Re: [PATCH v2 09/11] firmware: enable to force disable the fallback mechanism at run time

From: Kees Cook
Date: Tue Feb 27 2018 - 18:23:12 EST

Next message: Luis R. Rodriguez: "[RFT 4/7] firmware: add helper to check to see if fw cache is setup"
Previous message: Kees Cook: "Re: [PATCH v2 08/11] firmware: enable run time change of forcing fallback loader"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 23, 2018 at 6:46 PM, Luis R. Rodriguez <mcgrof@xxxxxxxxxx> wrote:
> You currently need four different kernel builds to test the firmware
> API fully. By adding a proc knob to force disable the fallback mechanism
> completely we are able to reduce the amount of kernels you need built
> to test the firmware API down to two.
>
> Signed-off-by: Luis R. Rodriguez <mcgrof@xxxxxxxxxx>

Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>

-Kees

> ---
> drivers/base/firmware_fallback.c | 5 +++++
> drivers/base/firmware_fallback.h | 4 ++++
> drivers/base/firmware_fallback_table.c | 9 +++++++++
> 3 files changed, 18 insertions(+)
>
> diff --git a/drivers/base/firmware_fallback.c b/drivers/base/firmware_fallback.c
> index cbce9a950cd8..13fa5ff2b46c 100644
> --- a/drivers/base/firmware_fallback.c
> +++ b/drivers/base/firmware_fallback.c
> @@ -643,6 +643,11 @@ static bool fw_force_sysfs_fallback(unsigned int opt_flags)
>
> static bool fw_run_sysfs_fallback(unsigned int opt_flags)
> {
> + if (fw_fallback_config.ignore_sysfs_fallback) {
> + pr_info_once("Ignoring firmware sysfs fallback due to debugfs knob\n");
> + return false;
> + }
> +
> if ((opt_flags & FW_OPT_NOFALLBACK))
> return false;
>
> diff --git a/drivers/base/firmware_fallback.h b/drivers/base/firmware_fallback.h
> index ca7e69a8417b..dfebc644ed35 100644
> --- a/drivers/base/firmware_fallback.h
> +++ b/drivers/base/firmware_fallback.h
> @@ -14,12 +14,16 @@
> * as if one had enabled CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y.
> * Useful to help debug a CONFIG_FW_LOADER_USER_HELPER_FALLBACK=y
> * functionality on a kernel where that config entry has been disabled.
> + * @ignore_sysfs_fallback: force to disable the sysfs fallback mechanism.
> + * This emulates the behaviour as if we had set the kernel
> + * config CONFIG_FW_LOADER_USER_HELPER=n.
> * @old_timeout: for internal use
> * @loading_timeout: the timeout to wait for the fallback mechanism before
> * giving up, in seconds.
> */
> struct firmware_fallback_config {
> unsigned int force_sysfs_fallback;
> + unsigned int ignore_sysfs_fallback;
> int old_timeout;
> int loading_timeout;
> };
> diff --git a/drivers/base/firmware_fallback_table.c b/drivers/base/firmware_fallback_table.c
> index 77300d5e9c52..5e990b0330c7 100644
> --- a/drivers/base/firmware_fallback_table.c
> +++ b/drivers/base/firmware_fallback_table.c
> @@ -39,6 +39,15 @@ struct ctl_table firmware_config_table[] = {
> .extra1 = &zero,
> .extra2 = &one,
> },
> + {
> + .procname = "ignore_sysfs_fallback",
> + .data = &fw_fallback_config.ignore_sysfs_fallback,
> + .maxlen = sizeof(unsigned int),
> + .mode = 0644,
> + .proc_handler = proc_douintvec_minmax,
> + .extra1 = &zero,
> + .extra2 = &one,
> + },
> { }
> };
> EXPORT_SYMBOL_GPL(firmware_config_table);
> --
> 2.16.2
>

--
Kees Cook
Pixel Security

Next message: Luis R. Rodriguez: "[RFT 4/7] firmware: add helper to check to see if fw cache is setup"
Previous message: Kees Cook: "Re: [PATCH v2 08/11] firmware: enable run time change of forcing fallback loader"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]