Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4611322ioa; Wed, 27 Apr 2022 07:27:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBYy9Wch0sKbj+9hUMU5hxAbItC64xMKONCN6tNHDFc0bmjNcWfGCjh4vOgzPchw0xuppE X-Received: by 2002:a63:6687:0:b0:3aa:193b:7a70 with SMTP id a129-20020a636687000000b003aa193b7a70mr24381020pgc.493.1651069667970; Wed, 27 Apr 2022 07:27:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651069667; cv=none; d=google.com; s=arc-20160816; b=WJok9clQRcTR1hmQNfZttAoglAPB9riZKDylW+a6E0fvvz/iAQHcjMD4vJK385Y7y+ Ts+NrBPYd0rJkHiMY9ZugW7CqqGvCUJckwG14+eAOSiAGMR2V1Ucqfp+RlFwlFyJLENr nKk6/Jsrp4LzicOnF6VlxX+MwJ9qdN29eoz5HlCln6A/LvYVCTgFw15LUeFO2hYbmn1b QKq8MIgUT1pp+AX4Bj5nl1mTriqS+PUBTUwC9w5LQCjALjxLmfulkSkguH++NwI6Rv10 8t8hFGDwmjKrsaS9O3W5FLOay3sksDXHZTUZNClTkbAj/LhDVIFu8gHTy9J7NG94nGFL h6TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=cQkL9trQUR2+NQzgjdaYFGiSEDlNIUcLL65oyUxQarg=; b=NqZCbR4tOaxi4vEJ5OgKY7Hm/mCVTXxfPRnTwlZ1inVbAAMvDQAegoi7ur5kHcMvAS +eZgKHgbchGJmpdsls8zJ/mZqW1VTlDh6u549G03oqMcz/iqDdCY+0FJcoV7eB3pCiTD nf1xRGJK4BMZCivCA97ki+Yr0vJY9aLp45xpr+M7talE21KdjTTTf1yFziFLaiv3mH7i inRxofIWaQ1Hlkfl0Syrar0uuBmPaUi6VpYlNxKussZyf4omyNMZjq1wHu0jb0pjU+uj aO1a+tSN37Zlu1BKgwClNRLew9V6JNpXxpI2sQ/7PRcHdgGfNmYM63AUJFXofijbDk2T fcXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=klOP8OWw; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id s18-20020a656912000000b003816043f09fsi1604280pgq.660.2022.04.27.07.27.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 07:27:47 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=klOP8OWw; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 554C34739A; Wed, 27 Apr 2022 06:59:37 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236883AbiD0OC1 (ORCPT + 99 others); Wed, 27 Apr 2022 10:02:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42282 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236807AbiD0OCT (ORCPT ); Wed, 27 Apr 2022 10:02:19 -0400 Received: from alexa-out-sd-02.qualcomm.com (alexa-out-sd-02.qualcomm.com [199.106.114.39]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E4AF04738F; Wed, 27 Apr 2022 06:58:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim; t=1651067919; x=1682603919; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=cQkL9trQUR2+NQzgjdaYFGiSEDlNIUcLL65oyUxQarg=; b=klOP8OWwbSYSkTt75BegfHoYXzjI797kNT7WT6DrK3nZ6wDTc8v4dQcS 5bBGOr0RLZGetdbGuo/Y0NmD69QzsyM21qswclBQSbfPszJEgKea0v38r 1SXE/nWPuOY2t+nZOcO4dEQQuErCh4kFia3S1p7nqTsSkReSyPRDywfD9 o=; Received: from unknown (HELO ironmsg05-sd.qualcomm.com) ([10.53.140.145]) by alexa-out-sd-02.qualcomm.com with ESMTP; 27 Apr 2022 06:58:28 -0700 X-QCInternal: smtphost Received: from nasanex01c.na.qualcomm.com ([10.47.97.222]) by ironmsg05-sd.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2022 06:58:27 -0700 Received: from nalasex01a.na.qualcomm.com (10.47.209.196) by nasanex01c.na.qualcomm.com (10.47.97.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 27 Apr 2022 06:58:26 -0700 Received: from qian (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Wed, 27 Apr 2022 06:58:25 -0700 Date: Wed, 27 Apr 2022 09:58:23 -0400 From: Qian Cai To: =?iso-8859-1?Q?Thi=E9baud?= Weksteen CC: Luis Chamberlain , Greg Kroah-Hartman , Jeffrey Vander Stoep , Saravana Kannan , Alistair Delva , Adam Shih , , Subject: Re: [PATCH v2] firmware_loader: use kernel credentials when reading firmware Message-ID: <20220427135823.GD71@qian> References: <20220422013215.2301793-1-tweek@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20220422013215.2301793-1-tweek@google.com> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01a.na.qualcomm.com (10.47.209.196) X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 22, 2022 at 11:32:15AM +1000, Thi?baud Weksteen wrote: > drivers/base/firmware_loader/main.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c > index 94d1789a233e..8f3c2b2cfc61 100644 > --- a/drivers/base/firmware_loader/main.c > +++ b/drivers/base/firmware_loader/main.c > @@ -735,6 +735,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, > size_t offset, u32 opt_flags) > { > struct firmware *fw = NULL; > + struct cred *kern_cred = NULL; > + const struct cred *old_cred; > bool nondirect = false; > int ret; > > @@ -751,6 +753,18 @@ _request_firmware(const struct firmware **firmware_p, const char *name, > if (ret <= 0) /* error or already assigned */ > goto out; > > + /* > + * We are about to try to access the firmware file. Because we may have been > + * called by a driver when serving an unrelated request from userland, we use > + * the kernel credentials to read the file. > + */ > + kern_cred = prepare_kernel_cred(NULL); This triggers quite some leak reports from kmemleak. unreferenced object 0xffff0801e47690c0 (size 176): comm "kworker/0:1", pid 14, jiffies 4294904047 (age 2208.624s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: kmem_cache_alloc prepare_kernel_cred _request_firmware firmware_request_nowarn firmware_request_nowarn at drivers/base/firmware_loader/main.c:933 nvkm_firmware_get [nouveau] nvkm_firmware_get at drivers/gpu/drm/nouveau/nvkm/core/firmware.c:92 nvkm_firmware_load_name [nouveau] nvkm_acr_lsfw_load_bl_inst_data_sig [nouveau] gm200_gr_load [nouveau] gf100_gr_new_ [nouveau] tu102_gr_new [nouveau] nvkm_device_ctor [nouveau] nvkm_device_pci_new [nouveau] nouveau_drm_probe [nouveau] local_pci_probe work_for_cpu_fn process_one_work > + if (!kern_cred) { > + ret = -ENOMEM; > + goto out; > + } > + old_cred = override_creds(kern_cred); > + > ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL); > > /* Only full reads can support decompression, platform, and sysfs. */ > @@ -776,6 +790,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, > } else > ret = assign_fw(fw, device); > > + revert_creds(old_cred); > + > out: > if (ret < 0) { > fw_abort_batch_reqs(fw); > -- > 2.36.0.rc2.479.g8af0fa9b8e-goog >