanism to work? > > > > > > > > > > > > Anyway, what is your point? I don't think it has any impact on this. > > > > > > > > > > If we have a group of pins that are marked as I²C, and we want to use recovery > > > > > via GPIOs, would it be still possible to request as GPIO when controller driver > > > > > is in the strict mode? > > > > > > > > Yes, if you mark that function as a "GPIO" function in the pin > > > > controller driver. > > > > > > How would it prevent from requesting from user space? > > > > It wouldn't, we don't discriminate between user-space and in-kernel > > GPIO users. A function either is a GPIO or isn't. Can you point me to > > the driver you're thinking about or is this a purely speculative > > question? > > The recovery mechanism is in I²C core and many drivers use that. > I'm not aware of Qualcomm drivers in particular. But mechanism is > in use in I²C DesignWare which is distributed a lot among platforms, > so using word 'purely' is incorrect, and word 'speculative' is a bit > strong, but you can think of the issue coming later on when somebody > does something like this. > > The same applies to the in-band wakeup UART mechanism. > > Which means that with this series we will relax it back anyway for > the above mentioned cases. > > (Not sure, but SPI DesignWare requires programming SPI native chip selects even > if the GPIO is used for that, this might have also some implications, but here > it's for real 'purely speculative'.) > The high-level answer is: yes, a pin that will be used by GPIOLIB needs the function it's muxed to, to be marked as "GPIOable" in its parent pin controller if it's strict. That's still better than the current situation. I can imagine we could differentiate between in-kernel and user-space users of GPIOs and then make it impossible for the latter to request certain pins while they could still be requested in the kernel but that's outside of the scope of this series. I don't see why this would stop these patches though, as they don't break anything unless you decide to make your pin controller strict in which situation you'd need to verify which functions can GPIOs anyway. Bartosz
Powered by blists - more mailing lists