[SRU] [B/C/D/Unstable] [PATCH 0/1] Make r8822be usable under kernel lockdown
Kai Heng Feng
kai.heng.feng at canonical.com
Sun Jan 6 17:20:11 UTC 2019
> On Dec 13, 2018, at 1:27 PM, Kai Heng Feng <kai.heng.feng at canonical.com> wrote:
>
>
>
>> On Dec 11, 2018, at 04:51, Seth Forshee <seth.forshee at canonical.com> wrote:
>>
>> On Thu, Dec 06, 2018 at 03:00:40PM +0800, Kai-Heng Feng wrote:
>>> BugLink: http://bugs.launchpad.net/bugs/1806472
>>>
>>> [Impact]
>>> Realtek 8822be doesn't work under kernel lockdown.
>>>
>>> [Fix]
>>> Add r8822be.ko to signature-inclusion, so it can be signed and be loaded
>>> when lockdown is enabled.
>>>
>>> [Test]
>>> Since I can't signed the kernel so it's not tested.
>>>
>>> [Regression Potential]
>>> Low. The driver is maintained by a Realtek guy, so bugs are actually
>>> getting fixed.
>>
>> I don't see any indication whether you've inspected the driver to see if
>> any interfaces are exported to userspace which are unsafe under kernel
>> lockdown. We're going to need to know that this has been done before
>> allowing the driver to be signed.
>
> I’ve checked the source, the driver uses mac80211 API to talk to userspace (nl80211), which should be safe
>
> Other than that it exposes a debugfs with write permission. All of them have input validations, so overall it’s in good shape.
If this isn’t safe enough, I think disabling the debugs of this driver should be good enough.
Kai-Heng
>
> Kai-Heng
>
>>
>> Thanks,
>> Seth
>
More information about the kernel-team
mailing list