From patchwork Wed Jan 18 06:10:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45014 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175282wrn; Tue, 17 Jan 2023 22:35:21 -0800 (PST) X-Google-Smtp-Source: AMrXdXtCHehTS7VguIBkiXmw8GsPABYr7CMbcdpRFfxkqb70WiGM9ZiZjJUnWKsqyS8Ji9IqPEXB X-Received: by 2002:a17:90b:1013:b0:228:e0c2:b0ec with SMTP id gm19-20020a17090b101300b00228e0c2b0ecmr6070234pjb.6.1674023721658; Tue, 17 Jan 2023 22:35:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023721; cv=none; d=google.com; s=arc-20160816; b=T+pm5jfaHoFxE3GzSJthheoMHoVIBBw3lkJU6q+PW2tbHWq3VLM3+Nt01PYnzBODwj yc7rugT59m2kJEPBpcz8yaZ1BpHarphqNyfaS0nSONSBqBfpwtUI6WwTJmVwfm0fa9c9 mLlW1K8mIKis+CIs3LhlfJPUx4WN1UNjoFjh4SwAlV5e15E+P2IRFF7hZTe9qG/Vmq5B 32CwET/rLBkbMT8tJGMr/EKfqV3wjwSDLCbQ5oPB/xIeXueDULlmodwr9yXKCzk6gOc+ naCmK3AU/nRrg1ttlRYRy33z48+6aARPoMXGOWOWKriez4UcZDrnaesqBQRQK7rMF/RN dFkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=U0T7vD2M0LInYRTBrTCo83YjKh6AqmuZmIT8n37KGrk=; b=S9OfeAz0XpVS2kC6oZZt7M1eyyiaUw7ZoM7qSWGG4DBWPypVv1GBqEgirJAXCYXee6 M5UDH5E4tDT8tTB5EOtWKwbY9lXrgu4ELdTLK472mLMIOVYwGucxqoEnj2+OncgDO95D +Ho594KaXgaMhNMxDt5AR9BsqETE7hAjhtAy8WRwOJwxbBZux2gpuboX7P24sCxSq9QK u4PMNPVplu0DdsFn0usw8qM5ygu8wQrSg/oMZKDnlMqxqVhIEQbx1tRXpFgcFenKFwFu tzyPEFr6To78zj/y1L7jm5JM8xCELfVX5gTXySonU8zjBB5XWGtEOhYOjBaW0bHrRmw7 +erQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=CIhotGLx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oe13-20020a17090b394d00b00219c3bb5a63si1244973pjb.38.2023.01.17.22.35.09; Tue, 17 Jan 2023 22:35:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=CIhotGLx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229891AbjARGey (ORCPT + 99 others); Wed, 18 Jan 2023 01:34:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229660AbjARGV7 (ORCPT ); Wed, 18 Jan 2023 01:21:59 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B3024DBDD; Tue, 17 Jan 2023 22:11:24 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I2BSdH022504; Wed, 18 Jan 2023 06:11:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=U0T7vD2M0LInYRTBrTCo83YjKh6AqmuZmIT8n37KGrk=; b=CIhotGLxYHn6tszisAhDIyb3XdjgNZMqy/CR9jXgadqo6XsoqP4U9chwewWA9OO+jURf bAjXv3CpiHCQ3Ofks6NyZXjcDTfw/ERe5SxI8wTzgqOp3BnsGQzNNuWki7oz+QBXUq1t sG9iqPX0QvsbfFIPZvZXb36cwpOyp6nRDcECMIHUIrLNRX4yMfnLZCveVa5te4NWfNBc XSGnvrEmjI/CNZggvS3BeiBNV2N5ExmwG5DEyoSlRnVFcrvBqUaBpy+pUU1MrAF9gI+r OTgRXPNU7pBO45aniPtT9+bfzOQPUC8ip0Jio1vLnmr6tiIrFafAuNUdu66E4K1fQVZZ Fg== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n66eydfy1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HD6s2M002145; Wed, 18 Jan 2023 06:11:13 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgr4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:13 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BBBk20775336 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:11 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0687A20040; Wed, 18 Jan 2023 06:11:11 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1010120043; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 162DE605A5; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 01/24] powerpc/secvar: Use u64 in secvar_operations Date: Wed, 18 Jan 2023 17:10:26 +1100 Message-Id: <20230118061049.1006141-2-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 4qI0ws-PasjnYfNFG193quJzQvVlpk5O X-Proofpoint-GUID: 4qI0ws-PasjnYfNFG193quJzQvVlpk5O X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341098083638645?= X-GMAIL-MSGID: =?utf-8?q?1755341098083638645?