Re: [PATCH v2] nvmem: core: Set no-read-write provider to avoid userspace read/write

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 3/20/2019 9:56 PM, Srinivas Kandagatla wrote:


On 20/03/2019 15:50, Gaurav Kohli wrote:

On 3/20/2019 8:04 PM, Srinivas Kandagatla wrote:


On 17/03/2019 14:12, Gaurav Kohli wrote:
Current nvmem framework allows user space to read all register space
populated by nvmem binary file, In case we don't want to expose value
of registers to userspace and only want kernel space to read cell
value from nvmem_cell_read_u32.

To protect the same, Add no-read-write property to prevent read
from userspace.


Can you explain the real need of this?
Is there any issue you are noticing while reading nvmem content from userspace?

Hi Srinivas,


No, We are not observing any issue, nvmem is dumping the data properly.

But there are certain register, which we don't want to expose to user space and want kernel space can only read via nvmem_cell_read.
Am guessing these are some kind of keys or something that you do not want user to see.

Hi Srinivas,

Thanks.

Yes exactly, there are certain keys or even certain bit that we don't want to expose to user.


Is root only option not helping you in this case?
Yes we want to protect at root level as well, i mean it is better if we can avoid exposing to userspace at all.

We could go down the route of adding new config option something like CONFIG_NVMEM_NO_SYSFS_ENTRY to prevent adding nvmem entry in userspace.

Let me know if you are happy to create a patch for this change?

I am happy with either way config option or dt binding(seems easy), please let me know we will post new patch for the same.

In config option, do i have to remove all binary creation code of nvmem , correct? or simply put a check like dt binding option

so user cannot read it.

Thanks

Gaurav


Thanks,
srini


In existing design, even if we read cell from kernel space, nvmem binary files is still populated to user space unconditionally.

Regards

Gaurav

--
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center,
Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux