| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d8d2e5de-54bc-b7c9-a2e7-44b95cd28bb7@linux.ibm.com>
Date: Fri, 10 Feb 2023 15:51:34 -0500
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Andrew Donnellan <ajd@...ux.ibm.com>,
linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Cc: ruscur@...sell.cc, bgray@...ux.ibm.com, nayna@...ux.ibm.com,
gcwilson@...ux.ibm.com, gjoyce@...ux.ibm.com, brking@...ux.ibm.com,
sudhakar@...ux.ibm.com, erichte@...ux.ibm.com,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
zohar@...ux.ibm.com, joel@....id.au, npiggin@...il.com
Subject: Re: [PATCH v6 05/26] powerpc/secvar: Warn and error if multiple
secvar ops are set
On 2/10/23 03:03, Andrew Donnellan wrote:
> From: Russell Currey <ruscur@...sell.cc>
>
> The secvar code only supports one consumer at a time.
>
> Multiple consumers aren't possible at this point in time, but we'd want
> it to be obvious if it ever could happen.
>
> Signed-off-by: Russell Currey <ruscur@...sell.cc>
> Co-developed-by: Andrew Donnellan <ajd@...ux.ibm.com>
> Signed-off-by: Andrew Donnellan <ajd@...ux.ibm.com>
>
> ---
>
> v4: Return an error and don't actually try to set secvar_operations if the
> warning is triggered (npiggin)
>
> v5: Drop "extern" to fix a checkpatch check (snowpatch)
>
> v6: Return -EBUSY rather than -1 (stefanb)
> ---
> arch/powerpc/include/asm/secvar.h | 4 ++--
> arch/powerpc/kernel/secvar-ops.c | 10 ++++++++--
> arch/powerpc/platforms/powernv/opal-secvar.c | 4 +---
> 3 files changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h
> index 07ba36f868a7..a2b5f2203dc5 100644
> --- a/arch/powerpc/include/asm/secvar.h
> +++ b/arch/powerpc/include/asm/secvar.h
> @@ -21,11 +21,11 @@ struct secvar_operations {
>
> #ifdef CONFIG_PPC_SECURE_BOOT
>
> -extern void set_secvar_ops(const struct secvar_operations *ops);
> +int set_secvar_ops(const struct secvar_operations *ops);
>
> #else
>
> -static inline void set_secvar_ops(const struct secvar_operations *ops) { }
> +static inline int set_secvar_ops(const struct secvar_operations *ops) { return 0; }
>
> #endif
>
> diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c
> index 6a29777d6a2d..19172a2804f0 100644
> --- a/arch/powerpc/kernel/secvar-ops.c
> +++ b/arch/powerpc/kernel/secvar-ops.c
> @@ -8,10 +8,16 @@
>
> #include <linux/cache.h>
> #include <asm/secvar.h>
> +#include <asm/bug.h>
>
> -const struct secvar_operations *secvar_ops __ro_after_init;
> +const struct secvar_operations *secvar_ops __ro_after_init = NULL;
>
> -void set_secvar_ops(const struct secvar_operations *ops)
> +int set_secvar_ops(const struct secvar_operations *ops)
> {
> + if (WARN_ON_ONCE(secvar_ops))
> + return -EBUSY;
> +
> secvar_ops = ops;
> +
> + return 0;
> }
> diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c
> index ef89861569e0..4c0a3b030fe0 100644
> --- a/arch/powerpc/platforms/powernv/opal-secvar.c
> +++ b/arch/powerpc/platforms/powernv/opal-secvar.c
> @@ -113,9 +113,7 @@ static int opal_secvar_probe(struct platform_device *pdev)
> return -ENODEV;
> }
>
> - set_secvar_ops(&opal_secvar_ops);
> -
> - return 0;
> + return set_secvar_ops(&opal_secvar_ops);
> }
>
> static const struct of_device_id opal_secvar_match[] = {
Reviewed-by: Stefan Berger <stefanb@...ux.ibm.com>
Powered by blists - more mailing lists