[RFC/PATCHv3 v3 3/3] firmware: Support loading into a pre-allocated buffer
Stephen Boyd
stephen.boyd at linaro.org
Wed May 11 15:11:01 PDT 2016
Quoting Mimi Zohar (2016-05-11 13:46:46)
> On Wed, 2016-05-11 at 13:22 -0700, Stephen Boyd wrote:
> > Quoting Mimi Zohar (2016-05-11 05:41:52)
> > > Hi Stephen,
> > >
> > > On Tue, 2016-05-10 at 15:26 -0700, Stephen Boyd wrote:
> > >
> > > > -static int fw_get_filesystem_firmware(struct device *device,
> > > > - struct firmware_buf *buf)
> > > > +static int
> > > > +fw_get_filesystem_firmware(struct device *device, struct firmware_buf *buf)
> > > > {
> > > > loff_t size;
> > > > int i, len;
> > > > int rc = -ENOENT;
> > > > char *path;
> > > > + enum kernel_read_file_id id = READING_FIRMWARE;
> > > > + size_t msize = INT_MAX;
> > > > +
> > > > + /* Already populated data member means we're loading into a buffer */
> > > > + if (buf->data) {
> > > > + id = READING_FIRMWARE_INTO_BUF;
> > >
> > > In both cases we're reading the firmware into a buffer. In this case,
> > > it is pre-allocated. Other than it being pre-allocated, is there
> > > anything special about this buffer?
> >
> > No. I'm not sure what you're asking/implying.
> >
> > > There has to be a more appropriate
> > > string identifier.
> >
> > Ok. Any suggestions? The point of the new id is so that we know if we
> > need to allocate the buffer or not in kernel_read_file().
>
> If you're still using DMA, then perhaps "READING_FIRMWARE_DMA". If the
> only difference is that the buffer is pre-allocated, then maybe
> "READING_FIRMWARE_PREALLOC_BUFFER".
Sure, READING_FIRMWARE_PREALLOC_BUFFER is fine.
>
> > Alternatively
> > we could indicate that by a NULL *buf pointer, but it seems that half
> > the time that's not initialized to NULL so it didn't seem safe to rely
> > on that fact or update the callsites appropriately.
>
> Assuming that the pre-allocated buffer is smaller than the firmware
> size, then a new name definitely needs to be specified, so that the
> firmware signature can be verified on the security_kernel_read_file()
> hook, as opposed to the security_kernel_post_read_file() hook. The
> patch would look something like:
I don't think we care about the case of the pre-allocated buffer being
smaller than the firmware size though. In that case, 'max_size' will be
less than 'i_size' in kernel_read_file() and then we would fail that
function with -EFBIG. This should allow IMA to treat this the same as
the READING_FIRMWARE case.
More information about the linux-arm
mailing list