leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
901cff7cb9
linux/drivers/base
History
Topi Miettinen 901cff7cb9 firmware_loader: load files from the mount namespace of init 
I have an experimental setup where almost every possible system
service (even early startup ones) runs in separate namespace, using a
dedicated, minimal file system. In process of minimizing the contents
of the file systems with regards to modules and firmware files, I
noticed that in my system, the firmware files are loaded from three
different mount namespaces, those of systemd-udevd, init and
systemd-networkd. The logic of the source namespace is not very clear,
it seems to depend on the driver, but the namespace of the current
process is used.

So, this patch tries to make things a bit clearer and changes the
loading of firmware files only from the mount namespace of init. This
may also improve security, though I think that using firmware files as
attack vector could be too impractical anyway.

Later, it might make sense to make the mount namespace configurable,
for example with a new file in /proc/sys/kernel/firmware_config/. That
would allow a dedicated file system only for firmware files and those
need not be present anywhere else. This configurability would make
more sense if made also for kernel modules and /sbin/modprobe. Modules
are already loaded from init namespace (usermodehelper uses kthreadd
namespace) except when directly loaded by systemd-udevd.

Instead of using the mount namespace of the current process to load
firmware files, use the mount namespace of init process.

Link: https://lore.kernel.org/lkml/bb46ebae-4746-90d9-ec5b-fce4c9328c86@gmail.com/
Link: https://lore.kernel.org/lkml/0e3f7653-c59d-9341-9db2-c88f5b988c68@gmail.com/
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Link: https://lore.kernel.org/r/20200123125839.37168-1-toiwoton@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-02-10 15:39:28 -08:00
..
firmware_loader firmware_loader: load files from the mount namespace of init 2020-02-10 15:39:28 -08:00
power ARM: SoC-related driver updates 2020-02-08 14:04:19 -08:00
regmap regmap: fix writes to non incrementing registers 2020-01-21 17:16:26 +00:00
test Driver core changes for 5.6-rc1 2020-01-29 10:18:20 -08:00
arch_topology.c cpu-topology: Don't error on more than CONFIG_NR_CPUS CPUs in device tree 2020-01-17 15:21:49 +01:00
attribute_container.c scsi: drivers: base: Support atomic version of attribute_container_device_trigger 2020-01-15 22:55:36 -05:00
base.h device.h: move devtmpfs prototypes out of the file 2019-12-16 10:10:18 +01:00
bus.c device.h: move 'struct bus' stuff out to device/bus.h 2019-12-16 10:11:12 +01:00
cacheinfo.c Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
class.c device.h: move 'struct class' stuff out to device/class.h 2019-12-16 10:11:14 +01:00
component.c component: do not dereference opaque pointer in debugfs 2020-01-14 16:10:14 +01:00
container.c
core.c driver core: Allow device link operations inside sync_state() 2019-11-15 10:06:54 +08:00
cpu.c x86/bugs: Add ITLB_MULTIHIT bug infrastructure 2019-11-04 12:22:01 +01:00
dd.c driver core: Print device when resources present in really_probe() 2020-01-14 16:14:48 +01:00
devcon.c Merge generic_lookup_helpers into usb-next 2019-09-03 17:11:07 +02:00
devcoredump.c devcoredump: fix typo in comment 2019-08-15 17:38:11 +02:00
devres.c drivers/base/devres: introduce devm_release_action() 2019-06-13 17:34:56 -10:00
devtmpfs.c Merge branch 'merge.nfs-fs_parse.1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-02-08 13:26:41 -08:00
driver.c device.h: move 'struct driver' stuff out to device/driver.h 2019-12-16 10:11:16 +01:00
firmware.c
hypervisor.c
init.c
isa.c
Kconfig kunit: building kunit as a module breaks allmodconfig 2020-01-10 14:36:37 -07:00
Makefile
map.c
memory.c mm/memory_hotplug: drop valid_start/valid_end from test_pages_in_a_zone() 2020-02-04 03:05:23 +00:00
module.c
node.c mm/vmstat: add helpers to get vmstat item names for each enum type 2019-12-04 19:44:11 -08:00
pinctrl.c
platform-msi.c
platform.c driver core: platform: fix u32 greater or equal to zero comparison 2020-01-22 15:27:11 +01:00
property.c device property: Add a function to obtain a node's prefix 2019-10-11 11:26:55 +02:00
soc.c base: soc: Handle custom soc information sysfs entries 2019-10-10 14:35:32 +02:00
swnode.c software node: remove separate handling of references 2019-12-03 11:46:20 +01:00
syscore.c treewide: Switch printk users from %pf and %pF to %ps and %pS, respectively 2019-04-09 14:19:06 +02:00
topology.c topology: Create core_cpus and die_cpus sysfs attributes 2019-05-23 10:08:34 +02:00
transport_class.c scsi: drivers: base: Propagate errors through the transport component 2020-01-15 22:55:37 -05:00