linux/drivers/base
Thiébaud Weksteen 581dd69830 firmware_loader: use kernel credentials when reading firmware
Device drivers may decide to not load firmware when probed to avoid
slowing down the boot process should the firmware filesystem not be
available yet. In this case, the firmware loading request may be done
when a device file associated with the driver is first accessed. The
credentials of the userspace process accessing the device file may be
used to validate access to the firmware files requested by the driver.
Ensure that the kernel assumes the responsibility of reading the
firmware.

This was observed on Android for a graphic driver loading their firmware
when the device file (e.g. /dev/mali0) was first opened by userspace
(i.e. surfaceflinger). The security context of surfaceflinger was used
to validate the access to the firmware file (e.g.
/vendor/firmware/mali.bin).

Previously, Android configurations were not setting up the
firmware_class.path command line argument and were relying on the
userspace fallback mechanism. In this case, the security context of the
userspace daemon (i.e. ueventd) was consistently used to read firmware
files. More Android devices are now found to set firmware_class.path
which gives the kernel the opportunity to read the firmware directly
(via kernel_read_file_from_path_initns). In this scenario, the current
process credentials were used, even if unrelated to the loading of the
firmware file.

Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Cc: <stable@vger.kernel.org> # 5.10
Reviewed-by: Paul Moore <paul@paul-moore.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Link: https://lore.kernel.org/r/20220502004952.3970800-1-tweek@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-06 10:00:03 +02:00
..
firmware_loader firmware_loader: use kernel credentials when reading firmware 2022-05-06 10:00:03 +02:00
power Merge branches 'pm-sleep', 'pm-domains' and 'pm-docs' 2022-03-18 18:29:21 +01:00
regmap regmap: Updates for v5.18 2022-03-21 18:22:42 -07:00
test driver core: Simplify async probe test code by using ktime_ms_delta() 2021-12-29 10:57:22 +01:00
arch_numa.c mm: percpu: add generic pcpu_populate_pte() function 2022-01-20 08:52:52 +02:00
arch_topology.c arch_topology: Do not set llc_sibling if llc_id is invalid 2022-04-20 18:57:59 +02:00
attribute_container.c driver core: attribute_container: fix W=1 warnings 2021-05-14 13:37:10 +02:00
auxiliary.c Documentation/auxiliary_bus: Move the text into the code 2021-12-03 16:41:50 +01:00
base.h software nodes: Split software_node_notify() 2021-07-16 19:17:05 +02:00
bus.c kobject: remove kset from struct kset_uevent_ops callbacks 2021-12-28 11:26:18 +01:00
cacheinfo.c cacheinfo: clear cache_leaves(cpu) in free_cache_attributes() 2021-07-21 17:29:40 +02:00
class.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
component.c component: Add common helper for compare/release functions 2022-02-25 12:16:12 +01:00
container.c driver core: Remove redundant license text 2017-12-07 18:36:44 +01:00
core.c block: remove genhd.h 2022-02-02 07:49:59 -07:00
cpu.c sched/isolation: Use single feature type while referring to housekeeping cpumask 2022-02-16 15:57:55 +01:00
dd.c net: mdio: don't defer probe forever if PHY IRQ provider is missing 2022-04-08 14:17:55 -07:00
devcoredump.c devcoredump: remove contact information 2021-06-04 15:05:44 +02:00
devres.c devres: fix typos in comments 2022-03-18 14:30:12 +01:00
devtmpfs.c Driver core changes for 5.18-rc1 2022-03-28 12:41:28 -07:00
driver.c drivers: base: Convert to printk alias functions 2020-07-10 14:16:44 +02:00
firmware.c driver core: Remove redundant license text 2017-12-07 18:36:44 +01:00
hypervisor.c driver core: Remove redundant license text 2017-12-07 18:36:44 +01:00
init.c drivers/base/node: consolidate node device subsystem initialization in node_dev_init() 2022-03-22 15:57:10 -07:00
isa.c bus: Make remove callback return void 2021-07-21 11:53:42 +02:00
Kconfig devtmpfs: mount with noexec and nosuid 2021-12-30 13:54:42 +01:00
Makefile mm/memory_hotplug: remove CONFIG_MEMORY_HOTPLUG_SPARSE 2021-11-06 13:30:42 -07:00
map.c driver: base: Prefer unsigned int to bare use of unsigned 2021-07-21 17:30:09 +02:00
memory.c drivers/base/memory: clarify adding and removing of memory blocks 2022-03-22 15:57:10 -07:00
module.c driver core: Remove redundant license text 2017-12-07 18:36:44 +01:00
node.c drivers/base/memory: determine and store zone for single-zone memory blocks 2022-03-22 15:57:10 -07:00
pinctrl.c driver core: Remove redundant license text 2017-12-07 18:36:44 +01:00
platform-msi.c platform-msi: Simplify platform device MSI code 2021-12-16 22:22:19 +01:00
platform.c platform: use dev_err_probe() in platform_get_irq_byname() 2022-02-08 12:22:07 +01:00
property.c device property: Don't split fwnode_get_irq*() APIs in the code 2022-02-14 18:57:41 +01:00
soc.c base: soc: Make soc_device_match() simpler and easier to read 2022-03-18 14:28:07 +01:00
swnode.c software node: fix wrong node passed to find nargs_prop 2021-12-22 18:26:18 +01:00
syscore.c syscore: Use pm_pr_dbg() for syscore_{suspend,resume}() 2020-09-08 13:32:06 +02:00
topology.c topology: Fix up build warning in topology_is_visible() 2022-04-23 12:53:11 +02:00
trace.c devres: Enable trace events 2021-06-15 17:14:36 +02:00
trace.h devres: Enable trace events 2021-06-15 17:14:36 +02:00
transport_class.c scsi: drivers: base: Propagate errors through the transport component 2020-01-15 22:55:37 -05:00