Re: [PATCH RFC] brcmfmac: sanitize DMI strings v2

From: Victor Bravo
Date: Mon May 06 2019 - 11:25:30 EST

On Mon, May 06, 2019 at 03:26:28PM +0300, Kalle Valo wrote:
> Hans de Goede <hdegoede@xxxxxxxxxx> writes:
> > If we're going to do some filtering, then I suggest we play it safe and also
> > disallow other chars which may be used as a separator somewhere, specifically
> > ':' and ','.
> >
> > Currently upstream linux-firmware has these files which rely on the DMI
> > matching:
> >
> > brcmfmac4330-sdio.Prowise-PT301.txt
> > brcmfmac43430-sdio.Hampoo-D2D3_Vi8A1.txt
> > brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt
> >
> > The others are either part of the DMI override table for devices with unsuitable
> > DMI strings like "Default String"; or are device-tree based.
> >
> > So as long as we don't break those 3 (or break the ONDA one but get a symlink
> > in place) we can sanitize a bit more then just non-printable and '/'.
> >
> > Kalle, Arend, what is your opinion on this?
> >
> > Note I do not expect the ONDA V80 Plus to have a lot of Linux users,
> > but it definitely has some.
> To me having spaces in filenames is a bad idea, but on the other hand we
> do have the "don't break existing setups" rule, so it's not so simple. I
> vote for not allowing spaces, I think that's the best for the long run,
> but don't know what Arend thinks.

I have found a fresh judicate on this:

It seems clear that we have to support at least spaces for some time
(maybe wih separate config option which will be deprecated but on by
defaut until old files are considered gone).

> Maybe we could do some kind of fallback mechanism, like first trying the
> sanitised filename and if that's not found then we try the old filename
> with spaces? And if that old filename works we print a big fat warning
> that the user should update the file and that the old "filename with
> spaces" support is going away soon?

In case of parametric sanitizing function, this might be achievable
by sanitizing using "final" character set first, and falling back
to "compatible" character set on file not found. So this may actually
bring another requirement on the sanitizing function.