lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMRc=MeoWUaL_qvwL6bkpaVUvxh4x3ZN6V4UNQr+bjnLo3NubQ@mail.gmail.com>
Date:   Wed, 5 Aug 2020 20:14:28 +0200
From:   Bartosz Golaszewski <brgl@...ev.pl>
To:     Jean Delvare <jdelvare@...e.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Linux I2C <linux-i2c@...r.kernel.org>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: VAIO EEPROM support in at24

On Wed, Aug 5, 2020 at 4:36 PM Jean Delvare <jdelvare@...e.de> wrote:
>
> Hi Bartosz,
>
> On Tue, 17 Mar 2020 15:32:56 +0100, Bartosz Golaszewski wrote:
> > wt., 17 mar 2020 o 15:14 Jean Delvare <jdelvare@...e.de> napisaƂ(a):
> > > Before I start implementing the idea above, I would like to know if
> > > anyone objects to it, or has a better idea?
> >
> > Sounds good to me in general but isn't it something we could
> > generalize a bit more?
> >
> > For instance we could make at24_chip_data struct look something like this:
> >
> > struct at24_chip_data {
> >     u32 byte_len;
> >     u8 flags;
> >     struct resource masked;
> > };
> >
> > And we could introduce a new macro called AT24_CHIP_DATA_MASKED that
> > would automacially set the AT24_FLAG_MASKED_RANGE flag and take
> > another argument that would contain the address and size of the masked
> > register range (we'd put it into the "masked" resource)?
> >
> > Other ideas are welcome too. I just think that making it
> > SONY_VAIO-specific may be a bit limiting in the future.
>
> I finally found the time to give it a try. Here's what my (tested)
> prototype looks like:
>

Hi Jean,

this looks good at first glance.

> --- a/drivers/misc/eeprom/at24.c
> +++ b/drivers/misc/eeprom/at24.c
> @@ -8,9 +8,11 @@
>
>  #include <linux/acpi.h>
>  #include <linux/bitops.h>
> +#include <linux/capability.h>
>  #include <linux/delay.h>
>  #include <linux/i2c.h>
>  #include <linux/init.h>
> +#include <linux/ioport.h>
>  #include <linux/jiffies.h>
>  #include <linux/kernel.h>
>  #include <linux/mod_devicetable.h>
> @@ -38,6 +40,8 @@
>  #define AT24_FLAG_MAC          BIT(2)
>  /* Does not auto-rollover reads to the next slave address. */
>  #define AT24_FLAG_NO_RDROL     BIT(1)
> +/* Contains an area that should not be exposed to non-root users */
> +#define AT24_FLAG_MASKED_RANGE BIT(0)
>
>  /*
>   * I2C EEPROMs from most vendors are inexpensive and mostly interchangeable.
> @@ -87,6 +91,7 @@ struct at24_data {
>         u16 page_size;
>         u8 flags;
>
> +       struct resource masked;
>         struct nvmem_device *nvmem;
>         struct regulator *vcc_reg;
>
> @@ -121,6 +126,7 @@ MODULE_PARM_DESC(at24_write_timeout, "Ti
>  struct at24_chip_data {
>         u32 byte_len;
>         u8 flags;
> +       struct resource masked;
>  };
>
>  #define AT24_CHIP_DATA(_name, _len, _flags)                            \
> @@ -128,6 +134,16 @@ struct at24_chip_data {
>                 .byte_len = _len, .flags = _flags,                      \
>         }
>
> +#define AT24_CHIP_DATA_MASKED(_name, _len, _flags, _mstart, _mlen)     \
> +       static const struct at24_chip_data _name = {                    \
> +               .byte_len = _len,                                       \
> +               .flags = _flags | AT24_FLAG_MASKED_RANGE,               \
> +               .masked = {                                             \
> +                       .start = _mstart,                               \
> +                       .end = _mstart + _mlen - 1,                     \
> +               },                                                      \
> +       }
> +
>  /* needs 8 addresses as A0-A2 are ignored */
>  AT24_CHIP_DATA(at24_data_24c00, 128 / 8, AT24_FLAG_TAKE8ADDR);
>  /* old variants can't be handled with this generic entry! */
> @@ -144,6 +160,9 @@ AT24_CHIP_DATA(at24_data_24mac602, 64 /
>  /* spd is a 24c02 in memory DIMMs */
>  AT24_CHIP_DATA(at24_data_spd, 2048 / 8,
>         AT24_FLAG_READONLY | AT24_FLAG_IRUGO);
> +/* vaio is a 24c02 on some Sony laptops */
> +AT24_CHIP_DATA_MASKED(at24_data_vaio, 2048 / 8,
> +       AT24_FLAG_READONLY | AT24_FLAG_IRUGO, 0x00, 14);
>  AT24_CHIP_DATA(at24_data_24c04, 4096 / 8, 0);
>  AT24_CHIP_DATA(at24_data_24cs04, 16,
>         AT24_FLAG_SERIAL | AT24_FLAG_READONLY);
> @@ -177,6 +196,7 @@ static const struct i2c_device_id at24_i
>         { "24mac402",   (kernel_ulong_t)&at24_data_24mac402 },
>         { "24mac602",   (kernel_ulong_t)&at24_data_24mac602 },
>         { "spd",        (kernel_ulong_t)&at24_data_spd },
> +       { "eeprom-vaio",(kernel_ulong_t)&at24_data_vaio },
>         { "24c04",      (kernel_ulong_t)&at24_data_24c04 },
>         { "24cs04",     (kernel_ulong_t)&at24_data_24cs04 },
>         { "24c08",      (kernel_ulong_t)&at24_data_24c08 },
> @@ -389,6 +409,9 @@ static int at24_read(void *priv, unsigne
>         struct device *dev;
>         char *buf = val;
>         int ret;
> +       unsigned int orig_off = off;
> +       char *orig_buf = buf;
> +       size_t orig_count = count;
>
>         at24 = priv;
>         dev = at24_base_client_dev(at24);
> @@ -427,6 +450,15 @@ static int at24_read(void *priv, unsigne
>
>         pm_runtime_put(dev);
>
> +       if ((at24->flags & AT24_FLAG_MASKED_RANGE) && !capable(CAP_SYS_ADMIN)) {

