Bug #1735

invalid privilege" in firmware_get()

Added by Johannes.Hofmann about 4 years ago. Updated almost 4 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

firmware_get() in the recently ported subr_firmware.c causes a panic
when loading a firmware image.
The patch below fixes the issue:

diff --git a/sys/kern/subr_firmware.c b/sys/kern/subr_firmware.c
index 0cf58a8..b103e8f 100644
--- a/sys/kern/subr_firmware.c
+++ b/sys/kern/subr_firmware.c
@@ -321,7 +321,7 @@ firmware_get(const char *imagename)
*/
td = curthread;
if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 ||
- priv_check_cred(td->td_ucred, 0, 0)) {
+ priv_check_cred(td->td_ucred, PRIV_ROOT, 0)) {
lockmgr(&firmware_lock, LK_RELEASE);
kprintf("%s: insufficient privileges to "
"load firmware image %s\n", __func__, imagename);

History

#1 Updated by Johannes.Hofmann almost 4 years ago

Johannes Hofmann <> wrote:
> firmware_get() in the recently ported subr_firmware.c causes a panic
> when loading a firmware image.
> The patch below fixes the issue:
>
> diff --git a/sys/kern/subr_firmware.c b/sys/kern/subr_firmware.c
> index 0cf58a8..b103e8f 100644
> --- a/sys/kern/subr_firmware.c
> +++ b/sys/kern/subr_firmware.c
> @@ -321,7 +321,7 @@ firmware_get(const char *imagename)
> */
> td = curthread;
> if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 ||
> - priv_check_cred(td->td_ucred, 0, 0)) {
> + priv_check_cred(td->td_ucred, PRIV_ROOT, 0)) {
> lockmgr(&firmware_lock, LK_RELEASE);
> kprintf("%s: insufficient privileges to "
> "load firmware image %s\n", __func__, imagename);

After looking at the original code in FreeBSD, the following patch
seems more appropriate:

diff --git a/sys/kern/subr_firmware.c b/sys/kern/subr_firmware.c
index 79939c1..6d1b832 100644
--- a/sys/kern/subr_firmware.c
+++ b/sys/kern/subr_firmware.c
@@ -321,7 +321,7 @@ firmware_get(const char *imagename)
*/
td = curthread;
if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 ||
- priv_check_cred(td->td_ucred, 0, 0)) {
+ securelevel > 0) {
lockmgr(&firmware_lock, LK_RELEASE);
kprintf("%s: insufficient privileges to "
"load firmware image %s\n", __func__, imagename);

#2 Updated by swildner almost 4 years ago

Thanks, committed! -> c8e0b924d5136c97c1b3648c4b6a1d9cfeeb53bc

Also available in: Atom PDF