= From: Michael Ellerman There's no reason for secvar_operations to use uint64_t vs the more common kernel type u64. The types are compatible, but they require different printk format strings which can lead to confusion. Change all the secvar related routines to use u64. Signed-off-by: Michael Ellerman Reviewed-by: Russell Currey Reviewed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: Include new patch --- arch/powerpc/include/asm/secvar.h | 9 +++------ arch/powerpc/kernel/secvar-sysfs.c | 8 ++++---- arch/powerpc/platforms/powernv/opal-secvar.c | 9 +++------ security/integrity/platform_certs/load_powerpc.c | 4 ++-- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 4cc35b58b986..07ba36f868a7 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -14,12 +14,9 @@ extern const struct secvar_operations *secvar_ops; struct secvar_operations { - int (*get)(const char *key, uint64_t key_len, u8 *data, - uint64_t *data_size); - int (*get_next)(const char *key, uint64_t *key_len, - uint64_t keybufsize); - int (*set)(const char *key, uint64_t key_len, u8 *data, - uint64_t data_size); + int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); + int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); + int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 1ee4640a2641..001cdbcdb9d2 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -47,7 +47,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - uint64_t dsize; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -64,8 +64,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { - uint64_t dsize; char *data; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -166,9 +166,9 @@ static int update_kobj_size(void) static int secvar_sysfs_load(void) { - char *name; - uint64_t namesize = 0; struct kobject *kobj; + u64 namesize = 0; + char *name; int rc; name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL); diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 14133e120bdd..ef89861569e0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -54,8 +54,7 @@ static int opal_status_to_err(int rc) return err; } -static int opal_get_variable(const char *key, uint64_t ksize, - u8 *data, uint64_t *dsize) +static int opal_get_variable(const char *key, u64 ksize, u8 *data, u64 *dsize) { int rc; @@ -71,8 +70,7 @@ static int opal_get_variable(const char *key, uint64_t ksize, return opal_status_to_err(rc); } -static int opal_get_next_variable(const char *key, uint64_t *keylen, - uint64_t keybufsize) +static int opal_get_next_variable(const char *key, u64 *keylen, u64 keybufsize) { int rc; @@ -88,8 +86,7 @@ static int opal_get_next_variable(const char *key, uint64_t *keylen, return opal_status_to_err(rc); } -static int opal_set_variable(const char *key, uint64_t ksize, u8 *data, - uint64_t dsize) +static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) { int rc; diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index a2900cb85357..1e4f80a4e71c 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -18,7 +18,7 @@ /* * Get a certificate list blob from the named secure variable. */ -static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) +static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { int rc; void *db; @@ -51,7 +51,7 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) static int __init load_powerpc_certs(void) { void *db = NULL, *dbx = NULL; - uint64_t dbsize = 0, dbxsize = 0; + u64 dbsize = 0, dbxsize = 0; int rc = 0; struct device_node *node; From patchwork Wed Jan 18 06:10:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45013 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175276wrn; Tue, 