On Thu, Apr 28, 2022 at 04:17:07PM +1000, Thiébaud Weksteen wrote: > Device drivers may decide to not load firmware when probed to avoid > slowing down the boot process should the firmware filesystem not be > available yet. In this case, the firmware loading request may be done > when a device file associated with the driver is first accessed. The > credentials of the userspace process accessing the device file may be > used to validate access to the firmware files requested by the driver. > Ensure that the kernel assumes the responsibility of reading the > firmware. > > This was observed on Android for a graphic driver loading their firmware > when the device file (e.g. /dev/mali0) was first opened by userspace > (i.e. surfaceflinger). The security context of surfaceflinger was used > to validate the access to the firmware file (e.g. > /vendor/firmware/mali.bin). > > Previously, Android configurations were not setting up the > firmware_class.path command line argument and were relying on the > userspace fallback mechanism. In this case, the security context of the > userspace daemon (i.e. ueventd) was consistently used to read firmware > files. More Android devices are now found to set firmware_class.path > which gives the kernel the opportunity to read the firmware directly > (via kernel_read_file_from_path_initns). In this scenario, the current > process credentials were used, even if unrelated to the loading of the > firmware file. > > Signed-off-by: Thiébaud Weksteen <tweek@xxxxxxxxxx> > --- As stated before, should this go to stable kernels? If so, how far back? And you forgot to cc: John? thanks, greg k-h
