1. Patchew
  2. linux
  3. View series

[PATCH] wwan: t7xx: Add CONFIG_WWAN_DEBUG_PORTS to control ADB debug port

wanquan.zhong posted 1 patch 1 month ago 
drivers/net/wwan/Kconfig                | 11 +++++++++++
drivers/net/wwan/t7xx/t7xx_port_proxy.c |  2 ++
2 files changed, 13 insertions(+)
[PATCH] wwan: t7xx: Add CONFIG_WWAN_DEBUG_PORTS to control ADB debug port
Posted by wanquan.zhong 1 month ago 
From: "wanquan.zhong" <wanquan.zhong@fibocom.com>

Add a new Kconfig option CONFIG_WWAN_DEBUG_PORTS for WWAN devices,
to conditionally enable the ADB debug port functionality. This option:
- Depends on DEBUG_FS (aligning with existing debug-related WWAN configs)
- Defaults to 'y',If default to n, it may cause difficulties for t7xx
debugging
- Requires EXPERT to be visible (to avoid accidental enablement)

In t7xx_port_proxy.c, wrap the ADB port configuration struct with
CONFIG_WWAN_DEBUG_PORTS, so the port is only exposed when
the config is explicitly enabled (e.g. for lab debugging scenarios).

This aligns with security best practices of restricting debug interfaces
on production user devices, while retaining access for development.

Signed-off-by: wanquan.zhong <wanquan.zhong@fibocom.com>
---
 drivers/net/wwan/Kconfig                | 11 +++++++++++
 drivers/net/wwan/t7xx/t7xx_port_proxy.c |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/drivers/net/wwan/Kconfig b/drivers/net/wwan/Kconfig
index 410b0245114e..0ab8122efd76 100644
--- a/drivers/net/wwan/Kconfig
+++ b/drivers/net/wwan/Kconfig
@@ -27,6 +27,17 @@ config WWAN_DEBUGFS
 	  elements for each WWAN device in a directory that is corresponding to
 	  the device name: debugfs/wwan/wwanX.
 
+config WWAN_DEBUG_PORTS
+	bool "WWAN devices ADB debug port" if EXPERT
+	depends on DEBUG_FS
+	default y
+	help
+	  Enables ADB (Android Debug Bridge) debug port support for WWAN devices.
+
+	  If this option is selected, then the ADB debug port functionality in
+	  WWAN device drivers is enabled, allowing for Android Debug Bridge
+	  connections through WWAN modems that support this feature.
+
 config WWAN_HWSIM
 	tristate "Simulated WWAN device"
 	help
diff --git a/drivers/net/wwan/t7xx/t7xx_port_proxy.c b/drivers/net/wwan/t7xx/t7xx_port_proxy.c
index 4fc131f9632f..23b331780f07 100644
--- a/drivers/net/wwan/t7xx/t7xx_port_proxy.c
+++ b/drivers/net/wwan/t7xx/t7xx_port_proxy.c
@@ -102,6 +102,7 @@ static const struct t7xx_port_conf t7xx_port_conf[] = {
 		.ops = &ctl_port_ops,
 		.name = "t7xx_ap_ctrl",
 	}, {
+#ifdef CONFIG_WWAN_DEBUG_PORTS
 		.tx_ch = PORT_CH_AP_ADB_TX,
 		.rx_ch = PORT_CH_AP_ADB_RX,
 		.txq_index = Q_IDX_ADB,
@@ -112,6 +113,7 @@ static const struct t7xx_port_conf t7xx_port_conf[] = {
 		.port_type = WWAN_PORT_ADB,
 		.debug = true,
 	}, {
+#endif
 		.tx_ch = PORT_CH_MIPC_TX,
 		.rx_ch = PORT_CH_MIPC_RX,
 		.txq_index = Q_IDX_MBIM_MIPC,
-- 
2.43.0
Re: [PATCH] wwan: t7xx: Add CONFIG_WWAN_DEBUG_PORTS to control ADB debug port
Posted by Loic Poulain 1 month ago 
On Thu, Jan 8, 2026 at 1:53 PM wanquan.zhong <zwq2226404116@163.com> wrote:
>
> From: "wanquan.zhong" <wanquan.zhong@fibocom.com>
>
> Add a new Kconfig option CONFIG_WWAN_DEBUG_PORTS for WWAN devices,
> to conditionally enable the ADB debug port functionality. This option:
> - Depends on DEBUG_FS (aligning with existing debug-related WWAN configs)
> - Defaults to 'y',If default to n, it may cause difficulties for t7xx
> debugging
> - Requires EXPERT to be visible (to avoid accidental enablement)
>
> In t7xx_port_proxy.c, wrap the ADB port configuration struct with
> CONFIG_WWAN_DEBUG_PORTS, so the port is only exposed when
> the config is explicitly enabled (e.g. for lab debugging scenarios).
>
> This aligns with security best practices of restricting debug interfaces
> on production user devices, while retaining access for development.
>
> Signed-off-by: wanquan.zhong <wanquan.zhong@fibocom.com>
> ---
>  drivers/net/wwan/Kconfig                | 11 +++++++++++
>  drivers/net/wwan/t7xx/t7xx_port_proxy.c |  2 ++
>  2 files changed, 13 insertions(+)
>
> diff --git a/drivers/net/wwan/Kconfig b/drivers/net/wwan/Kconfig
> index 410b0245114e..0ab8122efd76 100644
> --- a/drivers/net/wwan/Kconfig
> +++ b/drivers/net/wwan/Kconfig
> @@ -27,6 +27,17 @@ config WWAN_DEBUGFS
>           elements for each WWAN device in a directory that is corresponding to
>           the device name: debugfs/wwan/wwanX.
>
> +config WWAN_DEBUG_PORTS
> +       bool "WWAN devices ADB debug port" if EXPERT
> +       depends on DEBUG_FS
> +       default y
> +       help
> +         Enables ADB (Android Debug Bridge) debug port support for WWAN devices.
> +
> +         If this option is selected, then the ADB debug port functionality in
> +         WWAN device drivers is enabled, allowing for Android Debug Bridge
> +         connections through WWAN modems that support this feature.
> +