17 Jan 2023 22:35:21 -0800 (PST) X-Google-Smtp-Source: AMrXdXs6AfXXPHv6GGAaJU7vUV7NEgGEmBhgDjCigbmJW7sdLJmuw51KwzZ3WSXUwNaQrS9lSV/a X-Received: by 2002:a17:902:f70e:b0:194:6c1b:60b9 with SMTP id h14-20020a170902f70e00b001946c1b60b9mr7117213plo.25.1674023720992; Tue, 17 Jan 2023 22:35:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023720; cv=none; d=google.com; s=arc-20160816; b=uBpp5G5LImn9vXd7n3OAlyEfey5m/IbMX7kDP+IPH1Irw40m+RGXNIhJu7YTsdXYWP id4tkA/1JJQU9TXiQ99iIyyHjMjIiScH0aH63pKxSWT8gWhxJaIG7EmvAvxYcnGea8+Z JajfvKtpGU/yR95JQuBW6CxmZQS5FhQWG0SkVP5SOK69VlA1z9273R68tNrYZu1tdgFN 2wiObdi10NqkOKsc9czmGQWo4OcPTPrwB4LsY66klzj9pPpXNmn7T1XSNVvEZGPSpK7s 6k/iLxfpEqzRIvkTczUDokjd3GD40YpFLR0Y7NE3YAjIlLi4SLJIy/UltsmXBgdh+okh YZRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=I5X92rUOwXEA1uiZLI14+Cjbw2Moy8V6c3Tzc/pTkmY=; b=SYVsVE0c4iIazT5IYyB3482fTB0YI9zX5cnkOOkBYlYNsFwFbCcC05wIRU74rW/Hu1 /tdtmNdt+0P4sGMNdgSo6wdj87OFJFcvD10GXEEWCWPUtzxVnbvnoCCPWiuCSbyBDLn6 TF5LGCWfnJdjC7ZWBhCGtiguVUzE/r8LZqwphJ1FtZ8oWcFNirLxD1b03lf7XfLlMRUi AcSDYSWkU+7/S2pmqagxOql0p48sGiqxhrG1+F0JW2Ai8MFyfXJM46ZdNzbiRQtoH6yl uf/ieVnHN0pE4nhT5+vhrhnugnS8c6n2AnrNmHSHgJemzN+jh1WWSPc8aSruArxERvVt /x6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="O/zXlv5C"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e5-20020a170902f1c500b00194a2575c84si5145014plc.596.2023.01.17.22.35.08; Tue, 17 Jan 2023 22:35:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="O/zXlv5C"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229641AbjARGep (ORCPT + 99 others); Wed, 18 Jan 2023 01:34:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229545AbjARGV7 (ORCPT ); Wed, 18 Jan 2023 01:21:59 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 805EB4DCE5; Tue, 17 Jan 2023 22:11:25 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I511c2007931; Wed, 18 Jan 2023 06:11:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=I5X92rUOwXEA1uiZLI14+Cjbw2Moy8V6c3Tzc/pTkmY=; b=O/zXlv5Ce4/AfwyIYYSYNdD79XkhYEVX2Z+ewTD0OxpvPHOHCLwiAdTxbCPHl5lIvJSw mBM7eGKG3nXwZNk+5OaFPRuZgYFpHUBqYJNzEQ87hUZwlIzfB6flMA7ZnLjaPMSatfSg zQx9PY6qlNttPJzyKn7SujN3gp5duo/FjES1t29+qbJKmFGJo0824zP2Q0o3zleg2Gra cUGubw/tdxOLa2MtAbR5zN/fQPDWfAIGOQ2DTRxJxoIBPI3efUB+FPwXsMVcCNhohzqN g60IJ/CyF0jbg5JvJN3LRbg3Zn0qSso1tpb4x8Ph/eTObZe3KZjQq11gWMN4ijsNQtrf uQ== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n63tk9aa6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HAM9oV028810; Wed, 18 Jan 2023 06:11:13 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16bh3k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:12 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BA7a20775332 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:10 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8C01D20049; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0FD9320040; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 26E2D605A6; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 02/24] powerpc/secvar: WARN_ON_ONCE() if multiple secvar ops are set Date: Wed, 18 Jan 2023 17:10:27 +1100 Message-Id: <20230118061049.1006141-3-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: -mB5k-MvALE6MAPLtpHSGqGsybXp0Kdj X-Proofpoint-GUID: -mB5k-MvALE6MAPLtpHSGqGsybXp0Kdj X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 bulkscore=0 priorityscore=1501 impostorscore=0 mlxscore=0 suspectscore=0 adultscore=0 clxscore=1015 spamscore=0 mlxlogscore=999 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341097606310787?= X-GMAIL-MSGID: =?utf-8?q?1755341097606310787?