diff options
| author | Zong-Zhe Yang <[email protected]> | 2022-12-02 14:05:20 +0800 |
|---|---|---|
| committer | Kalle Valo <[email protected]> | 2022-12-08 16:47:29 +0200 |
| commit | 3ddfe3bdd3cf199676737fbd8cb7878b962acd2a (patch) | |
| tree | 1d41ebc3acc624582be7a49f3c250f65175ed6a8 /lib/mpi/mpicoder.c | |
| parent | c2f2924bc7f9ea75ef8d95863e710168f8196256 (diff) | |
wifi: rtw89: don't request partial firmware if SECURITY_LOADPIN_ENFORCE
Kernel logs on platform enabling SECURITY_LOADPIN_ENFORCE
------
```
LoadPin: firmware old-api-denied obj=<unknown> pid=810 cmdline="modprobe -q -- rtw89_8852ce"
rtw89_8852ce 0000:01:00.0: loading /lib/firmware/rtw89/rtw8852c_fw.bin failed with error -1
rtw89_8852ce 0000:01:00.0: Direct firmware load for rtw89/rtw8852c_fw.bin failed with error -1
rtw89_8852ce 0000:01:00.0: failed to early request firmware: -1
```
Trace
------
```
request_partial_firmware_into_buf()
> _request_firmware()
>> fw_get_filesystem_firmware()
>>> kernel_read_file_from_path_initns()
>>>> kernel_read_file()
>>>>> security_kernel_read_file()
// It will iterate enabled LSMs' hooks for kernel_read_file.
// With loadpin, it hooks loadpin_read_file.
```
If SECURITY_LOADPIN_ENFORCE is enabled, doing kernel_read_file() on partial
files will be denied and return -EPERM (-1). Then, the outer API based on it,
e.g. request_partial_firmware_into_buf(), will get the error.
In the case, we cannot get the firmware stuffs right, even though there might
be no error other than a permission issue on reading a partial file. So we have
to request full firmware if SECURITY_LOADPIN_ENFORCE is enabled. It makes us
still have a chance to do early firmware work on this kind of platforms.
Signed-off-by: Zong-Zhe Yang <[email protected]>
Signed-off-by: Ping-Ke Shih <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'lib/mpi/mpicoder.c')
0 files changed, 0 insertions, 0 deletions