mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-20 11:28:15 +07:00
e40ba6d56b
Replace the fw_read_file_contents with kernel_file_read_from_path(). Although none of the upstreamed LSMs define a kernel_fw_from_file hook, IMA is called by the security function to prevent unsigned firmware from being loaded and to measure/appraise signed firmware, based on policy. Instead of reading the firmware twice, once for measuring/appraising the firmware and again for reading the firmware contents into memory, the kernel_post_read_file() security hook calculates the file hash based on the in memory file buffer. The firmware is read once. This patch removes the LSM kernel_fw_from_file() hook and security call. Changelog v4+: - revert dropped buf->size assignment - reported by Sergey Senozhatsky v3: - remove kernel_fw_from_file hook - use kernel_file_read_from_path() - requested by Luis v2: - reordered and squashed firmware patches - fix MAX firmware size (Kees Cook) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Luis R. Rodriguez <mcgrof@kernel.org> |
||
|---|---|---|
| .. | ||
| ima_api.c | ||
| ima_appraise.c | ||
| ima_crypto.c | ||
| ima_fs.c | ||
| ima_init.c | ||
| ima_main.c | ||
| ima_mok.c | ||
| ima_policy.c | ||
| ima_queue.c | ||
| ima_template_lib.c | ||
| ima_template_lib.h | ||
| ima_template.c | ||
| ima.h | ||
| Kconfig | ||
| Makefile | ||