| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jan 2021 14:59:20 -0800
From: Russ Weight <russell.h.weight@...el.com>
To: mdf@...nel.org, linux-fpga@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: trix@...hat.com, lgoncalv@...hat.com, yilun.xu@...el.com,
hao.wu@...el.com, matthew.gerlach@...el.com,
Russ Weight <russell.h.weight@...el.com>
Subject: [PATCH v9 3/7] fpga: sec-mgr: expose sec-mgr update status
Extend the FPGA Security Manager class driver to
include an update/status sysfs node that can be polled
and read to monitor the progress of an ongoing secure
update. Sysfs_notify() is used to signal transitions
between different phases of the update process.
Signed-off-by: Russ Weight <russell.h.weight@...el.com>
Reviewed-by: Tom Rix <trix@...hat.com>
---
v9:
- Updated Date and KernelVersion in ABI documentation
v8:
- No change
v7:
- Changed Date in documentation file to December 2020
v6:
- No change
v5:
- Use new function sysfs_emit() in the status_show() function
v4:
- Changed from "Intel FPGA Security Manager" to FPGA Security Manager"
and removed unnecessary references to "Intel".
- Changed: iops -> sops, imgr -> smgr, IFPGA_ -> FPGA_, ifpga_ to fpga_
v3:
- Use a local variable to read progress once in status_show()
- Use dev_err to report invalid progress status
v2:
- Bumped documentation date and version
- Changed progress state "read_file" to "reading"
---
.../ABI/testing/sysfs-class-fpga-sec-mgr | 11 +++++
drivers/fpga/fpga-sec-mgr.c | 42 +++++++++++++++++--
2 files changed, 49 insertions(+), 4 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr b/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr
index d5839fbcd71b..703e123a1d42 100644
--- a/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr
+++ b/Documentation/ABI/testing/sysfs-class-fpga-sec-mgr
@@ -16,3 +16,14 @@ Description: Write only. Write the filename of an image
BMC images, BMC firmware, Static Region images,
and Root Entry Hashes, and to cancel Code Signing
Keys (CSK).
+
+What: /sys/class/fpga_sec_mgr/fpga_secX/update/status
+Date: January 2021
+KernelVersion: 5.12
+Contact: Russ Weight <russell.h.weight@...el.com>
+Description: Read-only. Returns a string describing the current
+ status of an update. The string will be one of the
+ following: idle, reading, preparing, writing,
+ programming. Userspace code can poll on this file,
+ as it will be signaled by sysfs_notify() on each
+ state change.
diff --git a/drivers/fpga/fpga-sec-mgr.c b/drivers/fpga/fpga-sec-mgr.c
index 7347ba1ba73e..dd60014b7511 100644
--- a/drivers/fpga/fpga-sec-mgr.c
+++ b/drivers/fpga/fpga-sec-mgr.c
@@ -25,6 +25,13 @@ struct fpga_sec_mgr_devres {
#define to_sec_mgr(d) container_of(d, struct fpga_sec_mgr, dev)
+static void update_progress(struct fpga_sec_mgr *smgr,
+ enum fpga_sec_prog new_progress)
+{
+ smgr->progress = new_progress;
+ sysfs_notify(&smgr->dev.kobj, "update", "status");
+}
+
static void fpga_sec_dev_error(struct fpga_sec_mgr *smgr,
enum fpga_sec_err err_code)
{
@@ -35,7 +42,7 @@ static void fpga_sec_dev_error(struct fpga_sec_mgr *smgr,
static void progress_complete(struct fpga_sec_mgr *smgr)
{
mutex_lock(&smgr->lock);
- smgr->progress = FPGA_SEC_PROG_IDLE;
+ update_progress(smgr, FPGA_SEC_PROG_IDLE);
complete_all(&smgr->update_done);
mutex_unlock(&smgr->lock);
}
@@ -63,14 +70,14 @@ static void fpga_sec_mgr_update(struct work_struct *work)
goto release_fw_exit;
}
- smgr->progress = FPGA_SEC_PROG_PREPARING;
+ update_progress(smgr, FPGA_SEC_PROG_PREPARING);
ret = smgr->sops->prepare(smgr);
if (ret != FPGA_SEC_ERR_NONE) {
fpga_sec_dev_error(smgr, ret);
goto modput_exit;
}
- smgr->progress = FPGA_SEC_PROG_WRITING;
+ update_progress(smgr, FPGA_SEC_PROG_WRITING);
size = smgr->remaining_size;
while (size) {
blk_size = min_t(u32, size, WRITE_BLOCK_SIZE);
@@ -85,7 +92,7 @@ static void fpga_sec_mgr_update(struct work_struct *work)
offset += blk_size;
}
- smgr->progress = FPGA_SEC_PROG_PROGRAMMING;
+ update_progress(smgr, FPGA_SEC_PROG_PROGRAMMING);
ret = smgr->sops->poll_complete(smgr);
if (ret != FPGA_SEC_ERR_NONE)
fpga_sec_dev_error(smgr, ret);
@@ -113,6 +120,32 @@ static void fpga_sec_mgr_update(struct work_struct *work)
progress_complete(smgr);
}
+static const char * const sec_mgr_prog_str[] = {
+ "idle", /* FPGA_SEC_PROG_IDLE */
+ "reading", /* FPGA_SEC_PROG_READING */
+ "preparing", /* FPGA_SEC_PROG_PREPARING */
+ "writing", /* FPGA_SEC_PROG_WRITING */
+ "programming" /* FPGA_SEC_PROG_PROGRAMMING */
+};
+
+static ssize_t
+status_show(struct device *dev, struct device_attribute *attr, char *buf)
+{
+ struct fpga_sec_mgr *smgr = to_sec_mgr(dev);
+ const char *status = "unknown-status";
+ enum fpga_sec_prog progress;
+
+ progress = smgr->progress;
+ if (progress < FPGA_SEC_PROG_MAX)
+ status = sec_mgr_prog_str[progress];
+ else
+ dev_err(dev, "Invalid status during secure update: %d\n",
+ progress);
+
+ return sysfs_emit(buf, "%s\n", status);
+}
+static DEVICE_ATTR_RO(status);
+
static ssize_t filename_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
@@ -147,6 +180,7 @@ static DEVICE_ATTR_WO(filename);
static struct attribute *sec_mgr_update_attrs[] = {
&dev_attr_filename.attr,
+ &dev_attr_status.attr,
NULL,
};
--
2.25.1
Powered by blists - more mailing lists