[PATCH v3 12/19] firmware_loader: Use security_post_load_data()
Kees Cook
keescook at chromium.org
Wed Jul 29 19:13:12 UTC 2020
On Wed, Jul 29, 2020 at 02:10:18PM -0400, Mimi Zohar wrote:
> Actually, the partial firmware read should be calling
> security_kernel_read_file().
Yup, it does[1], and when "whole_file" is true, it will call
security_kernel_post_read_file() with the buffer contents at the end.
> The sysfs firmware fallback is calling security_kernel_load_data().
Correct[2]; it has no file associated with it (same as the EFI platform
source).
> Which firmware is calling security_kernel_post_load_data()?
sysfs and platform both call it[2], matched with their
security_kernel_load_data() calls.
-Kees
[1] v4 patch 14: "fs/kernel_file_read: Add "offset" arg for partial reads"
https://lore.kernel.org/lkml/20200729175845.1745471-1-keescook@chromium.org/T/#iZ2e.:..:20200729175845.1745471-15-keescook::40chromium.org:0fs:kernel_read_file.c
[2] v4 patch 10: "firmware_loader: Use security_post_load_data()"
https://lore.kernel.org/lkml/20200729175845.1745471-1-keescook@chromium.org/T/#iZ2e.:..:20200729175845.1745471-11-keescook::40chromium.org:0drivers:base:firmware_loader:fallback.c
--
Kees Cook
More information about the Linux-security-module-archive
mailing list