lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aLgrqZETNLmuMHhv@smile.fi.intel.com>
Date: Wed, 3 Sep 2025 14:51:05 +0300
From: Andy Shevchenko <andriy.shevchenko@...el.com>
To: Bartosz Golaszewski <brgl@...ev.pl>
Cc: Andy Shevchenko <andy.shevchenko@...il.com>,
	Linus Walleij <linus.walleij@...aro.org>,
	Bjorn Andersson <andersson@...nel.org>,
	Konrad Dybcio <konradybcio@...nel.org>,
	Alexey Klimov <alexey.klimov@...aro.org>,
	Lorenzo Bianconi <lorenzo@...nel.org>,
	Sean Wang <sean.wang@...nel.org>,
	Matthias Brugger <matthias.bgg@...il.com>,
	AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>,
	Paul Cercueil <paul@...pouillou.net>, Kees Cook <kees@...nel.org>,
	Andy Shevchenko <andy@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	David Hildenbrand <david@...hat.com>,
	Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
	"Liam R. Howlett" <Liam.Howlett@...cle.com>,
	Vlastimil Babka <vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>,
	Suren Baghdasaryan <surenb@...gle.com>,
	Michal Hocko <mhocko@...e.com>, Dong Aisheng <aisheng.dong@....com>,
	Fabio Estevam <festevam@...il.com>, Shawn Guo <shawnguo@...nel.org>,
	Jacky Bai <ping.bai@....com>,
	Pengutronix Kernel Team <kernel@...gutronix.de>,
	NXP S32 Linux Team <s32@....com>,
	Sascha Hauer <s.hauer@...gutronix.de>,
	Tony Lindgren <tony@...mide.com>,
	Haojian Zhuang <haojian.zhuang@...aro.org>,
	Geert Uytterhoeven <geert+renesas@...der.be>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	"Rafael J. Wysocki" <rafael@...nel.org>,
	Danilo Krummrich <dakr@...nel.org>,
	Neil Armstrong <neil.armstrong@...aro.org>,
	Mark Brown <broonie@...nel.org>, linux-gpio@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org,
	linux-mediatek@...ts.infradead.org,
	linux-arm-kernel@...ts.infradead.org, linux-mips@...r.kernel.org,
	linux-hardening@...r.kernel.org, linux-mm@...ck.org,
	imx@...ts.linux.dev, linux-omap@...r.kernel.org,
	linux-renesas-soc@...r.kernel.org,
	Bartosz Golaszewski <bartosz.golaszewski@...aro.org>,
	Konrad Dybcio <konrad.dybcio@....qualcomm.com>
Subject: Re: [PATCH v7 16/16] pinctrl: qcom: make the pinmuxing strict

On Wed, Sep 03, 2025 at 01:05:27PM +0200, Bartosz Golaszewski wrote:
> On Wed, Sep 3, 2025 at 12:53 PM Andy Shevchenko
> <andriy.shevchenko@...el.com> wrote:
> > On Wed, Sep 03, 2025 at 12:41:48PM +0200, Bartosz Golaszewski wrote:
> > > On Wed, Sep 3, 2025 at 12:38 PM Andy Shevchenko
> > > <andriy.shevchenko@...el.com> wrote:
> > > > On Wed, Sep 03, 2025 at 12:34:00PM +0200, Bartosz Golaszewski wrote:
> > > > > On Wed, Sep 3, 2025 at 12:22 PM Andy Shevchenko
> > > > > <andriy.shevchenko@...el.com> wrote:
> > > > > > On Wed, Sep 03, 2025 at 09:33:34AM +0200, Bartosz Golaszewski wrote:
> > > > > > > On Tue, Sep 2, 2025 at 10:46 PM Andy Shevchenko
> > > > > > > <andy.shevchenko@...il.com> wrote:
> > > > > > > > On Tue, Sep 2, 2025 at 8:42 PM Bartosz Golaszewski <brgl@...ev.pl> wrote:
> > > > > > > > > On Tue, Sep 2, 2025 at 4:38 PM Andy Shevchenko
> > > > > > > > > <andriy.shevchenko@...el.com> wrote:
> > > > > > > > > > On Tue, Sep 02, 2025 at 01:59:25PM +0200, Bartosz Golaszewski wrote:

...

> > > > > > > > > > > The strict flag in struct pinmux_ops disallows the usage of the same pin
> > > > > > > > > > > as a GPIO and for another function. Without it, a rouge user-space
> > > > > > > > > > > process with enough privileges (or even a buggy driver) can request a
> > > > > > > > > > > used pin as GPIO and drive it, potentially confusing devices or even
> > > > > > > > > > > crashing the system. Set it globally for all pinctrl-msm users.
> > > > > > > > > >
> > > > > > > > > > How does this keep (or allow) I²C generic recovery mechanism to work?
> > > > > > >
> > > > > > > Anyway, what is your point? I don't think it has any impact on this.
> > > > > >
> > > > > > If we have a group of pins that are marked as I²C, and we want to use recovery
> > > > > > via GPIOs, would it be still possible to request as GPIO when controller driver
> > > > > > is in the strict mode?
> > > > >
> > > > > Yes, if you mark that function as a "GPIO" function in the pin
> > > > > controller driver.
> > > >
> > > > How would it prevent from requesting from user space?
> > >
> > > It wouldn't, we don't discriminate between user-space and in-kernel
> > > GPIO users. A function either is a GPIO or isn't. Can you point me to
> > > the driver you're thinking about or is this a purely speculative
> > > question?
> >
> > The recovery mechanism is in I²C core and many drivers use that.
> > I'm not aware of Qualcomm drivers in particular. But mechanism is
> > in use in I²C DesignWare which is distributed a lot among platforms,
> > so using word 'purely' is incorrect, and word 'speculative' is a bit
> > strong, but you can think of the issue coming later on when somebody
> > does something like this.
> >
> > The same applies to the in-band wakeup UART mechanism.
> >
> > Which means that with this series we will relax it back anyway for
> > the above mentioned cases.
> >
> > (Not sure, but SPI DesignWare requires programming SPI native chip selects even
> >  if the GPIO is used for that, this might have also some implications, but here
> >  it's for real 'purely speculative'.)
> 
> The high-level answer is: yes, a pin that will be used by GPIOLIB
> needs the function it's muxed to, to be marked as "GPIOable" in its
> parent pin controller if it's strict. That's still better than the
> current situation.
> 
> I can imagine we could differentiate between in-kernel and user-space
> users of GPIOs and then make it impossible for the latter to request
> certain pins while they could still be requested in the kernel but
> that's outside of the scope of this series.
> 
> I don't see why this would stop these patches though, as they don't
> break anything unless you decide to make your pin controller strict in
> which situation you'd need to verify which functions can GPIOs anyway.

It can't anyway, Linus already applied :-)

-- 
With Best Regards,
Andy Shevchenko



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