From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Thomas Zimmermann <tzimmermann@suse.de>
Cc: daniel@ffwll.ch, javierm@redhat.com, sam@ravnborg.org,
deller@gmx.de, lee@kernel.org, daniel.thompson@linaro.org,
jingoohan1@gmail.com, linux-fbdev@vger.kernel.org,
dri-devel@lists.freedesktop.org, linux-sh@vger.kernel.org,
linux-omap@vger.kernel.org, linux-staging@lists.linux.dev
Subject: Re: [PATCH 30/30] fbdev: Make support for userspace interfaces configurable
Date: Wed, 7 Jun 2023 10:48:15 +0200 [thread overview]
Message-ID: <CAMuHMdVP2hrgXaZvASnHJ4M+VXaTCtfbeVXrq2dsEJqcs3G6ZA@mail.gmail.com> (raw)
In-Reply-To: <20230605144812.15241-31-tzimmermann@suse.de>
Hi Thomas,
Thanks for your patch!
On Mon, Jun 5, 2023 at 4:48 PM Thomas Zimmermann <tzimmermann@suse.de> wrote:
> Add Kconfig option CONFIG_FB_DEVICE and make the virtual fbdev
> device optional. If the new option has not been selected, fbdev
> does not create a files in devfs or sysfs.
>
> Most modern Linux systems run a DRM-based graphics stack that uses
> the kernel's framebuffer console, but has otherwise deprecated fbdev
> support. Yet fbdev userspace interfaces are still present.
>
> The option makes it possible to use the fbdev subsystem as console
> implementation without support for userspace. This closes potential
> entry points to manipulate kernel or I/O memory via framebuffers. It
I'd leave out the part about manipulating kernel memory, as that's a
driver bug, if possible.
> also prevents the execution of driver code via ioctl or sysfs, both
> of which might allow malicious software to exploit bugs in the fbdev
> code.
Of course disabling ioctls reduces the attack surface, and this is not
limited to fbdev... ;-)
I'm wondering if it would be worthwhile to optionally provide a more
limited userspace API for real fbdev drivers:
1. No access to MMIO, only to the mapped frame buffer,
2. No driver-specific ioctls, only the standard ones.
> A small number of fbdev drivers require struct fbinfo.dev to be
> initialized, usually for the support of sysfs interface. Make these
> drivers depend on FB_DEVICE. They can later be fixed if necessary.
>
> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
> --- a/drivers/video/fbdev/Kconfig
> +++ b/drivers/video/fbdev/Kconfig
> @@ -57,6 +57,15 @@ config FIRMWARE_EDID
> combination with certain motherboards and monitors are known to
> suffer from this problem.
>
> +config FB_DEVICE
> + bool "Provide legacy /dev/fb* device"
Perhaps "default y if !DRM", although that does not help for a
mixed drm/fbdev kernel build?
Or reserve "FB" for real fbdev drivers, and introduce a new FB_CORE,
to be selected by both FB and DRM_FBDEV_EMULATION?
Then FB_DEVICE can depend on FB_CORE, and default to y if FB.
> + depends on FB
> + help
> + Say Y here if you want the legacy /dev/fb* device file. It's
> + only required if you have userspace programs that depend on
> + fbdev for graphics output. This does not effect the framebuffer
affect
> + console.
> +
> config FB_DDC
> tristate
> depends on FB
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
WARNING: multiple messages have this Message-ID (diff)
From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Thomas Zimmermann <tzimmermann@suse.de>
Cc: daniel.thompson@linaro.org, linux-staging@lists.linux.dev,
linux-sh@vger.kernel.org, jingoohan1@gmail.com, deller@gmx.de,
lee@kernel.org, javierm@redhat.com,
dri-devel@lists.freedesktop.org, linux-fbdev@vger.kernel.org,
linux-omap@vger.kernel.org, sam@ravnborg.org
Subject: Re: [PATCH 30/30] fbdev: Make support for userspace interfaces configurable
Date: Wed, 7 Jun 2023 10:48:15 +0200 [thread overview]
Message-ID: <CAMuHMdVP2hrgXaZvASnHJ4M+VXaTCtfbeVXrq2dsEJqcs3G6ZA@mail.gmail.com> (raw)
In-Reply-To: <20230605144812.15241-31-tzimmermann@suse.de>
Hi Thomas,
Thanks for your patch!