= From: Russell Currey The secvar code only supports one consumer at a time. Multiple consumers aren't possible at this point in time, but we'd want it to be obvious if it ever could happen. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- arch/powerpc/kernel/secvar-ops.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c index 6a29777d6a2d..aa1b2adc2710 100644 --- a/arch/powerpc/kernel/secvar-ops.c +++ b/arch/powerpc/kernel/secvar-ops.c @@ -8,10 +8,12 @@ #include #include +#include -const struct secvar_operations *secvar_ops __ro_after_init; +const struct secvar_operations *secvar_ops __ro_after_init = NULL; void set_secvar_ops(const struct secvar_operations *ops) { + WARN_ON_ONCE(secvar_ops); secvar_ops = ops; } From patchwork Wed Jan 18 06:10:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45012 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175232wrn; Tue, 17 Jan 2023 22:35:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXtcRATsrBgMX496RI59+IAFAVFtYnNuI8yksqoQGwRTco14MrssFHSqQ38JVkZ2mJXlhMMp X-Received: by 2002:a17:903:2306:b0:194:7b59:bfe4 with SMTP id d6-20020a170903230600b001947b59bfe4mr9527721plh.54.1674023713838; Tue, 17 Jan 2023 22:35:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023713; cv=none; d=google.com; s=arc-20160816; b=piRCmLYW2aUL33cs/rZJ+OOKaK47ZYVx7g8zC4Wkv45LcayJZ3LNUsySjvb1kYB8+Q QEzUdD6Z8HPXBh3MtJ1VspgoCoLVyGpBhLCr7z1/He9doU+SxOxyrUktE7SlCsy7xYP8 8WBujkK11xggrDLWH1MPvIj35jkEe6pIq+GkEdcHwi75H2mgGnlnbIFQ4GrEPJQY1k8s zZ5QgAaPAHYF6BrKOSye/TUSWJPbNSxWOcRfz9kuxkMOLT8DEJim3omPmgDY2egcmAT3 JDvZpzSyt5rMXnSmtPhoIM5Bl2ce7hbRpktCwZzD/7n5UQDs9xV/UgtJKQY9/fdsnsO8 RDIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JfBITR2ZTvNGGVcMLga9xRX0KrOMIU4bb//V61PbJuU=; b=c2lHc3teONGdZRJ7Joi4w7no0O8qAl18CB7qwQf2oCgNUEb+tb8AkFj+wCkQuhMgS+ Vup0gzQJ1babhAkTxr6k0GL0BQ07W0+n/UPvQBTT/2UNE0W2KS9VjrsKUQkn4WUbjMw8 UTN8OISohIg9x2P+QwqsVVhlCfq1wt/Zob2eGAIWLg9hwbBNDGHHLcF1m6AKPmZwgFAm Rm9kOvBz7KMJIFIhBEGZtXfd76MWfsUzpZqAik8somV6I41UBHX3hUcCVDAGdHSjP3BF XQ5bC5VOxNdh9ZgkYaefuqa3BQyEfmuSk2R8Dbxl2mlYwmIhB1m/CLHJxUvoCMTTdvPr Y1oA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=IS3AXq0Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 145-20020a630097000000b004a441bd4195si35456582pga.865.2023.01.17.22.35.01; Tue, 17 Jan 2023 22:35:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=IS3AXq0Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229664AbjARGed (ORCPT + 99 others); Wed, 18 Jan 2023 01:34:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54032 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229639AbjARGV7 (ORCPT ); Wed, 18 Jan 2023 01:21:59 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA3CD4DBDE; Tue, 17 Jan 2023 22:11:24 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I4gSQl029762; Wed, 18 Jan 2023 06:11:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=JfBITR2ZTvNGGVcMLga9xRX0KrOMIU4bb//V61PbJuU=; b=IS3AXq0Qc5kFuDx0xDyf3DdlSlW2CyBbzZLchP6Wi37rEUhV6dC1YJ8urfylVWYTmO2q x0qvqULj3VTiouplY6Bos+Xx8vhxtWfdqsCzRg80LydMc9hbukW8i2/8t6iFmdXLA2xl ab2vew2PHQVAFltBhE8B1DQXApslzLNpwcqcnQTqkkV+FitJr6Lrr8EG/cCzjRmtNvye AAF6PlOxBL70g9M/U27X3wu5Fg+g69S2ZQ+JpXNw0lFZpTqP4q5a/bodEOUjirdd2n/L xfpp2V3Q0o88jg+WnGx+d7iO7PdfqtY6OrSl0TE4wpWmIOppRRomd3sBNJyYA+9re+01 mA== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n66eydfxr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HD6s2L002145; Wed, 18 Jan 2023 06:11:13 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgr3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:13 