| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2015 10:02:24 +0000
From: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
To: Andrew Lunn <andrew@...n.ch>, GregKH <greg@...ah.com>,
maxime.ripard@...e-electrons.com, wsa@...-dreams.de,
broonie@...nel.org, vz@...ia.com
CC: afd@...com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/6] nvmem: Add flag to export NVMEM to root only
Hi Andrew,
Thanks for this patch.
On 08/12/15 14:05, Andrew Lunn wrote:
> Legacy AT24, AT25 EEPROMs are exported in sys so that only root can
> read the contents. The EEPROMs may contain sensitive information. Add
> a flag so the provide can indicate that NVMEM should also restrict
> access to root only.
>
> Signed-off-by: Andrew Lunn <andrew@...n.ch>
> ---
> drivers/nvmem/core.c | 57 ++++++++++++++++++++++++++++++++++++++++--
> include/linux/nvmem-provider.h | 1 +
> 2 files changed, 56 insertions(+), 2 deletions(-)
>
This patch as it is look Ok to me.
thanks,
srini
> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
> index 6fd4e5a5ef4a..4ccf03da6467 100644
> --- a/drivers/nvmem/core.c
> +++ b/drivers/nvmem/core.c
> @@ -155,6 +155,53 @@ static const struct attribute_group *nvmem_ro_dev_groups[] = {
> NULL,
> };
>
> +/* default read/write permissions, root only */
> +static struct bin_attribute bin_attr_rw_root_nvmem = {
> + .attr = {
> + .name = "nvmem",
> + .mode = S_IWUSR | S_IRUSR,
> + },
> + .read = bin_attr_nvmem_read,
> + .write = bin_attr_nvmem_write,
> +};
> +
> +static struct bin_attribute *nvmem_bin_rw_root_attributes[] = {
> + &bin_attr_rw_root_nvmem,
> + NULL,
> +};
> +
> +static const struct attribute_group nvmem_bin_rw_root_group = {
> + .bin_attrs = nvmem_bin_rw_root_attributes,
> +};
> +
> +static const struct attribute_group *nvmem_rw_root_dev_groups[] = {
> + &nvmem_bin_rw_root_group,
> + NULL,
> +};
> +
> +/* read only permission, root only */
> +static struct bin_attribute bin_attr_ro_root_nvmem = {
> + .attr = {
> + .name = "nvmem",
> + .mode = S_IRUSR,
> + },
> + .read = bin_attr_nvmem_read,
> +};
> +
> +static struct bin_attribute *nvmem_bin_ro_root_attributes[] = {
> + &bin_attr_ro_root_nvmem,
> + NULL,
> +};
> +
> +static const struct attribute_group nvmem_bin_ro_root_group = {
> + .bin_attrs = nvmem_bin_ro_root_attributes,
> +};
> +
> +static const struct attribute_group *nvmem_ro_root_dev_groups[] = {
> + &nvmem_bin_ro_root_group,
> + NULL,
> +};
> +
> static void nvmem_release(struct device *dev)
> {
> struct nvmem_device *nvmem = to_nvmem_device(dev);
> @@ -347,8 +394,14 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
> nvmem->read_only = of_property_read_bool(np, "read-only") |
> config->read_only;
>
> - nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups :
> - nvmem_rw_dev_groups;
> + if (config->root_only)
> + nvmem->dev.groups = nvmem->read_only ?
> + nvmem_ro_root_dev_groups :
> + nvmem_rw_root_dev_groups;
> + else
> + nvmem->dev.groups = nvmem->read_only ?
> + nvmem_ro_dev_groups :
> + nvmem_rw_dev_groups;
>
> device_initialize(&nvmem->dev);
>
> diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h
> index 0b68caff1b3c..d24fefa0c11d 100644
> --- a/include/linux/nvmem-provider.h
> +++ b/include/linux/nvmem-provider.h
> @@ -23,6 +23,7 @@ struct nvmem_config {
> const struct nvmem_cell_info *cells;
> int ncells;
> bool read_only;
> + bool root_only;
> };
>
> #if IS_ENABLED(CONFIG_NVMEM)
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists