[PATCH v3 4/7] firmware: add call to LSM hook before firmware sysfs fallback

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v3 4/7] firmware: add call to LSM hook before firmware sysfs fallback
Date: Thu, 24 May 2018 07:09:33 -0400	[thread overview]
Message-ID: <1527160176-29269-5-git-send-email-zohar@linux.vnet.ibm.com> (raw)
In-Reply-To: <1527160176-29269-1-git-send-email-zohar@linux.vnet.ibm.com>

Add an LSM hook prior to allowing firmware sysfs fallback loading.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Luis R. Rodriguez <mcgrof@suse.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Kees Cook <keescook@chromium.org>

Changelog:
- call security_kernel_read_blob()
- rename the READING_FIRMWARE_FALLBACK kernel_read_file_id enumeration to
READING_FIRMWARE_FALLBACK_SYSFS.
---
 drivers/base/firmware_loader/fallback.c | 7 +++++++
 include/linux/fs.h                      | 1 +
 2 files changed, 8 insertions(+)

diff --git a/drivers/base/firmware_loader/fallback.c b/drivers/base/firmware_loader/fallback.c
index 358354148dec..ae102efcc9f0 100644
--- a/drivers/base/firmware_loader/fallback.c
+++ b/drivers/base/firmware_loader/fallback.c
@@ -651,6 +651,8 @@ static bool fw_force_sysfs_fallback(unsigned int opt_flags)
 
 static bool fw_run_sysfs_fallback(unsigned int opt_flags)
 {
+	int ret;
+
 	if (fw_fallback_config.ignore_sysfs_fallback) {
 		pr_info_once("Ignoring firmware sysfs fallback due to sysctl knob\n");
 		return false;
@@ -659,6 +661,11 @@ static bool fw_run_sysfs_fallback(unsigned int opt_flags)
 	if ((opt_flags & FW_OPT_NOFALLBACK))
 		return false;
 
+	/* Also permit LSMs and IMA to fail firmware sysfs fallback */
+	ret = security_kernel_read_data(NULL, READING_FIRMWARE_FALLBACK_SYSFS);
+	if (ret < 0)
+		return ret;
+
 	return fw_force_sysfs_fallback(opt_flags);
 }
 
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 760d8da1b6c7..6e31d9207435 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2810,6 +2810,7 @@ extern int do_pipe_flags(int *, int);
 	id(UNKNOWN, unknown)		\
 	id(FIRMWARE, firmware)		\
 	id(FIRMWARE_PREALLOC_BUFFER, firmware)	\
+	id(FIRMWARE_FALLBACK_SYSFS, firmware)	\
 	id(MODULE, kernel-module)		\
 	id(KEXEC_IMAGE, kexec-image)		\
 	id(KEXEC_INITRAMFS, kexec-initramfs)	\
-- 
2.7.5

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info@ http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2018-05-24 11:09 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-24 11:09 [PATCH v3 0/7] kexec/firmware: support system wide policy requiring signatures Mimi Zohar
2018-05-24 11:09 ` [PATCH v3 1/7] security: rename security_kernel_read_file() hook Mimi Zohar
2018-05-24 20:49   ` Eric W. Biederman
2018-05-24 23:29     ` Mimi Zohar
2018-05-25 12:22     ` Mimi Zohar
2018-05-25 15:41     ` James Morris
2018-05-25 19:51       ` Eric W. Biederman
2018-05-29 20:32         ` James Morris
2018-05-29 21:10           ` Eric W. Biederman
2018-05-24 11:09 ` [PATCH v3 2/7] kexec: add call to LSM hook in original kexec_load syscall Mimi Zohar
2018-05-24 20:50   ` Eric W. Biederman
2018-05-24 11:09 ` [PATCH v3 3/7] ima: based on policy require signed kexec kernel images Mimi Zohar
2018-05-24 11:09 ` Mimi Zohar [this message]
2018-05-24 11:09 ` [PATCH v3 5/7] ima: based on policy require signed firmware (sysfs fallback) Mimi Zohar
2018-05-24 11:09 ` [PATCH v3 6/7] ima: add build time policy Mimi Zohar
2018-05-24 11:09 ` [RFC PATCH v3 7/7] ima: based on policy prevent loading firmware (pre-allocated buffer) Mimi Zohar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:358354148de dfblob:ae102efcc9f dfblob:760d8da1b6c
dfblob:6e31d920743 )
 OR (
bs:"[PATCH v3 4/7] firmware: add call to LSM hook before firmware sysfs fallback" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1527160176-29269-5-git-send-email-zohar@linux.vnet.ibm.com \
    --to=zohar@linux.vnet.ibm.com \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).