On Mon, Jun 5, 2023 at 4:48 PM Thomas Zimmermann <tzimmermann@suse.de> wrote:
> Add Kconfig option CONFIG_FB_DEVICE and make the virtual fbdev
> device optional. If the new option has not been selected, fbdev
> does not create a files in devfs or sysfs.
>
> Most modern Linux systems run a DRM-based graphics stack that uses
> the kernel's framebuffer console, but has otherwise deprecated fbdev
> support. Yet fbdev userspace interfaces are still present.
>
> The option makes it possible to use the fbdev subsystem as console
> implementation without support for userspace. This closes potential
> entry points to manipulate kernel or I/O memory via framebuffers. It
I'd leave out the part about manipulating kernel memory, as that's a
driver bug, if possible.
> also prevents the execution of driver code via ioctl or sysfs, both
> of which might allow malicious software to exploit bugs in the fbdev
> code.
Of course disabling ioctls reduces the attack surface, and this is not
limited to fbdev... ;-)
I'm wondering if it would be worthwhile to optionally provide a more
limited userspace API for real fbdev drivers:
1. No access to MMIO, only to the mapped frame buffer,
2. No driver-specific ioctls, only the standard ones.
> A small number of fbdev drivers require struct fbinfo.dev to be
> initialized, usually for the support of sysfs interface. Make these
> drivers depend on FB_DEVICE. They can later be fixed if necessary.
>
> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
> --- a/drivers/video/fbdev/Kconfig
> +++ b/drivers/video/fbdev/Kconfig
> @@ -57,6 +57,15 @@ config FIRMWARE_EDID
> combination with certain motherboards and monitors are known to
> suffer from this problem.
>
> +config FB_DEVICE
> + bool "Provide legacy /dev/fb* device"
Perhaps "default y if !DRM", although that does not help for a
mixed drm/fbdev kernel build?
Or reserve "FB" for real fbdev drivers, and introduce a new FB_CORE,
to be selected by both FB and DRM_FBDEV_EMULATION?
Then FB_DEVICE can depend on FB_CORE, and default to y if FB.
> + depends on FB
> + help
> + Say Y here if you want the legacy /dev/fb* device file. It's
> + only required if you have userspace programs that depend on
> + fbdev for graphics output. This does not effect the framebuffer
affect
> + console.
> +
> config FB_DDC
> tristate
> depends on FB
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
next prev parent reply other threads:[~2023-06-07 8:48 UTC|newest]
Thread overview: 190+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-05 14:47 [PATCH 00/30] fbdev: Make userspace interfaces optional Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-05 14:47 ` [PATCH 01/30] backlight/bd6107: Compare against struct fb_info.device Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:30 ` Javier Martinez Canillas
2023-06-07 7:30 ` Javier Martinez Canillas
2023-06-07 7:34 ` Javier Martinez Canillas
2023-06-07 7:34 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 02/30] backlight/gpio_backlight: " Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-05 20:19 ` Ruhl, Michael J
2023-06-05 20:23 ` Sam Ravnborg
2023-06-05 20:23 ` Sam Ravnborg
2023-06-05 20:41 ` Ruhl, Michael J
2023-06-05 20:41 ` Ruhl, Michael J
2023-06-06 7:24 ` Thomas Zimmermann
2023-06-06 7:49 ` Dan Carpenter
2023-06-06 7:49 ` Dan Carpenter
2023-06-06 8:05 ` Thomas Zimmermann
2023-06-06 8:05 ` Thomas Zimmermann
2023-06-05 14:47 ` [PATCH 03/30] backlight/lv5207lp: " Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:35 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 04/30] fbdev/atyfb: Reorder backlight and framebuffer init/cleanup Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:36 ` Javier Martinez Canillas
2023-06-07 7:36 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 05/30] fbdev/atyfb: Use hardware device as backlight parent Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:41 ` Javier Martinez Canillas