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BAGk30278078 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:10 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8B97C2004D; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F8EC20043; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 2D06E6016D; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 03/24] powerpc/secvar: Use sysfs_emit() instead of sprintf() Date: Wed, 18 Jan 2023 17:10:28 +1100 Message-Id: <20230118061049.1006141-4-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: KeADZMoxl-mHng3KHI5g5sCVYiOdIC1q X-Proofpoint-GUID: KeADZMoxl-mHng3KHI5g5sCVYiOdIC1q X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 adultscore=0 mlxlogscore=860 suspectscore=0 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341090227153906?= X-GMAIL-MSGID: =?utf-8?q?1755341090227153906?= From: Russell Currey The secvar format string and object size sysfs files are both ASCII text, and should use sysfs_emit(). No functional change. Suggested-by: Greg Kroah-Hartman Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v2: New patch (gregkh) --- arch/powerpc/kernel/secvar-sysfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 001cdbcdb9d2..462cacc0ca60 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -35,7 +35,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, if (rc) goto out; - rc = sprintf(buf, "%s\n", format); + rc = sysfs_emit(buf, "%s\n", format); out: of_node_put(node); @@ -57,7 +57,7 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, return rc; } - return sprintf(buf, "%llu\n", dsize); + return sysfs_emit(buf, "%llu\n", dsize); } static ssize_t data_read(struct file *filep, struct kobject *kobj, From patchwork Wed Jan 18 06:10:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45010 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175083wrn; Tue, 17 Jan 2023 22:34:43 -0800 (PST) X-Google-Smtp-Source: AMrXdXtqyYoB5WjcMgmalP1Ja0YXjnZbjAoqtYe0SLhOtXMvNmJUKVKfxcuzIIuelQuqdRgmMBYy X-Received: by 2002:a05:6a20:d2cd:b0:b5:c751:78bb with SMTP id ir13-20020a056a20d2cd00b000b5c75178bbmr6431555pzb.6.1674023683359; Tue, 17 Jan 2023 22:34:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023683; cv=none; d=google.com; s=arc-20160816; b=R+01RQphewrSIgA+O0Qvjnq9Cxx0DSWwyctaQjGtHYQtDzpqemMtIxyzNIuJQBboKT LrkQIYcYiUrk4iQAaY3MmLVzLZMLaAKZNuZwomgvheEzNVwGxG9jI2nJVgOjsVXOs3S7 kUTnO5kG8mgmF2L57la42mzbabfBLxPCan4TlX5S1uMTn5wBB1IrZ0aWR9SLx9j6lG8Y okCWrzIaKRSVNWTIyFSeTKJTOXfyWiJ/xfNEpJuFqVvctkFYEb5zO9RLnr9qd5n6vujJ B25T1XlE0VysAmFr5YuzMXA2FFBFeqvbFgVaueRps5mzJhGSW+wbPH+jUsh2fmagsXWy +A9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DRGICz5yYX5ouSLzsb2m+IOnUfCQUEaW8DNMC5aDBh0=; b=Sqyj95J5TysdLuKPxG7t+Jakqlqa02Nu+p6Zpzdu4vRknez5hGZAPtyX1jUgEo4hCx RaJqMEOy+awfjqNUM7NImfsP72v4JyrqGYyngEJ3eJTe9RP6/97wB8W6TrgTKCFUdK46 vSo6hS5BsSZiZPrhsJMsp9uwKUrj5n3/rBlyOZdA9n9HQgbFdbZ8GmwtmTAdqg5u2Dir xN+1uedYDGPFTZip8sBDIKyqXjcYHeqQfMADnZYx4wKwUNgicujsBMn8m6ShPZs8FBek u50oTJc/20/fxJcmV3/VutRrD7TkvOCNhdNPyBZCwfbrYZJx5CRkENtWQ1si219Ks0Vi TMeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="M/sW6Gcb"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u18-20020a170902e81200b00188712fdf88si15292849plg.46.2023.01.17.22.34.31; Tue, 17 Jan 2023 22:34:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="M/sW6Gcb"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229791AbjARGeI (ORCPT + 99 others); Wed, 18 Jan 2023 01:34:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229689AbjARGWB (ORCPT ); Wed, 18 Jan 2023 01:22:01 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8973F4DCE8; Tue, 