So, ultimately, this port will depend on debugfs being enabled, so it
might be simpler to move the `port_conf/debug` attribute from sysfs
to debugfs? Additionally, the symbol config name is quite generic,
while its description is specific to ADB.

Regards,
Loic
Re: [PATCH] wwan: t7xx: Add CONFIG_WWAN_DEBUG_PORTS to control ADB debug port
Posted by Sergey Ryazanov 1 month ago 
Hi Wanquan,

On 1/8/26 14:52, wanquan.zhong wrote:
> From: "wanquan.zhong" <wanquan.zhong@fibocom.com>
> 
> Add a new Kconfig option CONFIG_WWAN_DEBUG_PORTS for WWAN devices,
> to conditionally enable the ADB debug port functionality. This option:
> - Depends on DEBUG_FS (aligning with existing debug-related WWAN configs)
> - Defaults to 'y',If default to n, it may cause difficulties for t7xx
> debugging
> - Requires EXPERT to be visible (to avoid accidental enablement)
> 
> In t7xx_port_proxy.c, wrap the ADB port configuration struct with
> CONFIG_WWAN_DEBUG_PORTS, so the port is only exposed when
> the config is explicitly enabled (e.g. for lab debugging scenarios).
> 
> This aligns with security best practices of restricting debug interfaces
> on production user devices, while retaining access for development.

This security argument sounds a bit weak. Debugfs can be enabled easily, 
and devlink allowing a firmware replacement is enabled by every 2nd 
driver. Proper privilege management contributes to the security better. 
ADB is hidden by default, and a user have to write a file in sysfs. What 
does effectively mean that he already has the root privileges.

BTW, why does the patch disable only ADB? MIPC is not so dangerous?

On the other hand, I agree that ADB is not a port for daily usage, and 
it might be beneficial to save some resources on excluding it. Proposed 
patch eliminates one array element, what does not worth burden of the 
new configuration option maintenance.

Considering the above. The patch is NACKed by me.

--
Sergey
[PATCH] net: wwan: t7xx: Add CONFIG_WWAN_ADB_PORT for ADB port control
Posted by wanquan.zhong 3 weeks, 4 days ago 
From: "wanquan.zhong" <wanquan.zhong@fibocom.com>

Changes from v2:
  1) Add missing 'net:' subsystem prefix to commit subject for compliance
  2) Remove redundant "to config" suffix and refine commit wording
  3) Split overlong Kconfig help text lines to meet 72-char limit
  4) Align EXPERT dependency desc with WWAN subsystem conventions

Add a new Kconfig option CONFIG_WWAN_ADB_PORT to control the ADB debug port
functionality for MediaTek T7xx WWAN modem. This option depends on MTK_T7XX
and EXPERT, defaults to 'y' to avoid breaking existing debugging workflows
while mitigating potential security concerns on specific target systems.

