lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a991c60c5c10a37cc0385663705e8b39d8e23c09.camel@linux.vnet.ibm.com>
Date:   Thu, 19 Jan 2023 15:18:33 -0600
From:   Greg Joyce <gjoyce@...ux.vnet.ibm.com>
To:     Andrew Donnellan <ajd@...ux.ibm.com>,
        linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Cc:     gregkh@...uxfoundation.org, gcwilson@...ux.ibm.com,
        linux-kernel@...r.kernel.org, nayna@...ux.ibm.com,
        ruscur@...sell.cc, zohar@...ux.ibm.com, mpe@...erman.id.au,
        gjoyce@...ux.ibm.com, sudhakar@...ux.ibm.com, bgray@...ux.ibm.com,
        erichte@...ux.ibm.com
Subject: Re: [PATCH v3 05/24] powerpc/secvar: Handle max object size in the
 consumer

On Wed, 2023-01-18 at 17:10 +1100, Andrew Donnellan wrote:
> From: Russell Currey <ruscur@...sell.cc>
> 
> Currently the max object size is handled in the core secvar code with
> an
> entirely OPAL-specific implementation, so create a new max_size() op
> and
> move the existing implementation into the powernv platform.  Should
> be
> no functional change.
> 
> Signed-off-by: Russell Currey <ruscur@...sell.cc>
> Signed-off-by: Andrew Donnellan <ajd@...ux.ibm.com>
> 
> ---
> 
> v3: Change uint64_t type to u64 (mpe)
> ---
>  arch/powerpc/include/asm/secvar.h            |  1 +
>  arch/powerpc/kernel/secvar-sysfs.c           | 17 +++--------------
>  arch/powerpc/platforms/powernv/opal-secvar.c | 19
> +++++++++++++++++++
>  3 files changed, 23 insertions(+), 14 deletions(-)
> 
> diff --git a/arch/powerpc/include/asm/secvar.h
> b/arch/powerpc/include/asm/secvar.h
> index 8b6475589120..b2cb9bb7c540 100644
> --- a/arch/powerpc/include/asm/secvar.h
> +++ b/arch/powerpc/include/asm/secvar.h
> @@ -20,6 +20,7 @@ struct secvar_operations {
>  	int (*get_next)(const char *key, u64 *key_len, u64 keybufsize);
>  	int (*set)(const char *key, u64 key_len, u8 *data, u64
> data_size);
>  	ssize_t (*format)(char *buf);
> +	int (*max_size)(u64 *max_size);
>  };
>  
>  #ifdef CONFIG_PPC_SECURE_BOOT
> diff --git a/arch/powerpc/kernel/secvar-sysfs.c
> b/arch/powerpc/kernel/secvar-sysfs.c
> index d3858eedd72c..031ef37bca99 100644
> --- a/arch/powerpc/kernel/secvar-sysfs.c
> +++ b/arch/powerpc/kernel/secvar-sysfs.c
> @@ -128,27 +128,16 @@ static struct kobj_type secvar_ktype = {
>  static int update_kobj_size(void)
>  {
>  
> -	struct device_node *node;
>  	u64 varsize;
> -	int rc = 0;
> +	int rc = secvar_ops->max_size(&varsize);
>  
> -	node = of_find_compatible_node(NULL, NULL, "ibm,secvar-
> backend");
> -	if (!of_device_is_available(node)) {
> -		rc = -ENODEV;
> -		goto out;
> -	}
> -
> -	rc = of_property_read_u64(node, "max-var-size", &varsize);
>  	if (rc)
> -		goto out;
> +		return rc;
>  
>  	data_attr.size = varsize;
>  	update_attr.size = varsize;
>  
> -out:
> -	of_node_put(node);
> -
> -	return rc;
> +	return 0;
>  }
>  
>  static int secvar_sysfs_load(void)
> diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c
> b/arch/powerpc/platforms/powernv/opal-secvar.c
> index 623c6839e66c..c9b9fd3730df 100644
> --- a/arch/powerpc/platforms/powernv/opal-secvar.c
> +++ b/arch/powerpc/platforms/powernv/opal-secvar.c
> @@ -122,11 +122,30 @@ static ssize_t opal_secvar_format(char *buf)
>  	return rc;
>  }
>  
> +static int opal_secvar_max_size(u64 *max_size)
> +{
> +	int rc;
> +	struct device_node *node;
> +
> +	node = of_find_compatible_node(NULL, NULL, "ibm,secvar-
> backend");

I assume that node could be NULL and this code relies on
of_device_is_available() and of_node_put() checking for a NULL node
pointer? Would it be safer just to return -ENODEV if node is NULL?

> +	if (!of_device_is_available(node)) {
> +		rc = -ENODEV;
> +		goto out;
> +	}
> +
> +	rc = of_property_read_u64(node, "max-var-size", max_size);
> +
> +out:
> +	of_node_put(node);
> +	return rc;
> +}
> +
>  static const struct secvar_operations opal_secvar_ops = {
>  	.get = opal_get_variable,
>  	.get_next = opal_get_next_variable,
>  	.set = opal_set_variable,
>  	.format = opal_secvar_format,
> +	.max_size = opal_secvar_max_size,
>  };
>  
>  static int opal_secvar_probe(struct platform_device *pdev)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