17 Jan 2023 22:11:25 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I53VZX015774; Wed, 18 Jan 2023 06:11:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=DRGICz5yYX5ouSLzsb2m+IOnUfCQUEaW8DNMC5aDBh0=; b=M/sW6GcbgQSaca7+zvw5hj3nxpPsxydOd7RDE21uvZKHEvDnjiJFARDKidrFynpOO1HY A/4jv52qtJ7CjQTo5dIQwzl98BYw35V35oU9jWw84HQTg6AoDGCrpJULpH9y1cw+TvOp UOjEijuVqQ6q4cAtpPWK+Y3mc+hCXzSihfOV1PjXG2vVV09e1okqMMXf9nH0tLbbV/7r gc7frHrJ+eHvuvh/UvN40+8oJcyA0qUfy+gMfTqGZnb7RknwEILSoIF2W0iEKPKSov7q qHgp3AiYzmil9rt7xJfP6nkEqyyUH2NlWQOwe+bq62vVawbTiY2+N1psELWxfoxpaNP+ 0g== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6a9ph6uw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HFpOI4013061; Wed, 18 Jan 2023 06:11:13 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgv1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:13 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BBLb47055260 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:11 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 068392004B; Wed, 18 Jan 2023 06:11:11 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1035B20040; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 31B05605B2; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 04/24] powerpc/secvar: Handle format string in the consumer Date: Wed, 18 Jan 2023 17:10:29 +1100 Message-Id: <20230118061049.1006141-5-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: dHpbS8Bs2MA0tlXWchLHCj224ertkAx0 X-Proofpoint-ORIG-GUID: dHpbS8Bs2MA0tlXWchLHCj224ertkAx0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 phishscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341057904408779?= X-GMAIL-MSGID: =?utf-8?q?1755341057904408779?= From: Russell Currey The code that handles the format string in secvar-sysfs.c is entirely OPAL specific, so create a new "format" op in secvar_operations to make the secvar code more generic. No functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v2: Use sysfs_emit() instead of sprintf() (gregkh) v3: Enforce format string size limit (ruscur) --- arch/powerpc/include/asm/secvar.h | 3 +++ arch/powerpc/kernel/secvar-sysfs.c | 23 ++++-------------- arch/powerpc/platforms/powernv/opal-secvar.c | 25 ++++++++++++++++++++ 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 07ba36f868a7..8b6475589120 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -11,12 +11,15 @@ #include #include +#define SECVAR_MAX_FORMAT_LEN 30 // max length of string returned by ->format() + extern const struct secvar_operations *secvar_ops; struct secvar_operations { int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); + ssize_t (*format)(char *buf); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 462cacc0ca60..d3858eedd72c 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -21,26 +21,13 @@ static struct kset *secvar_kset; static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - ssize_t rc = 0; - struct device_node *node; - const char *format; - - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } + char tmp[SECVAR_MAX_FORMAT_LEN]; + ssize_t len = secvar_ops->format(tmp); - rc = of_property_read_string(node, "format", &format); - if (rc) - goto out; + if (len <= 0) + return -EIO; - rc = sysfs_emit(buf, "%s\n", format); - -out: - of_node_put(node); - - return rc; + return sysfs_emit(buf, "%s\n", tmp); } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index ef89861569e0..623c6839e66c 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -98,10 +98,35 @@ static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) return