From: Kalle Valo <kvalo@codeaurora.org>
To: Emmanuel Grumbach <egrumbach@gmail.com>
Cc: Emmanuel Grumbach <emmanuel.grumbach@intel.com>, "Coelho\,
Luciano" <luciano.coelho@intel.com>,
linux-wireless <linux-wireless@vger.kernel.org>,
Ayala Beker <ayala.beker@intel.com>
Subject: Re: [PATCH v3 4/4] iwlwifi: mvm: add vendor commands needed for iwlmei
Date: Thu, 05 Aug 2021 16:35:30 +0300 [thread overview]
Message-ID: <87o8acc8v1.fsf@codeaurora.org> (raw)
In-Reply-To: <CANUX_P3HWWBkeHHSw+-wdQEBFNF1V+GWRDFiEerH7NhksRvOzA@mail.gmail.com> (Emmanuel Grumbach's message of "Thu, 24 Jun 2021 22:59:32 +0300")
Emmanuel Grumbach <egrumbach@gmail.com> writes:
> On Thu, Jun 24, 2021 at 8:13 PM Kalle Valo <kvalo@codeaurora.org> wrote:
>>
>> Emmanuel Grumbach <emmanuel.grumbach@intel.com> writes:
>>
>> > Add the vendor commands that must be used by the network manager
>> > to allow proper operation of iwlmei.
>> >
>> > * Send information on the AP CSME is connected to
>> > * Notify the userspace when roaming is forbidden
>> > * Allow the userspace to require ownership
>> >
>> > Co-Developed-by: Ayala Beker <ayala.beker@intel.com>
>> > Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
>> > ---
>> > drivers/net/wireless/intel/iwlwifi/Kconfig | 11 ++
>> > .../net/wireless/intel/iwlwifi/mvm/Makefile | 1 +
>> > .../net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +
>> > drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 9 +-
>> > .../wireless/intel/iwlwifi/mvm/vendor-cmd.c | 186 ++++++++++++++++++
>> > 5 files changed, 203 insertions(+), 6 deletions(-)
>> > create mode 100644 drivers/net/wireless/intel/iwlwifi/mvm/vendor-cmd.c
>> >
>> > diff --git a/drivers/net/wireless/intel/iwlwifi/Kconfig b/drivers/net/wireless/intel/iwlwifi/Kconfig
>> > index 629aaa26a230..f91516d08b28 100644
>> > --- a/drivers/net/wireless/intel/iwlwifi/Kconfig
>> > +++ b/drivers/net/wireless/intel/iwlwifi/Kconfig
>> > @@ -92,11 +92,22 @@ config IWLWIFI_BCAST_FILTERING
>> > If unsure, don't enable this option, as some programs might
>> > expect incoming broadcasts for their normal operations.
>> >
>> > +config IWLMVM_VENDOR_CMDS
>> > + bool "Enable vendor commands"
>> > + depends on IWLMVM
>> > + help
>> > + This option enables support for vendor commands, including some
>> > + that don't have their own Kconfig option. Other Kconfig options
>> > + depend on this one as well.
>> > +
>> > + This is not enabled by default, if unsure, say N.
>>
>> Why do we need a new Kconfig option? Why not always include it in the
>> compilation?
>
> I expect 99.9% of the users to want to disable this.VENDOR_CMDS adds a
> user space API and in a sense, it increases the attack surface. You
> can claim that I can reuse the IWLMEI Kconfig option, which is true,
> but we have other features that need VENDOR_CMDS that are not (yet)
> upstream. So the idea here is that any feature that needs the
> VENDOR_CMDS will select it and if none of them are enabled (for 99.9%
> of the use cases), then, we would disable VENDOR_CMDS and decrease the
> attack surface.
>
> Makes sense?
How do you prevent users or distros from enabling the feature? They can
be in a hurry, lazy or not caring and enable the feature anyway. So no,
I'm not really buying this. If the interface is not secure it should not
be in upstream, I think only exception to this is the nl80211 testmode
interface which is for lab or similar use.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2021-08-05 13:35 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-23 14:10 [PATCH v3 1/4] iwlwifi: mei: add the driver to allow cooperation with CSME Emmanuel Grumbach
2021-06-23 14:10 ` [PATCH v3 2/4] iwlwifi: integrate with iwlmei Emmanuel Grumbach
2021-06-23 14:10 ` [PATCH v3 3/4] nl80211: vendor-cmd: add Intel vendor commands for iwlmei usage Emmanuel Grumbach
2021-06-24 12:45 ` Johannes Berg
2021-06-24 12:51 ` Emmanuel Grumbach
2021-06-24 17:07 ` Kalle Valo
2021-06-24 19:56 ` Emmanuel Grumbach
2021-08-05 13:25 ` Kalle Valo
2021-08-07 18:32 ` Grumbach, Emmanuel
2021-10-18 11:25 ` Kalle Valo
2021-06-23 14:10 ` [PATCH v3 4/4] iwlwifi: mvm: add vendor commands needed for iwlmei Emmanuel Grumbach
2021-06-24 17:08 ` Kalle Valo
2021-06-24 19:59 ` Emmanuel Grumbach
2021-08-05 13:35 ` Kalle Valo [this message]
2021-08-07 18:34 ` Grumbach, Emmanuel
2021-10-18 11:27 ` Kalle Valo
2021-06-24 17:16 ` [PATCH v3 1/4] iwlwifi: mei: add the driver to allow cooperation with CSME Kalle Valo
2021-06-24 20:04 ` Emmanuel Grumbach
2021-08-05 13:38 ` Kalle Valo
2021-08-07 18:38 ` Grumbach, Emmanuel
2021-08-09 7:49 ` Arend van Spriel
2021-08-09 19:25 ` Grumbach, Emmanuel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o8acc8v1.fsf@codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=ayala.beker@intel.com \
--cc=egrumbach@gmail.com \
--cc=emmanuel.grumbach@intel.com \
--cc=linux-wireless@vger.kernel.org \
--cc=luciano.coelho@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).