Re: [PATCH] wwan: t7xx: Add CONFIG_WWAN_DEBUG_PORTS to control ADB debug port

[Sergey Ryazanov]

Hi Wanquan,

On 1/8/26 14:52, wanquan.zhong wrote:
> From: "wanquan.zhong" <wanquan.zhong@xxxxxxxxxxx>
>
> Add a new Kconfig option CONFIG_WWAN_DEBUG_PORTS for WWAN devices,
> to conditionally enable the ADB debug port functionality. This option:
> - Depends on DEBUG_FS (aligning with existing debug-related WWAN configs)
> - Defaults to 'y',If default to n, it may cause difficulties for t7xx
> debugging
> - Requires EXPERT to be visible (to avoid accidental enablement)
>
> In t7xx_port_proxy.c, wrap the ADB port configuration struct with
> CONFIG_WWAN_DEBUG_PORTS, so the port is only exposed when
> the config is explicitly enabled (e.g. for lab debugging scenarios).
>
> This aligns with security best practices of restricting debug interfaces
> on production user devices, while retaining access for development.

This security argument sounds a bit weak. Debugfs can be enabled easily, 
and devlink allowing a firmware replacement is enabled by every 2nd 
driver. Proper privilege management contributes to the security better. 
ADB is hidden by default, and a user have to write a file in sysfs. What 
does effectively mean that he already has the root privileges.

BTW, why does the patch disable only ADB? MIPC is not so dangerous?

On the other hand, I agree that ADB is not a port for daily usage, and 
it might be beneficial to save some resources on excluding it. Proposed 
patch eliminates one array element, what does not worth burden of the 
new configuration option maintenance.

Considering the above. The patch is NACKed by me.

--
Sergey