mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-04 08:08:54 +00:00
Code Issues Releases Wiki Activity
linux-stable/tools
History
Topi Miettinen 901cff7cb9 firmware_loader: load files from the mount namespace of init 
I have an experimental setup where almost every possible system
service (even early startup ones) runs in separate namespace, using a
dedicated, minimal file system. In process of minimizing the contents
of the file systems with regards to modules and firmware files, I
noticed that in my system, the firmware files are loaded from three
different mount namespaces, those of systemd-udevd, init and
systemd-networkd. The logic of the source namespace is not very clear,
it seems to depend on the driver, but the namespace of the current
process is used.

So, this patch tries to make things a bit clearer and changes the
loading of firmware files only from the mount namespace of init. This
may also improve security, though I think that using firmware files as
attack vector could be too impractical anyway.

Later, it might make sense to make the mount namespace configurable,
for example with a new file in /proc/sys/kernel/firmware_config/. That
would allow a dedicated file system only for firmware files and those
need not be present anywhere else. This configurability would make
more sense if made also for kernel modules and /sbin/modprobe. Modules
are already loaded from init namespace (usermodehelper uses kthreadd
namespace) except when directly loaded by systemd-udevd.

Instead of using the mount namespace of the current process to load
firmware files, use the mount namespace of init process.

Link: https://lore.kernel.org/lkml/bb46ebae-4746-90d9-ec5b-fce4c9328c86@gmail.com/
Link: https://lore.kernel.org/lkml/0e3f7653-c59d-9341-9db2-c88f5b988c68@gmail.com/
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Link: https://lore.kernel.org/r/20200123125839.37168-1-toiwoton@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-02-10 15:39:28 -08:00
..
accounting
arch Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-01-31 11:05:33 -08:00
bootconfig tools/bootconfig: Show the number of bootconfig nodes 2020-02-05 17:17:05 -05:00
bpf bpftool: Don't crash on missing xlated program instructions 2020-02-07 22:29:45 +01:00
build perf/ui/gtk: Fix gtk2 build 2020-01-14 12:40:33 -03:00
cgroup iocost: Fix iocost_monitor.py due to helper type mismatch 2020-01-17 11:54:35 -08:00
debugging
firewire
firmware
gpio
hv Tools: hv: Reopen the devices if read() or write() returns errors 2020-01-26 22:10:10 -05:00
iio
include bitops: more BITS_TO_* macros 2020-02-04 03:05:26 +00:00
io_uring
kvm/kvm_stat tools/kvm_stat: Fix kvm_exit filter name 2020-01-23 09:51:06 +01:00
laptop
leds
lib Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-01-28 16:02:33 -08:00
memory-model
nfsd
objtool objtool: Fix ARCH=x86_64 build error 2020-01-22 07:54:57 +01:00
pci
pcmcia
perf perf/core improvements and fixes: 2020-02-05 08:44:40 +01:00
power More power manadement updates for 5.6-rc1 2020-01-31 14:36:35 -08:00
scripts
spi
testing firmware_loader: load files from the mount namespace of init 2020-02-10 15:39:28 -08:00
thermal/tmon
time
usb usbip: Fix unsafe unaligned pointer usage 2020-01-09 16:44:26 +01:00
virtio
vm tools/vm/slabinfo: fix sanity checks enabling 2020-01-31 10:30:38 -08:00
wmi
Makefile tools: bootconfig: Add bootconfig command 2020-01-13 13:19:39 -05:00