firmware: improve LSM/IMA security behaviour

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The firmware loader queries if LSM/IMA permits it to load firmware
via the sysfs fallback. Unfortunately, the code does the opposite:
it expressly permits sysfs fw loading if security_kernel_load_data(
LOADING_FIRMWARE) returns -EACCES. This happens because a
zero-on-success return value is cast to a bool that's true on success.

Fix the return value handling so we get the correct behaviour.

Fixes: 6e852651f28e ("firmware: add call to LSM hook before firmware sysfs fallback")
Cc: Stable <stable@vger.kernel.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Kees Cook <keescook@chromium.org>
To: Luis Chamberlain <mcgrof@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Sven Van Asbroeck and committed by

Greg Kroah-Hartman 6 years ago 2472d64a 5669245b

+1 -1

1 changed file

expand all

drivers

base

firmware_loader

fallback.c

+1 -1

drivers/base/firmware_loader/fallback.c

··· 659 659 /* Also permit LSMs and IMA to fail firmware sysfs fallback */ 660 660 ret = security_kernel_load_data(LOADING_FIRMWARE); 661 661 if (ret < 0) 662 - return ret; 662 + return false; 663 663 664 664 return fw_force_sysfs_fallback(opt_flags); 665 665 }