lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aac15eb0-ca25-5012-6346-86a89ec461ac@linux.ibm.com>
Date:   Tue, 31 Jan 2023 10:49:35 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     Andrew Donnellan <ajd@...ux.ibm.com>,
        linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Cc:     ruscur@...sell.cc, bgray@...ux.ibm.com, nayna@...ux.ibm.com,
        gcwilson@...ux.ibm.com, gjoyce@...ux.ibm.com, brking@...ux.ibm.com,
        sudhakar@...ux.ibm.com, erichte@...ux.ibm.com,
        gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
        zohar@...ux.ibm.com, joel@....id.au, npiggin@...il.com
Subject: Re: [PATCH v5 10/25] powerpc/secvar: Extend sysfs to include config
 vars



On 1/31/23 01:39, Andrew Donnellan wrote:
> From: Russell Currey <ruscur@...sell.cc>
> 
> The forthcoming pseries consumer of the secvar API wants to expose a
> number of config variables.  Allowing secvar implementations to provide
> their own sysfs attributes makes it easy for consumers to expose what
> they need to.
> 
> This is not being used by the OPAL secvar implementation at present, and
> the config directory will not be created if no attributes are set.
> 
> Signed-off-by: Russell Currey <ruscur@...sell.cc>
> Co-developed-by: Andrew Donnellan <ajd@...ux.ibm.com>
> Signed-off-by: Andrew Donnellan <ajd@...ux.ibm.com>

Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>

> 
> ---
> 
> v3: Remove unnecessary "secvar:" prefix from error messages (ajd)
> 
>      Merge config attributes into secvar_operations (mpe)
> ---
>   arch/powerpc/include/asm/secvar.h  |  2 ++
>   arch/powerpc/kernel/secvar-sysfs.c | 33 +++++++++++++++++++++++++-----
>   2 files changed, 30 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h
> index bf396215903d..011a53a8076c 100644
> --- a/arch/powerpc/include/asm/secvar.h
> +++ b/arch/powerpc/include/asm/secvar.h
> @@ -10,6 +10,7 @@
>   
>   #include <linux/types.h>
>   #include <linux/errno.h>
> +#include <linux/sysfs.h>
>   
>   extern const struct secvar_operations *secvar_ops;
>   
> @@ -19,6 +20,7 @@ struct secvar_operations {
>   	int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size);
>   	ssize_t (*format)(char *buf, size_t bufsize);
>   	int (*max_size)(u64 *max_size);
> +	const struct attribute **config_attrs;
>   };
>   
>   #ifdef CONFIG_PPC_SECURE_BOOT
> diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c
> index 8f3deff94009..7df32be86507 100644
> --- a/arch/powerpc/kernel/secvar-sysfs.c
> +++ b/arch/powerpc/kernel/secvar-sysfs.c
> @@ -144,6 +144,19 @@ static int update_kobj_size(void)
>   	return 0;
>   }
>   
> +static int secvar_sysfs_config(struct kobject *kobj)
> +{
> +	struct attribute_group config_group = {
> +		.name = "config",
> +		.attrs = (struct attribute **)secvar_ops->config_attrs,
> +	};
> +
> +	if (secvar_ops->config_attrs)
> +		return sysfs_create_group(kobj, &config_group);
> +
> +	return 0;
> +}
> +
>   static int secvar_sysfs_load(void)
>   {
>   	struct kobject *kobj;
> @@ -208,26 +221,36 @@ static int secvar_sysfs_init(void)
>   
>   	rc = sysfs_create_file(secvar_kobj, &format_attr.attr);
>   	if (rc) {
> -		kobject_put(secvar_kobj);
> -		return -ENOMEM;
> +		pr_err("Failed to create format object\n");
> +		rc = -ENOMEM;
> +		goto err;
>   	}
>   
>   	secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj);
>   	if (!secvar_kset) {
>   		pr_err("sysfs kobject registration failed\n");
> -		kobject_put(secvar_kobj);
> -		return -ENOMEM;
> +		rc = -ENOMEM;
> +		goto err;
>   	}
>   
>   	rc = update_kobj_size();
>   	if (rc) {
>   		pr_err("Cannot read the size of the attribute\n");
> -		return rc;
> +		goto err;
> +	}
> +
> +	rc = secvar_sysfs_config(secvar_kobj);
> +	if (rc) {
> +		pr_err("Failed to create config directory\n");
> +		goto err;
>   	}
>   
>   	secvar_sysfs_load();
>   
>   	return 0;
> +err:
> +	kobject_put(secvar_kobj);
> +	return rc;
>   }
>   
>   late_initcall(secvar_sysfs_init);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