Re: [PATCH] firmware: Fix security issue with request_firmware_into_buf()

On 2018-08-02 14:58, Luis Chamberlain wrote: On Wed, Aug 1, 2018, 4:26 PM Rishabh Bhatnagar wrote: When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is lo

Re: [PATCH] firmware: Fix security issue with request_firmware_into_buf()

On Wed, Aug 1, 2018, 4:26 PM Rishabh Bhatnagar wrote: > When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag > it is expected that firmware is loaded into buffer from memory. > But inside alloc_lookup_fw_priv every new firmware that is loaded is > added to the firmware cache (fwc

[PATCH] firmware: Fix security issue with request_firmware_into_buf()

When calling request_firmware_into_buf() with the FW_OPT_NOCACHE flag it is expected that firmware is loaded into buffer from memory. But inside alloc_lookup_fw_priv every new firmware that is loaded is added to the firmware cache (fwc) list head. So if any driver requests a firmware that is alread