| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1455837462-26750-2-git-send-email-andrew@lunn.ch>
Date: Fri, 19 Feb 2016 00:17:36 +0100
From: Andrew Lunn <andrew@...n.ch>
To: srinivas.kandagatla@...aro.org
Cc: GregKH <greg@...ah.com>, maxime.ripard@...e-electrons.com,
wsa@...-dreams.de, broonie@...nel.org, vz@...ia.com,
linux-kernel@...r.kernel.org, pantelis.antoniou@...sulko.com,
bgolaszewski@...libre.com, Andrew Lunn <andrew@...n.ch>
Subject: [PATCHv6 1/7] nvmem: Add flag to export NVMEM to root only
Legacy AT24, AT25 EEPROMs are exported in sys so that only root can
read the contents. The EEPROMs may contain sensitive information. Add
a flag so the provide can indicate that NVMEM should also restrict
access to root only.
Signed-off-by: Andrew Lunn <andrew@...n.ch>
---
drivers/nvmem/core.c | 57 ++++++++++++++++++++++++++++++++++++++++--
include/linux/nvmem-provider.h | 1 +
2 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 6fd4e5a5ef4a..4ccf03da6467 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -155,6 +155,53 @@ static const struct attribute_group *nvmem_ro_dev_groups[] = {
NULL,
};
+/* default read/write permissions, root only */
+static struct bin_attribute bin_attr_rw_root_nvmem = {
+ .attr = {
+ .name = "nvmem",
+ .mode = S_IWUSR | S_IRUSR,
+ },
+ .read = bin_attr_nvmem_read,
+ .write = bin_attr_nvmem_write,
+};
+
+static struct bin_attribute *nvmem_bin_rw_root_attributes[] = {
+ &bin_attr_rw_root_nvmem,
+ NULL,
+};
+
+static const struct attribute_group nvmem_bin_rw_root_group = {
+ .bin_attrs = nvmem_bin_rw_root_attributes,
+};
+
+static const struct attribute_group *nvmem_rw_root_dev_groups[] = {
+ &nvmem_bin_rw_root_group,
+ NULL,
+};
+
+/* read only permission, root only */
+static struct bin_attribute bin_attr_ro_root_nvmem = {
+ .attr = {
+ .name = "nvmem",
+ .mode = S_IRUSR,
+ },
+ .read = bin_attr_nvmem_read,
+};
+
+static struct bin_attribute *nvmem_bin_ro_root_attributes[] = {
+ &bin_attr_ro_root_nvmem,
+ NULL,
+};
+
+static const struct attribute_group nvmem_bin_ro_root_group = {
+ .bin_attrs = nvmem_bin_ro_root_attributes,
+};
+
+static const struct attribute_group *nvmem_ro_root_dev_groups[] = {
+ &nvmem_bin_ro_root_group,
+ NULL,
+};
+
static void nvmem_release(struct device *dev)
{
struct nvmem_device *nvmem = to_nvmem_device(dev);
@@ -347,8 +394,14 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
nvmem->read_only = of_property_read_bool(np, "read-only") |
config->read_only;
- nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups :
- nvmem_rw_dev_groups;
+ if (config->root_only)
+ nvmem->dev.groups = nvmem->read_only ?
+ nvmem_ro_root_dev_groups :
+ nvmem_rw_root_dev_groups;
+ else
+ nvmem->dev.groups = nvmem->read_only ?
+ nvmem_ro_dev_groups :
+ nvmem_rw_dev_groups;
device_initialize(&nvmem->dev);
diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h
index 0b68caff1b3c..d24fefa0c11d 100644
--- a/include/linux/nvmem-provider.h
+++ b/include/linux/nvmem-provider.h
@@ -23,6 +23,7 @@ struct nvmem_config {
const struct nvmem_cell_info *cells;
int ncells;
bool read_only;
+ bool root_only;
};
#if IS_ENABLED(CONFIG_NVMEM)
--
2.7.0
Powered by blists - more mailing lists