opal_status_to_err(rc); } +static ssize_t opal_secvar_format(char *buf) +{ + ssize_t rc = 0; + struct device_node *node; + const char *format; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_string(node, "format", &format); + if (rc) + goto out; + + rc = snprintf(buf, SECVAR_MAX_FORMAT_LEN, "%s", format); + +out: + of_node_put(node); + + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, + .format = opal_secvar_format, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Wed Jan 18 06:10:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45007 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174726wrn; Tue, 17 Jan 2023 22:33:32 -0800 (PST) X-Google-Smtp-Source: AMrXdXt88w1lVG1XR4uD6W0/FJnGf161A3SpfJ91d/4VcFtZQU0+LCvNbG1Kj+cCfziYR5j1mwJy X-Received: by 2002:a17:902:bd01:b0:192:820d:d1 with SMTP id p1-20020a170902bd0100b00192820d00d1mr4654485pls.25.1674023612368; Tue, 17 Jan 2023 22:33:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023612; cv=none; d=google.com; s=arc-20160816; b=eWeuAMIkBmeS0ZMRzFtGwPggQ/kKrdyrLWxnHAY53k5mSBTCXtymINMdaqN8a3f6Ta JiQR9+IFVq8fQ66EIEhKVztzHRFSBjmQfElrWqBfzRSkf84yakyEYLrSOy/y1y1jmfnt M7Ttw7iifE5QpWI0+lOOckoLb8vftgp8FjcG6X/K7t005p67cNPNDCX7pKHZnK9NvFXw ueSOZZgkJyP4KzuGieeF3XqTV9ZnkQpiH4gXGzsC6UzNLvWRSlFm/BH7J3CXeL2kcHBR xN1UMmPfrhrpOhL3rv/4IwNLF2o8hInB+auJd+4uoeWtQzBPPBs9ER15TGxgGZrnGu6m 05kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bHHR3RLIzz5a0VeNjLj2JDBeVpQ9SRzJvR1fZcogI3c=; b=n70/iNUVNc1o/CNTeKJELv14Uk2kqd9FriFVPJhGvzJKhZURK29mp/8e+E9C3GgUkR MXchjSkHw4VsrrpnVbOf7MqjU1SSCbQcUs8g7djkONazuIVeRhVLc/tgn+sn5PL1QbMW pev9cC6yT7GyiIX10Z2vF0MznpH1z94y4i3ULd0VRqTavhHKZtxnw4UFX7AKx6lddrhw HvCenMVbcyoLAJVnS2zQ60rr3/Ird+d9uYk4fBal886rIaRvVfk+gF2UYkQMmyP3020O dGqzG2RTOLZC8/4SHtYizi03nWjI8WLf0Lm0Z8sMhGPnJnGGbVD7NlV+FFc36bjoWU/r WLXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=tBYj3Srl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x14-20020a170902ec8e00b001925dbac333si25191960plg.312.2023.01.17.22.33.14; Tue, 17 Jan 2023 22:33:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=tBYj3Srl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229448AbjARGcT (ORCPT + 99 others); Wed, 18 Jan 2023 01:32:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229578AbjARGWJ (ORCPT ); Wed, 18 Jan 2023 01:22:09 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D69874DE2C; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I4mMCd027664; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=bHHR3RLIzz5a0VeNjLj2JDBeVpQ9SRzJvR1fZcogI3c=; b=tBYj3SrlCqrsbud9bAEBq8Azgi3il5AAUmFu7aq30yduT3PqRDxSOoW/tB2xvgAigumv f5oWVX8zgqDC1iqDnvdraJc3vDVBOgpRNsgc+nTepeGKrfmz41ztMUwP0/8WJYzUUBsI Ob9rUuCIMeeFBpBVHQDsOaTUjP0QJGWKiaUyP78mM9PSE5u/mm+XZwMjioo1wldt25XQ YNxQdMK0xMH0J1jSRlyCAr+m7/031kJs5rHLXJnbI3A8Z/BFsFoIPS9FwyzDpN/p2r8e RsFTltTl+dM4Zg+RPCvkOAqXm04Ba4sdGjOUeroLsV9L//eIFCjzC0Xm1T1HkltpXTIJ Qg== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6a2m1dm1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HEkgRu027150; Wed, 18 Jan 2023 06:11:16 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgr8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:16 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BDAh44171598 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 574522004B; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6217020043; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 35651605DC; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 05/24] powerpc/secvar: Handle max object size in the consumer Date: Wed, 18 Jan 2023 17:10:30 +1100 Message-Id: <20230118061049.1006141-6-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 1U39Zc8ipcq1ZkQVom6rm12twxUj8p5e X-Proofpoint-ORIG-GUID: 1U39Zc8ipcq1ZkQVom6rm12twxUj8p5e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 adultscore=0 bulkscore=0 phishscore=0 clxscore=1015 spamscore=0 malwarescore=0 mlxlogscore=999 lowpriorityscore=0 suspectscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340983338683871?