mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

firmware: add call to LSM hook before firmware sysfs fallback

Browse source 
Add an LSM hook prior to allowing firmware sysfs fallback loading.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Luis R. Rodriguez <mcgrof@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
This commit is contained in:
Mimi Zohar 2018-07-13 14:05:59 -04:00 committed by James Morris
parent 16c267aac8
commit 6e852651f2
1 changed files with 7 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

7
drivers/base/firmware_loader/fallback.c
View file

@ -651,6 +651,8 @@ static bool fw_force_sysfs_fallback(enum fw_opt opt_flags)
static bool fw_run_sysfs_fallback(enum fw_opt opt_flags) static bool fw_run_sysfs_fallback(enum fw_opt opt_flags)
{ {
int ret;
if (fw_fallback_config.ignore_sysfs_fallback) { if (fw_fallback_config.ignore_sysfs_fallback) {
pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n"); pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
return false; return false;
@ -659,6 +661,11 @@ static bool fw_run_sysfs_fallback(enum fw_opt opt_flags)
if ((opt_flags & FW_OPT_NOFALLBACK)) if ((opt_flags & FW_OPT_NOFALLBACK))
return false; return false;
/* Also permit LSMs and IMA to fail firmware sysfs fallback */
ret = security_kernel_load_data(LOADING_FIRMWARE);
if (ret < 0)
return ret;
return fw_force_sysfs_fallback(opt_flags); return fw_force_sysfs_fallback(opt_flags);
} }