Maybe use unlikely() here? It's not necessarily a hotpath but at least
it would be obvious it's a corner case.

> +               int i;
> +
> +               for (i = orig_off; i < orig_off + orig_count; i++) {
> +                       if (i >= at24->masked.start && i <= at24->masked.end)
> +                               orig_buf[i] = 0x00;
> +               }
> +       }
> +
>         return 0;
>  }
>
> @@ -654,6 +686,7 @@ static int at24_probe(struct i2c_client
>         at24->byte_len = byte_len;
>         at24->page_size = page_size;
>         at24->flags = flags;
> +       at24->masked = cdata->masked;
>         at24->num_addresses = num_addresses;
>         at24->offset_adj = at24_get_offset_adj(flags, byte_len);
>         at24->client[0].client = client;
>
> Comments welcome. I already have my own comments/questions:
>
> 1* Do we actually need to use a struct resource? With the current
>    requirements, that looks overkill to me. We really only need the
>    start and end offsets of the masked area (or start and length). Or
>    do you plan to ever support multiple masked ranges, and
>    resource.child would be used to daisy-chain these ranges? Personally
>    I would wait until the need exists.
>

Yes, since this change doesn't seem to commit to any stable ABI, I'd
say we can drop the reference to struct resource and possibly add it
in the future. This just was the first thing that came to mind when I
suggested it.

>    Note that if we would just store mstart and mlen in struct
>    at24_chip_data then we could even get rid of AT24_FLAG_MASKED_RANGE,
>    as mlen > 0 would imply a masked range.
>

Makes sense.

> 2* I chose the name "eeprom-vaio" because "vaio" would be too generic.
>    I'm open to suggestions if you don't like that name.
>

Are you sure there won't be any different models of vaio eeproms? How
about '24c02-vaio' or 'eeprom-vaio-24c02'?

> 3* at24_read() was pretty elegant before my changes, but with the need
>    to remember the original value of many parameters, it no longer is.
>    I'm considering rewriting it in a way that does not modify the
>    parameters needed to process the masked range, either as part of
>    this patch or as a subsequent clean-up patch. That would hopefully
>    make the code elegant again.
>

All clean-ups are welcome.

> 4* I made the masking active only for non-root users as this is what
>    the legacy eeprom driver was doing. I hope that's OK with you.
>

Yes, it's fine with me. If more fine-grained control is needed we can
probably extend it.

Bartosz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