LoadPin: Ignore the "contents" argument of the LSM hooks
[ Upstream commit1a17e5b513
] LoadPin only enforces the read-only origin of kernel file reads. Whether or not it was a partial read isn't important. Remove the overly conservative checks so that things like partial firmware reads will succeed (i.e. reading a firmware header). Fixes:2039bda1fa
("LSM: Add "contents" flag to kernel_read_file hook") Cc: Paul Moore <paul@paul-moore.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Tested-by: Ping-Ke Shih <pkshih@realtek.com> Link: https://lore.kernel.org/r/20221209195453.never.494-kees@kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Родитель
584202b0f1
Коммит
8877df8135
|
@ -118,21 +118,11 @@ static void loadpin_sb_free_security(struct super_block *mnt_sb)
|
|||
}
|
||||
}
|
||||
|
||||
static int loadpin_read_file(struct file *file, enum kernel_read_file_id id,
|
||||
bool contents)
|
||||
static int loadpin_check(struct file *file, enum kernel_read_file_id id)
|
||||
{
|
||||
struct super_block *load_root;
|
||||
const char *origin = kernel_read_file_id_str(id);
|
||||
|
||||
/*
|
||||
* If we will not know that we'll be seeing the full contents
|
||||
* then we cannot trust a load will be complete and unchanged
|
||||
* off disk. Treat all contents=false hooks as if there were
|
||||
* no associated file struct.
|
||||
*/
|
||||
if (!contents)
|
||||
file = NULL;
|
||||
|
||||
/* If the file id is excluded, ignore the pinning. */
|
||||
if ((unsigned int)id < ARRAY_SIZE(ignore_read_file_id) &&
|
||||
ignore_read_file_id[id]) {
|
||||
|
@ -187,9 +177,25 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int loadpin_read_file(struct file *file, enum kernel_read_file_id id,
|
||||
bool contents)
|
||||
{
|
||||
/*
|
||||
* LoadPin only cares about the _origin_ of a file, not its
|
||||
* contents, so we can ignore the "are full contents available"
|
||||
* argument here.
|
||||
*/
|
||||
return loadpin_check(file, id);
|
||||
}
|
||||
|
||||
static int loadpin_load_data(enum kernel_load_data_id id, bool contents)
|
||||
{
|
||||
return loadpin_read_file(NULL, (enum kernel_read_file_id) id, contents);
|
||||
/*
|
||||
* LoadPin only cares about the _origin_ of a file, not its
|
||||
* contents, so a NULL file is passed, and we can ignore the
|
||||
* state of "contents".
|
||||
*/
|
||||
return loadpin_check(NULL, (enum kernel_read_file_id) id);
|
||||
}
|
||||
|
||||
static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
|
||||
|
|
Загрузка…
Ссылка в новой задаче