2023-06-07 7:41 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 06/30] fbdev/aty128fb: Reorder backlight and framebuffer init/cleanup Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:42 ` Javier Martinez Canillas
2023-06-07 7:42 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 07/30] fbdev/aty128fb: Use hardware device as backlight parent Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:55 ` Javier Martinez Canillas
2023-06-07 7:55 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 08/30] fbdev/broadsheetfb: Call device_remove_file() with hardware device Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 7:55 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 09/30] fbdev/ep93xx-fb: Alloc DMA memory from " Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 8:47 ` Javier Martinez Canillas
2023-06-07 8:47 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 10/30] fbdev/ep93xx-fb: Output messages with fb_info() and fb_err() Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 8:59 ` Javier Martinez Canillas
2023-06-07 8:59 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 11/30] fbdev/ep93xx-fb: Do not assign to struct fb_info.dev Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-06 5:26 ` Dan Carpenter
2023-06-06 5:26 ` Dan Carpenter
2023-06-07 9:00 ` Javier Martinez Canillas
2023-06-07 9:00 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 12/30] fbdev/mb862xxfb: Output messages with fb_dbg() and fb_err() Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 9:00 ` Javier Martinez Canillas
2023-06-07 9:00 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 13/30] fbdev/metronomefb: Use hardware device for dev_err() Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 9:01 ` Javier Martinez Canillas
2023-06-07 9:01 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 14/30] fbdev/nvidiafb: Reorder backlight and framebuffer init/cleanup Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 9:02 ` Javier Martinez Canillas
2023-06-07 9:02 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 15/30] fbdev/nvidiafb: Use hardware device as backlight parent Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 9:02 ` Javier Martinez Canillas
2023-06-07 9:02 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 16/30] fbdev/pxa168fb: Do not assign to struct fb_info.dev Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 9:09 ` Javier Martinez Canillas
2023-06-07 9:09 ` Javier Martinez Canillas
2023-06-05 14:47 ` [PATCH 17/30] fbdev/radeonfb: Reorder backlight and framebuffer cleanup Thomas Zimmermann
2023-06-05 14:47 ` Thomas Zimmermann
2023-06-07 9:09 ` Javier Martinez Canillas
2023-06-07 9:09 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 18/30] fbdev/radeonfb: Use hardware device as backlight parent Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-06 5:28 ` Dan Carpenter
2023-06-06 5:28 ` Dan Carpenter
2023-06-06 7:30 ` Thomas Zimmermann
2023-06-06 7:30 ` Thomas Zimmermann
2023-06-07 9:10 ` Javier Martinez Canillas
2023-06-07 9:10 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 19/30] fbdev/rivafb: Reorder backlight and framebuffer init/cleanup Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 9:11 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 20/30] fbdev/rivafb: Use hardware device as backlight parent Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 9:11 ` Javier Martinez Canillas
2023-06-07 9:11 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 21/30] fbdev/sm501fb: Output message with fb_err() Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 9:12 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 22/30] fbdev/smscufx: Detect registered fb_info from refcount Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 22:22 ` Javier Martinez Canillas
2023-06-07 22:22 ` Javier Martinez Canillas
2023-06-12 10:19 ` Thomas Zimmermann
2023-06-12 10:40 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 23/30] fbdev/tdfxfb: Set i2c adapter parent to hardware device Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 22:23 ` Javier Martinez Canillas
