Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp532811iob; Wed, 4 May 2022 02:20:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUnadxmAnO+BvSBkScj0pk3rDF+S4ffQsE4jeGOx9lW+H3ZcFCcFs9co8aKlgVd4syPDUh X-Received: by 2002:a17:907:a425:b0:6f4:9522:e60b with SMTP id sg37-20020a170907a42500b006f49522e60bmr6210890ejc.88.1651656016705; Wed, 04 May 2022 02:20:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651656016; cv=none; d=google.com; s=arc-20160816; b=OivVxvklS/ZND0IS1URu2lIOUHgXuJAti+rK+ZbmYi0fFqVLp+Icd8SyWy48HlHnXD c3G5zOqdQCxl81+AyP/dv5K/gnDfsEWnyjKl1mZKaQ8DnBD9BfE6JnCtYucQJh0uPjb+ LnoeP1ah/sUA3RuG9yX1WHEsVChF14GZ7QvIPAygcgxnhtj/wBmWyPaavsIeMmqB+gee IsEgYNDayKNlL5yaIJk5qzoxm2yBqMuj4vygea+pwLD/zHn9lNXqOna1r/PVZfBm5AC1 lk8OoGxkCaUa5emQGdt0K1wbXFLZ9ANrf7fMTEykJ0Ht5A3h2X+fpuryfSQd79uuonwv WUvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=QwbxKW/u1C+Gw4rhvaiXK5OBQkHPMzPp/1lAC0EgVgY=; b=i+nAV6d11CJnke6V6i09/5ICWIPhuA3vNstw+D0/+gPqhH0Jph3c3Mi7D85umSoekz sMkQ4vSeiYJX5ACwFVdCWapl/IDOift4fOmBETDtu96PPaDbf6ULWaj+q7H93s9O2oko cGPO+LjyViiRyubQ8Se58b8qZ8zSAF+G1pIIuIBa4CZR9tu5M6Wn0bu52vbA0MfueSVb XUvCWyCxSrAiilB+tg16fCWgLngf9S0cSIJfDiE8pt/nSOhop1Q9RuNrumJRlCe2n95I pVHaLL3pLJ+CJdjvLeatmShTTBgPEH8wrHNPcJQTQJwKn7uXcd724s+cOwMw7N/gwI/r 9EMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=hXj3RdTJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a13-20020a1709062b0d00b006e877f0ba78si16243079ejg.705.2022.05.04.02.19.52; Wed, 04 May 2022 02:20:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=hXj3RdTJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236024AbiECUHl (ORCPT + 99 others); Tue, 3 May 2022 16:07:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230514AbiECUHe (ORCPT ); Tue, 3 May 2022 16:07:34 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BB18403C6; Tue, 3 May 2022 13:04:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:In-Reply-To: Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description; bh=QwbxKW/u1C+Gw4rhvaiXK5OBQkHPMzPp/1lAC0EgVgY=; b=hXj3RdTJQJZS0m9a+3dmdiPVYD 9AKTxlTpaHHH1tc1UZSwB9gfZPqmaH0wTyJiwX+X6NaqIsC+O79vyuLbKIcmbsH27MRBPvYT5Y1nF Gl6bSq+z3ErnocVhEJByW/YhiHi0FsUfD3d9ila4PNOUDiyefh778CeGp5qpDEbcgH9dPlCfyLW8Q a1XWRMdD6YT00hXthG7QDbIVZXp3Yu1r/ZudW5qHaKwjC9xN4lvFEB/n8na/BAslEfYfS53d+JWaz 9XRD/fKaHQcuvfyUAI0UEwwefl+Gr0WzgBNLXKmA7zKmsbFqZIrKfIuTVqOmjCcriK/BDYjleZbPk eKnzBIQg==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1nlykU-007U4h-AT; Tue, 03 May 2022 20:03:54 +0000 Date: Tue, 3 May 2022 13:03:54 -0700 From: Luis Chamberlain To: =?iso-8859-1?Q?Thi=E9baud?= Weksteen Cc: Greg Kroah-Hartman , Qian Cai , John Stultz , Jeffrey Vander Stoep , Saravana Kannan , Alistair Delva , Adam Shih , selinux@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH v4] firmware_loader: use kernel credentials when reading firmware Message-ID: References: <20220502004952.3970800-1-tweek@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20220502004952.3970800-1-tweek@google.com> Sender: Luis Chamberlain X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 02, 2022 at 10:49:52AM +1000, Thi?baud Weksteen wrote: > Device drivers may decide to not load firmware when probed to avoid > slowing down the boot process should the firmware filesystem not be > available yet. In this case, the firmware loading request may be done > when a device file associated with the driver is first accessed. The > credentials of the userspace process accessing the device file may be > used to validate access to the firmware files requested by the driver. > Ensure that the kernel assumes the responsibility of reading the > firmware. > > This was observed on Android for a graphic driver loading their firmware > when the device file (e.g. /dev/mali0) was first opened by userspace > (i.e. surfaceflinger). The security context of surfaceflinger was used > to validate the access to the firmware file (e.g. > /vendor/firmware/mali.bin). > > Previously, Android configurations were not setting up the > firmware_class.path command line argument and were relying on the > userspace fallback mechanism. In this case, the security context of the > userspace daemon (i.e. ueventd) was consistently used to read firmware > files. More Android devices are now found to set firmware_class.path > which gives the kernel the opportunity to read the firmware directly > (via kernel_read_file_from_path_initns). In this scenario, the current > process credentials were used, even if unrelated to the loading of the > firmware file. > > Signed-off-by: Thi?baud Weksteen > Cc: # 5.10 Acked-by: Luis Chamberlain Luis