| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fa04bca6-23c4-d5e9-c1dc-468bd9bcd8f9@linux.ibm.com>
Date: Tue, 31 Jan 2023 09:48:52 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Andrew Donnellan <ajd@...ux.ibm.com>,
linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Cc: ruscur@...sell.cc, bgray@...ux.ibm.com, nayna@...ux.ibm.com,
gcwilson@...ux.ibm.com, gjoyce@...ux.ibm.com, brking@...ux.ibm.com,
sudhakar@...ux.ibm.com, erichte@...ux.ibm.com,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
zohar@...ux.ibm.com, joel@....id.au, npiggin@...il.com
Subject: Re: [PATCH v5 05/25] powerpc/secvar: Warn and error if multiple
secvar ops are set
On 1/31/23 01:39, Andrew Donnellan wrote:
> From: Russell Currey <ruscur@...sell.cc>
>
> The secvar code only supports one consumer at a time.
>
> Multiple consumers aren't possible at this point in time, but we'd want
> it to be obvious if it ever could happen.
>
> Signed-off-by: Russell Currey <ruscur@...sell.cc>
> Co-developed-by: Andrew Donnellan <ajd@...ux.ibm.com>
> Signed-off-by: Andrew Donnellan <ajd@...ux.ibm.com>
>
> ---
>
> v4: Return an error and don't actually try to set secvar_operations if the
> warning is triggered (npiggin)
>
> v5: Drop "extern" to fix a checkpatch check (snowpatch)
> ---
> arch/powerpc/include/asm/secvar.h | 4 ++--
> arch/powerpc/kernel/secvar-ops.c | 8 ++++++--
> arch/powerpc/platforms/powernv/opal-secvar.c | 4 +---
> 3 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h
> index 07ba36f868a7..a2b5f2203dc5 100644
> --- a/arch/powerpc/include/asm/secvar.h
> +++ b/arch/powerpc/include/asm/secvar.h
> @@ -21,11 +21,11 @@ struct secvar_operations {
>
> #ifdef CONFIG_PPC_SECURE_BOOT
>
> -extern void set_secvar_ops(const struct secvar_operations *ops);
> +int set_secvar_ops(const struct secvar_operations *ops);
>
> #else
>
> -static inline void set_secvar_ops(const struct secvar_operations *ops) { }
> +static inline int set_secvar_ops(const struct secvar_operations *ops) { return 0; }
>
> #endif
>
> diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c
> index 6a29777d6a2d..9c8dd4e7c270 100644
> --- a/arch/powerpc/kernel/secvar-ops.c
> +++ b/arch/powerpc/kernel/secvar-ops.c
> @@ -8,10 +8,14 @@
>
> #include <linux/cache.h>
> #include <asm/secvar.h>
> +#include <asm/bug.h>
>
> -const struct secvar_operations *secvar_ops __ro_after_init;
> +const struct secvar_operations *secvar_ops __ro_after_init = NULL;
>
> -void set_secvar_ops(const struct secvar_operations *ops)
> +int set_secvar_ops(const struct secvar_operations *ops)
> {
> + if (WARN_ON_ONCE(secvar_ops))
> + return -1;
The calling function opal_secvar_probe() returns an errno (-ENODEV for example). Return also an errno here?
> secvar_ops = ops;
> + return 0;
> }
> diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c
> index ef89861569e0..4c0a3b030fe0 100644
> --- a/arch/powerpc/platforms/powernv/opal-secvar.c
> +++ b/arch/powerpc/platforms/powernv/opal-secvar.c
> @@ -113,9 +113,7 @@ static int opal_secvar_probe(struct platform_device *pdev)
> return -ENODEV;
This is the errno.
> }
>
> - set_secvar_ops(&opal_secvar_ops);
> -
> - return 0;
> + return set_secvar_ops(&opal_secvar_ops);
Stefan
Powered by blists - more mailing lists