Re: [PATCH v2] firmware_loader: use kernel credentials when reading firmware

From: Qian Cai
Date: Wed Apr 27 2022 - 09:59:19 EST

Next message: Jason A. Donenfeld: "is "premature next" a real world rng concern, or just an academic exercise?"
Previous message: Lukasz Luba: "Re: [RFC PATCH v3 2/5] cpuidle: Add Cpufreq Active Stats calls tracking idle entry/exit"
In reply to: Luis Chamberlain: "Re: [PATCH v2] firmware_loader: use kernel credentials when reading firmware"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v2] firmware_loader: use kernel credentials when reading firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 22, 2022 at 11:32:15AM +1000, Thiébaud Weksteen wrote:
> drivers/base/firmware_loader/main.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c
> index 94d1789a233e..8f3c2b2cfc61 100644
> --- a/drivers/base/firmware_loader/main.c
> +++ b/drivers/base/firmware_loader/main.c
> @@ -735,6 +735,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
> size_t offset, u32 opt_flags)
> {
> struct firmware *fw = NULL;
> + struct cred *kern_cred = NULL;
> + const struct cred *old_cred;
> bool nondirect = false;
> int ret;
>
> @@ -751,6 +753,18 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
> if (ret <= 0) /* error or already assigned */
> goto out;
>
> + /*
> + * We are about to try to access the firmware file. Because we may have been
> + * called by a driver when serving an unrelated request from userland, we use
> + * the kernel credentials to read the file.
> + */
> + kern_cred = prepare_kernel_cred(NULL);

This triggers quite some leak reports from kmemleak.

unreferenced object 0xffff0801e47690c0 (size 176):
comm "kworker/0:1", pid 14, jiffies 4294904047 (age 2208.624s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
kmem_cache_alloc
prepare_kernel_cred
_request_firmware
firmware_request_nowarn
firmware_request_nowarn at drivers/base/firmware_loader/main.c:933
nvkm_firmware_get [nouveau]
nvkm_firmware_get at drivers/gpu/drm/nouveau/nvkm/core/firmware.c:92
nvkm_firmware_load_name [nouveau]
nvkm_acr_lsfw_load_bl_inst_data_sig [nouveau]
gm200_gr_load [nouveau]
gf100_gr_new_ [nouveau]
tu102_gr_new [nouveau]
nvkm_device_ctor [nouveau]
nvkm_device_pci_new [nouveau]
nouveau_drm_probe [nouveau]
local_pci_probe
work_for_cpu_fn
process_one_work

> + if (!kern_cred) {
> + ret = -ENOMEM;
> + goto out;
> + }
> + old_cred = override_creds(kern_cred);
> +
> ret = fw_get_filesystem_firmware(device, fw->priv, "", NULL);
>
> /* Only full reads can support decompression, platform, and sysfs. */
> @@ -776,6 +790,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
> } else
> ret = assign_fw(fw, device);
>
> + revert_creds(old_cred);
> +
> out:
> if (ret < 0) {
> fw_abort_batch_reqs(fw);
> --
> 2.36.0.rc2.479.g8af0fa9b8e-goog
>

Next message: Jason A. Donenfeld: "is "premature next" a real world rng concern, or just an academic exercise?"
Previous message: Lukasz Luba: "Re: [RFC PATCH v3 2/5] cpuidle: Add Cpufreq Active Stats calls tracking idle entry/exit"
In reply to: Luis Chamberlain: "Re: [PATCH v2] firmware_loader: use kernel credentials when reading firmware"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v2] firmware_loader: use kernel credentials when reading firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]