Ping-Ke Shih <pkshih@xxxxxxxxxxx> wrote: > From: Zong-Zhe Yang <kevin_yang@xxxxxxxxxxx> > > Kernel logs on platform enabling SECURITY_LOADPIN_ENFORCE > ------ > ``` > LoadPin: firmware old-api-denied obj=<unknown> pid=810 cmdline="modprobe -q -- rtw89_8852ce" > rtw89_8852ce 0000:01:00.0: loading /lib/firmware/rtw89/rtw8852c_fw.bin failed with error -1 > rtw89_8852ce 0000:01:00.0: Direct firmware load for rtw89/rtw8852c_fw.bin failed with error -1 > rtw89_8852ce 0000:01:00.0: failed to early request firmware: -1 > ``` > > Trace > ------ > ``` > request_partial_firmware_into_buf() > > _request_firmware() > >> fw_get_filesystem_firmware() > >>> kernel_read_file_from_path_initns() > >>>> kernel_read_file() > >>>>> security_kernel_read_file() > // It will iterate enabled LSMs' hooks for kernel_read_file. > // With loadpin, it hooks loadpin_read_file. > ``` > > If SECURITY_LOADPIN_ENFORCE is enabled, doing kernel_read_file() on partial > files will be denied and return -EPERM (-1). Then, the outer API based on it, > e.g. request_partial_firmware_into_buf(), will get the error. > > In the case, we cannot get the firmware stuffs right, even though there might > be no error other than a permission issue on reading a partial file. So we have > to request full firmware if SECURITY_LOADPIN_ENFORCE is enabled. It makes us > still have a chance to do early firmware work on this kind of platforms. > > Signed-off-by: Zong-Zhe Yang <kevin_yang@xxxxxxxxxxx> > Signed-off-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx> 2 patches applied to wireless-next.git, thanks. 3ddfe3bdd3cf wifi: rtw89: don't request partial firmware if SECURITY_LOADPIN_ENFORCE 13eb07e0be1b wifi: rtw89: request full firmware only once if it's early requested -- https://patchwork.kernel.org/project/linux-wireless/patch/20221202060521.501512-2-pkshih@xxxxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches