mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-18 20:04:16 +08:00
e40ba6d56b
Replace the fw_read_file_contents with kernel_file_read_from_path(). Although none of the upstreamed LSMs define a kernel_fw_from_file hook, IMA is called by the security function to prevent unsigned firmware from being loaded and to measure/appraise signed firmware, based on policy. Instead of reading the firmware twice, once for measuring/appraising the firmware and again for reading the firmware contents into memory, the kernel_post_read_file() security hook calculates the file hash based on the in memory file buffer. The firmware is read once. This patch removes the LSM kernel_fw_from_file() hook and security call. Changelog v4+: - revert dropped buf->size assignment - reported by Sergey Senozhatsky v3: - remove kernel_fw_from_file hook - use kernel_file_read_from_path() - requested by Luis v2: - reordered and squashed firmware patches - fix MAX firmware size (Kees Cook) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Luis R. Rodriguez <mcgrof@kernel.org> |
||
|---|---|---|
| .. | ||
| power | ||
| regmap | ||
| attribute_container.c | ||
| base.h | ||
| bus.c | ||
| cacheinfo.c | ||
| class.c | ||
| component.c | ||
| container.c | ||
| core.c | ||
| cpu.c | ||
| dd.c | ||
| devcoredump.c | ||
| devres.c | ||
| devtmpfs.c | ||
| dma-coherent.c | ||
| dma-contiguous.c | ||
| dma-mapping.c | ||
| driver.c | ||
| firmware_class.c | ||
| firmware.c | ||
| hypervisor.c | ||
| init.c | ||
| isa.c | ||
| Kconfig | ||
| Makefile | ||
| map.c | ||
| memory.c | ||
| module.c | ||
| node.c | ||
| pinctrl.c | ||
| platform-msi.c | ||
| platform.c | ||
| property.c | ||
| soc.c | ||
| syscore.c | ||
| topology.c | ||
| transport_class.c | ||