| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dc122066-9973-a1be-3456-6d6181a8fc9f@redhat.com>
Date: Tue, 1 May 2018 21:11:25 +0200
From: Hans de Goede <hdegoede@...hat.com>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
"Luis R . Rodriguez" <mcgrof@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>
Cc: Peter Jones <pjones@...hat.com>, Dave Olsthoorn <dave@...aar.me>,
Will Deacon <will.deacon@....com>,
Andy Lutomirski <luto@...nel.org>,
Matt Fleming <matt@...eblueprint.co.uk>,
David Howells <dhowells@...hat.com>,
Josh Triplett <josh@...htriplett.org>,
dmitry.torokhov@...il.com, mfuzzey@...keon.com,
Kalle Valo <kvalo@...eaurora.org>,
Arend Van Spriel <arend.vanspriel@...adcom.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
nbroeking@...com, bjorn.andersson@...aro.org,
Torsten Duwe <duwe@...e.de>, Kees Cook <keescook@...omium.org>,
x86@...nel.org, linux-efi@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-security-module <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v5 2/5] efi: Add embedded peripheral firmware support
Hi,
On 01-05-18 16:36, Mimi Zohar wrote:
> [Cc'ing linux-security]
>
> On Sun, 2018-04-29 at 11:35 +0200, Hans de Goede wrote:
> [...]
>> diff --git a/drivers/base/firmware_loader/fallback_efi.c b/drivers/base/firmware_loader/fallback_efi.c
>> new file mode 100644
>> index 000000000000..82ba82f48a79
>> --- /dev/null
>> +++ b/drivers/base/firmware_loader/fallback_efi.c
>> @@ -0,0 +1,51 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +
>> +#include <linux/efi_embedded_fw.h>
>> +#include <linux/property.h>
>> +#include <linux/security.h>
>> +#include <linux/vmalloc.h>
>> +
>> +#include "fallback.h"
>> +#include "firmware.h"
>> +
>> +int fw_get_efi_embedded_fw(struct device *dev, struct fw_priv *fw_priv,
>> + enum fw_opt *opt_flags, int ret)
>> +{
>> + enum kernel_read_file_id id = READING_FIRMWARE;
>
> Please define a new kernel_read_file_id for this (eg.
> READING_FIRMWARE_EFI_EMBEDDED).
Are you sure, I wonder how useful it is to add a new
kernel_read_file_id every time a new way to get firmware
comes up?
I especially wonder about the sense in adding a new id
given that the quite old FIRMWARE_PREALLOC_BUFFER is
still not supported / checked properly by the security code.
Anyways I can add a new id if you want me to, what about
when fw_get_efi_embedded_fw is reading into a driver allocated
buffer, do you want a separate EADING_FIRMWARE_EFI_EMBEDDED_PREALLOC_BUFFER
for that ?
>
>> + size_t size, max = INT_MAX;
>> + int rc;
>> +
>> + if (!dev)
>> + return ret;
>> +
>> + if (!device_property_read_bool(dev, "efi-embedded-firmware"))
>> + return ret;
>
> Instead of calling security_kernel_post_read_file(), either in
> device_property_read_bool() or here call security_kernel_read_file().
>
> The pre read call is for deciding whether to allow this call
> independent of the firmware being loaded, whereas the post security
> call is currently being used by IMA-appraisal for verifying a
> signature. There might be other LSMs using the post hook as well. As
> there is no kernel signature associated with this firmware, use the
> security pre read_file hook.
Only the pre hook? I believe the post-hook should still be called too,
right? So that we've hashes of all loaded firmwares in the IMA core.
Regards,
Hans
>
> thanks,
>
> Mimi
>
>> +
>> + *opt_flags |= FW_OPT_NO_WARN | FW_OPT_NOCACHE | FW_OPT_NOFALLBACK;
>> +
>> + /* Already populated data member means we're loading into a buffer */
>> + if (fw_priv->data) {
>> + id = READING_FIRMWARE_PREALLOC_BUFFER;
>> + max = fw_priv->allocated_size;
>> + }
>> +
>> + rc = efi_get_embedded_fw(fw_priv->fw_name, &fw_priv->data, &size, max);
>> + if (rc) {
>> + dev_warn(dev, "Firmware %s not in EFI\n", fw_priv->fw_name);
>> + return ret;
>> + }
>> +
>> + rc = security_kernel_post_read_file(NULL, fw_priv->data, size, id);
>> + if (rc) {
>> + if (id != READING_FIRMWARE_PREALLOC_BUFFER) {
>> + vfree(fw_priv->data);
>> + fw_priv->data = NULL;
>> + }
>> + return rc;
>> + }
>> +
>> + dev_dbg(dev, "using efi-embedded fw %s\n", fw_priv->fw_name);
>> + fw_priv->size = size;
>> + fw_state_done(fw_priv);
>> + return 0;
>> +}
>
Powered by blists - more mailing lists