2023-06-07 22:23 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 24/30] fbdev/core: Pass Linux device to pm_vt_switch_*() functions Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 19:25 ` Sam Ravnborg
2023-06-07 19:25 ` Sam Ravnborg
2023-06-05 14:48 ` [PATCH 25/30] fbdev/core: Move framebuffer and backlight helpers into separate files Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 19:38 ` Sam Ravnborg
2023-06-07 19:38 ` Sam Ravnborg
2023-06-09 7:19 ` Thomas Zimmermann
2023-06-09 7:19 ` Thomas Zimmermann
2023-06-05 14:48 ` [PATCH 26/30] fbdev/core: Add fb_device_{create,destroy}() Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 19:45 ` Sam Ravnborg
2023-06-07 19:45 ` Sam Ravnborg
2023-06-05 14:48 ` [PATCH 27/30] fbdev/core: Move procfs code to separate file Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 20:33 ` Sam Ravnborg
2023-06-07 20:33 ` Sam Ravnborg
2023-06-05 14:48 ` [PATCH 28/30] fbdev/core: Move file-I/O code into " Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-05 21:35 ` kernel test robot
2023-06-05 21:35 ` kernel test robot
2023-06-07 20:48 ` Sam Ravnborg
2023-06-07 20:48 ` Sam Ravnborg
2023-06-12 10:35 ` Thomas Zimmermann
2023-06-12 10:35 ` Thomas Zimmermann
2023-06-07 22:28 ` Javier Martinez Canillas
2023-06-07 22:28 ` Javier Martinez Canillas
2023-06-05 14:48 ` [PATCH 29/30] fbdev/core: Rework fb init code Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-07 20:51 ` Sam Ravnborg
2023-06-07 20:51 ` Sam Ravnborg
2023-06-05 14:48 ` [PATCH 30/30] fbdev: Make support for userspace interfaces configurable Thomas Zimmermann
2023-06-05 14:48 ` Thomas Zimmermann
2023-06-05 15:03 ` Greg KH
2023-06-05 15:03 ` Greg KH
2023-06-05 21:45 ` kernel test robot
2023-06-05 21:45 ` kernel test robot
2023-06-07 8:48 ` Geert Uytterhoeven [this message]
2023-06-07 8:48 ` Geert Uytterhoeven
2023-06-07 15:15 ` Thomas Zimmermann
2023-06-07 15:15 ` Thomas Zimmermann
2023-06-07 15:24 ` Geert Uytterhoeven
2023-06-07 15:24 ` Geert Uytterhoeven
2023-06-07 23:07 ` Javier Martinez Canillas
2023-06-07 23:07 ` Javier Martinez Canillas
2023-06-09 7:09 ` Thomas Zimmermann
2023-06-09 7:09 ` Thomas Zimmermann
2023-06-09 7:29 ` Geert Uytterhoeven
2023-06-09 7:29 ` Geert Uytterhoeven
2023-06-09 8:00 ` Thomas Zimmermann
2023-06-09 8:00 ` Thomas Zimmermann
2023-06-09 9:14 ` Geert Uytterhoeven
2023-06-09 9:14 ` Geert Uytterhoeven
2023-06-09 11:04 ` Thomas Zimmermann
2023-06-09 11:04 ` Thomas Zimmermann
2023-06-09 11:22 ` Geert Uytterhoeven
2023-06-09 11:22 ` Geert Uytterhoeven
2023-06-09 9:59 ` Javier Martinez Canillas
2023-06-09 9:59 ` Javier Martinez Canillas
2023-06-09 10:10 ` Geert Uytterhoeven
2023-06-09 10:10 ` Geert Uytterhoeven
2023-06-09 10:24 ` Javier Martinez Canillas
2023-06-09 10:24 ` Javier Martinez Canillas
2023-06-09 11:27 ` Javier Martinez Canillas
2023-06-09 11:27 ` Javier Martinez Canillas
2023-06-11 16:37 ` Sam Ravnborg
2023-06-11 16:37 ` Sam Ravnborg
2023-06-12 6:47 ` Thomas Zimmermann
2023-06-12 6:47 ` Thomas Zimmermann
2023-06-12 7:00 ` Thomas Zimmermann
2023-06-12 7:00 ` Thomas Zimmermann
2023-06-07 8:35 ` [PATCH 00/30] fbdev: Make userspace interfaces optional Geert Uytterhoeven
2023-06-07 8:35 ` Geert Uytterhoeven
2023-06-12 10:46 ` Thomas Zimmermann
2023-06-12 10:46 ` Thomas Zimmermann
2023-06-07 12:06 ` Markus Elfring
2023-06-07 12:06 ` Markus Elfring
2023-06-07 12:21 ` Thomas Zimmermann
2023-06-07 12:21 ` Thomas Zimmermann
2023-06-07 14:08 ` Markus Elfring
2023-06-07 14:08 ` Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMuHMdVP2hrgXaZvASnHJ4M+VXaTCtfbeVXrq2dsEJqcs3G6ZA@mail.gmail.com \
--to=geert@linux-m68k.org \
--cc=daniel.thompson@linaro.org \
--cc=daniel@ffwll.ch \
--cc=deller@gmx.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=javierm@redhat.com \
--cc=jingoohan1@gmail.com \
--cc=lee@kernel.org \
--cc=linux-fbdev@vger.kernel.org \
--cc=linux-omap@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=sam@ravnborg.org \
--cc=tzimmermann@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.