lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fa04bca6-23c4-d5e9-c1dc-468bd9bcd8f9@linux.ibm.com>
Date:   Tue, 31 Jan 2023 09:48:52 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     Andrew Donnellan <ajd@...ux.ibm.com>,
        linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Cc:     ruscur@...sell.cc, bgray@...ux.ibm.com, nayna@...ux.ibm.com,
        gcwilson@...ux.ibm.com, gjoyce@...ux.ibm.com, brking@...ux.ibm.com,
        sudhakar@...ux.ibm.com, erichte@...ux.ibm.com,
        gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
        zohar@...ux.ibm.com, joel@....id.au, npiggin@...il.com
Subject: Re: [PATCH v5 05/25] powerpc/secvar: Warn and error if multiple
 secvar ops are set



On 1/31/23 01:39, Andrew Donnellan wrote:
> From: Russell Currey <ruscur@...sell.cc>
> 
> The secvar code only supports one consumer at a time.
> 
> Multiple consumers aren't possible at this point in time, but we'd want
> it to be obvious if it ever could happen.
> 
> Signed-off-by: Russell Currey <ruscur@...sell.cc>
> Co-developed-by: Andrew Donnellan <ajd@...ux.ibm.com>
> Signed-off-by: Andrew Donnellan <ajd@...ux.ibm.com>
> 
> ---
> 
> v4: Return an error and don't actually try to set secvar_operations if the
>      warning is triggered (npiggin)
> 
> v5: Drop "extern" to fix a checkpatch check (snowpatch)
> ---
>   arch/powerpc/include/asm/secvar.h            | 4 ++--
>   arch/powerpc/kernel/secvar-ops.c             | 8 ++++++--
>   arch/powerpc/platforms/powernv/opal-secvar.c | 4 +---
>   3 files changed, 9 insertions(+), 7 deletions(-)
> 
> diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h
> index 07ba36f868a7..a2b5f2203dc5 100644
> --- a/arch/powerpc/include/asm/secvar.h
> +++ b/arch/powerpc/include/asm/secvar.h
> @@ -21,11 +21,11 @@ struct secvar_operations {
>   
>   #ifdef CONFIG_PPC_SECURE_BOOT
>   
> -extern void set_secvar_ops(const struct secvar_operations *ops);
> +int set_secvar_ops(const struct secvar_operations *ops);
>   
>   #else
>   
> -static inline void set_secvar_ops(const struct secvar_operations *ops) { }
> +static inline int set_secvar_ops(const struct secvar_operations *ops) { return 0; }
>   
>   #endif
>   
> diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c
> index 6a29777d6a2d..9c8dd4e7c270 100644
> --- a/arch/powerpc/kernel/secvar-ops.c
> +++ b/arch/powerpc/kernel/secvar-ops.c
> @@ -8,10 +8,14 @@
>   
>   #include <linux/cache.h>
>   #include <asm/secvar.h>
> +#include <asm/bug.h>
>   
> -const struct secvar_operations *secvar_ops __ro_after_init;
> +const struct secvar_operations *secvar_ops __ro_after_init = NULL;
>   
> -void set_secvar_ops(const struct secvar_operations *ops)
> +int set_secvar_ops(const struct secvar_operations *ops)
>   {
> +	if (WARN_ON_ONCE(secvar_ops))
> +		return -1;

The calling function  opal_secvar_probe() returns an errno (-ENODEV for example). Return also an errno here?

>   	secvar_ops = ops;
> +	return 0;
>   }
> diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c
> index ef89861569e0..4c0a3b030fe0 100644
> --- a/arch/powerpc/platforms/powernv/opal-secvar.c
> +++ b/arch/powerpc/platforms/powernv/opal-secvar.c
> @@ -113,9 +113,7 @@ static int opal_secvar_probe(struct platform_device *pdev)
>   		return -ENODEV;


This is the errno.
>   	}
>   
> -	set_secvar_ops(&opal_secvar_ops);
> -
> -	return 0;
> +	return set_secvar_ops(&opal_secvar_ops);

    Stefan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