[SRU] [B/C/D/Unstable] [PATCH 0/1] Make r8822be usable under kernel lockdown
Kai Heng Feng
kai.heng.feng at canonical.com
Thu Dec 13 05:27:17 UTC 2018
> On Dec 11, 2018, at 04:51, Seth Forshee <seth.forshee at canonical.com> wrote:
>
> On Thu, Dec 06, 2018 at 03:00:40PM +0800, Kai-Heng Feng wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1806472
>>
>> [Impact]
>> Realtek 8822be doesn't work under kernel lockdown.
>>
>> [Fix]
>> Add r8822be.ko to signature-inclusion, so it can be signed and be loaded
>> when lockdown is enabled.
>>
>> [Test]
>> Since I can't signed the kernel so it's not tested.
>>
>> [Regression Potential]
>> Low. The driver is maintained by a Realtek guy, so bugs are actually
>> getting fixed.
>
> I don't see any indication whether you've inspected the driver to see if
> any interfaces are exported to userspace which are unsafe under kernel
> lockdown. We're going to need to know that this has been done before
> allowing the driver to be signed.
I’ve checked the source, the driver uses mac80211 API to talk to userspace (nl80211), which should be safe
Other than that it exposes a debugfs with write permission. All of them have input validations, so overall it’s in good shape.
Kai-Heng
>
> Thanks,
> Seth
More information about the kernel-team
mailing list