Re: "invalid privilege" in firmware_get()

Johannes Hofmann Sun, 25 Apr 2010 13:47:40 -0700

Johannes Hofmann <[email protected]> wrote:
> firmware_get() in the recently ported subr_firmware.c causes a panic
> when loading a firmware image.
> The patch below fixes the issue:
> 
> diff --git a/sys/kern/subr_firmware.c b/sys/kern/subr_firmware.c
> index 0cf58a8..b103e8f 100644
> --- a/sys/kern/subr_firmware.c
> +++ b/sys/kern/subr_firmware.c
> @@ -321,7 +321,7 @@ firmware_get(const char *imagename)
>         */
>        td = curthread;
>        if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 ||
> -           priv_check_cred(td->td_ucred, 0, 0)) {
> +           priv_check_cred(td->td_ucred, PRIV_ROOT, 0)) {
>                lockmgr(&firmware_lock, LK_RELEASE);
>                kprintf("%s: insufficient privileges to "
>                    "load firmware image %s\n", __func__, imagename);


After looking at the original code in FreeBSD, the following patch
seems more appropriate:

diff --git a/sys/kern/subr_firmware.c b/sys/kern/subr_firmware.c
index 79939c1..6d1b832 100644
--- a/sys/kern/subr_firmware.c
+++ b/sys/kern/subr_firmware.c
@@ -321,7 +321,7 @@ firmware_get(const char *imagename)
         */
        td = curthread;
        if (priv_check(td, PRIV_FIRMWARE_LOAD) != 0 ||
-           priv_check_cred(td->td_ucred, 0, 0)) {
+           securelevel > 0) {
                lockmgr(&firmware_lock, LK_RELEASE);
                kprintf("%s: insufficient privileges to "
                    "load firmware image %s\n", __func__, imagename);

Re: "invalid privilege" in firmware_get()

Reply via email to