This change addresses security risks on systems such as Google Chrome OS,
where unauthorized root access could lead to malicious ADB configuration
of the WWAN device. The ADB port is restricted via this config only; the
MIPC port remains unrestricted as it is MTK's internal protocol port with
no associated security risks.

While introducing a kernel config option for a single array element may
appear to introduce minor resource overhead, this is the most
straightforward and maintainable implementation approach for this use case.
Alternativeimplementation suggestions from reviewers are welcome.

Signed-off-by: wanquan.zhong <wanquan.zhong@fibocom.com>
---
 drivers/net/wwan/Kconfig                | 11 +++++++++++
 drivers/net/wwan/t7xx/t7xx_port_proxy.c |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/drivers/net/wwan/Kconfig b/drivers/net/wwan/Kconfig
index 410b0245114e..3d49dc8491a3 100644
--- a/drivers/net/wwan/Kconfig
+++ b/drivers/net/wwan/Kconfig
@@ -27,6 +27,17 @@ config WWAN_DEBUGFS
 	  elements for each WWAN device in a directory that is corresponding to
 	  the device name: debugfs/wwan/wwanX.
 
+config WWAN_ADB_PORT
+	bool "MediaTek T7xx ADB port support" if EXPERT
+	depends on MTK_T7XX
+	default y
+	help
+	  Enables ADB (Android Debug Bridge) debug port support for MediaTek T7xx WWAN devices.
+
+	  This option enables the ADB debug port functionality in the MediaTek T7xx driver,
+	  allowing Android Debug Bridge connections through T7xx modems that support
+	  this feature. It is primarily used for debugging and development purposes.
+
 config WWAN_HWSIM
 	tristate "Simulated WWAN device"
 	help
diff --git a/drivers/net/wwan/t7xx/t7xx_port_proxy.c b/drivers/net/wwan/t7xx/t7xx_port_proxy.c
index 4fc131f9632f..9f3b7b1dd4e2 100644
--- a/drivers/net/wwan/t7xx/t7xx_port_proxy.c
+++ b/drivers/net/wwan/t7xx/t7xx_port_proxy.c
@@ -102,6 +102,7 @@ static const struct t7xx_port_conf t7xx_port_conf[] = {
 		.ops = &ctl_port_ops,
 		.name = "t7xx_ap_ctrl",
 	}, {
+#ifdef CONFIG_WWAN_ADB_PORT
 		.tx_ch = PORT_CH_AP_ADB_TX,
 		.rx_ch = PORT_CH_AP_ADB_RX,
 		.txq_index = Q_IDX_ADB,
@@ -112,6 +113,7 @@ static const struct t7xx_port_conf t7xx_port_conf[] = {
 		.port_type = WWAN_PORT_ADB,
 		.debug = true,
 	}, {
+#endif
 		.tx_ch = PORT_CH_MIPC_TX,
 		.rx_ch = PORT_CH_MIPC_RX,
 		.txq_index = Q_IDX_MBIM_MIPC,
-- 
2.43.0
Re: [PATCH] net: wwan: t7xx: Add CONFIG_WWAN_ADB_PORT for ADB port control
Posted by Sergey Ryazanov 3 weeks, 4 days ago 
Hi Wanquan,

On 1/14/26 15:14, wanquan.zhong wrote:
> From: "wanquan.zhong" <wanquan.zhong@fibocom.com>
> 
> Changes from v2:
>    1) Add missing 'net:' subsystem prefix to commit subject for compliance
>    2) Remove redundant "to config" suffix and refine commit wording
>    3) Split overlong Kconfig help text lines to meet 72-char limit
>    4) Align EXPERT dependency desc with WWAN subsystem conventions
> 
> Add a new Kconfig option CONFIG_WWAN_ADB_PORT to control the ADB debug port
> functionality for MediaTek T7xx WWAN modem. This option depends on MTK_T7XX
> and EXPERT, defaults to 'y' to avoid breaking existing debugging workflows
> while mitigating potential security concerns on specific target systems.
> 
> This change addresses security risks on systems such as Google Chrome OS,
> where unauthorized root access could lead to malicious ADB configuration
> of the WWAN device. The ADB port is restricted via this config only; the
> MIPC port remains unrestricted as it is MTK's internal protocol port with
> no associated security risks.

As it was shared before, you cannot stop user having root privileges. He 
can simply unload your 'secured' driver and load another custom build 
module. If the patch is attempt to address a Chrome OS privileges 
separation issue, then, please, fix Chrome OS itself.

For this specific patch:

NACKed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.