dlopen-like facility for conditional loading of symbols in modules (Re: Firmware for new ti_usb_3410_5052 devices)

dlopen-like facility for conditional loading of symbols in modules (Re: Firmware for new ti_usb_3410_5052 devices)

[Oleg Verych]

On Sat, Mar 03, 2007 at 08:40:26AM +0100, Oliver Neukum wrote:
> Am Samstag, 3. M?rz 2007 01:29 schrieb Greg KH:
> > On Sat, Mar 03, 2007 at 01:27:07AM +0100, Oleg Verych wrote:
> > > 
> > > If you can proof that it doesn't influence kernel's control above system
> > > hardware. Ironically such stuff in the userspace can give additional
> > > intrusion way to the kernel.
> > 
> > Do you know of any way to use the firmware interface to the kernel for
> > intrusion?  If so, please let us know and we will fix it.
> 
> If you can determine firmware for a block device whose filesystem is
> then mounted with suid allowed or whose files root runs, you've rooted
> the box.
> Firmware needs the same level of protection as kernel modules on disk. This
> is a basic feature of the system and can't be avoided. If you are paranoid
> enough to compile your kernel without module loading, you also have
> to disable firmware loading for block (and net due to nfs/cifs) devices.

Maybe modules' dlopen() like facility would be better to handle static
firmware or any other on-demand static data like ID tables etc.?

I.e. some additional flag for an exported symbol (in a module), that
this symbol maybe dynamically requested and used. As far as i can see,
depmod generates static map, unresolved symbols must be in the kernel
(System.map).

It will solve problem of having multiple unneeded firmware images if
driver handles many devices and firmware is allowed to be in the
kernel. No need in additional secure infrastructure.

p.s. LKML, mit-devel added. Maybe this can be done easily and somebody
     knows that.
____

Re: dlopen-like facility for conditional loading of symbols in modules (Re: Firmware for new ti_usb_3410_5052 devices)

[H. Peter Anvin]

Oleg Verych wrote:
> 
> Maybe modules' dlopen() like facility would be better to handle static
> firmware or any other on-demand static data like ID tables etc.?
> 
> I.e. some additional flag for an exported symbol (in a module), that
> this symbol maybe dynamically requested and used. As far as i can see,
> depmod generates static map, unresolved symbols must be in the kernel
> (System.map).
> 

You can do this with request_module() and having your module overwrite a 
hook.

> It will solve problem of having multiple unneeded firmware images if
> driver handles many devices and firmware is allowed to be in the
> kernel. No need in additional secure infrastructure.
> 

This seems like a hacky way to accomplish what request_firmware() does 
clearer!

	-hpa

Re: dlopen-like facility for conditional loading of symbols in modules (Re: Firmware for new ti_usb_3410_5052 devices)

[Oleg Verych]

On Sat, Mar 03, 2007 at 06:51:51PM -0800, H. Peter Anvin wrote:
[]
> >It will solve problem of having multiple unneeded firmware images if
> >driver handles many devices and firmware is allowed to be in the
> >kernel. No need in additional secure infrastructure.
> >
> 
> This seems like a hacky way to accomplish what request_firmware() does 
> clearer!

(Among other its clear features) after nearly four years being in the
kernel -- i don't think so.

I will try to check request_module(). Maybe this is a hack, but it's way
more supported and bloat-ware independent (:.
____