17 Jun
2019
17 Jun
'19
6:34 p.m.
On Mon, 2019-06-17 at 14:23 -0400, Sven Van Asbroeck wrote:
The firmware loader queries if LSM/IMA permits it to load firmware via the sysfs fallback. Unfortunately, the code does the opposite: it expressly permits sysfs fw loading if security_kernel_load_data( LOADING_FIRMWARE) returns -EACCES. This happens because a zero-on-success return value is cast to a bool that's true on success.
Fix the return value handling so we get the correct behaviour.
Reviewed-by: Mimi Zohar zohar@linux.ibm.com