= X-GMAIL-MSGID: =?utf-8?q?1755340983338683871?= From: Russell Currey Currently the max object size is handled in the core secvar code with an entirely OPAL-specific implementation, so create a new max_size() op and move the existing implementation into the powernv platform. Should be no functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: Change uint64_t type to u64 (mpe) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 17 +++-------------- arch/powerpc/platforms/powernv/opal-secvar.c | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 8b6475589120..b2cb9bb7c540 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -20,6 +20,7 @@ struct secvar_operations { int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf); + int (*max_size)(u64 *max_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index d3858eedd72c..031ef37bca99 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -128,27 +128,16 @@ static struct kobj_type secvar_ktype = { static int update_kobj_size(void) { - struct device_node *node; u64 varsize; - int rc = 0; + int rc = secvar_ops->max_size(&varsize); - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } - - rc = of_property_read_u64(node, "max-var-size", &varsize); if (rc) - goto out; + return rc; data_attr.size = varsize; update_attr.size = varsize; -out: - of_node_put(node); - - return rc; + return 0; } static int secvar_sysfs_load(void) diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 623c6839e66c..c9b9fd3730df 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -122,11 +122,30 @@ static ssize_t opal_secvar_format(char *buf) return rc; } +static int opal_secvar_max_size(u64 *max_size) +{ + int rc; + struct device_node *node; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_u64(node, "max-var-size", max_size); + +out: + of_node_put(node); + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, .format = opal_secvar_format, + .max_size = opal_secvar_max_size, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Wed Jan 18 06:10:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45011 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175127wrn; Tue, 17 Jan 2023 22:34:54 -0800 (PST) X-Google-Smtp-Source: AMrXdXteHQQXEkgG2Obx22OjJBFZx2YzqfxAUeM5zJEztWJStZ/UcT+L8WagbRP5Z3ualy2KqYUT X-Received: by 2002:aa7:9e9e:0:b0:580:9431:1b1a with SMTP id p30-20020aa79e9e000000b0058094311b1amr6917896pfq.5.1674023693791; Tue, 17 Jan 2023 22:34:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023693; cv=none; d=google.com; s=arc-20160816; b=xVNIFXkftwIS/t+aZMJcboA12mt85BOSDclY8sEn9+YdAogb0uMhd9S8Fcsz33E/2D G2Br/7bxmz51m/bMLgCQKb0rrBtu6+nxQzObThdBrnu4oA4XcCMdL11xjJRMN0cBq9K8 oU67OC+8/FbPxfgCgezUphDswitC3J51JgaQr2uFKlqYpvi3A72IbC7dfmfyXOaTgCqm M/mgmeUEcOXgSSEuyapXqgiCff7aXjErwA3O10RYISnDC6Tji8i1JpABqd0k3mw9Q1cE ShbbskeDlbFe4g53pXtNzi6aREx29Ui9vcn/P1hJkGivuwv6dLnq1D5Uj4gN9ex2+XGr NoLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=N7HGyx4b1gCBsq4x5Z+3hfZRJYp+aSxT5gUkrccymoQ=; b=08ZCtFhXUXHaB9uQX6m8bb/XxFlpuCFcnoNy55tNryGLhXq+DMMD108CclITfYF9i/ yeWpSGv3rvk7+cSsT+XhtSP5TilYGXpW+Mu7IaDvvdQq1a7Re60u+3gm8r79T8ovSDyj s+oXxiHeCwuaOhGkHwJZ5R/wIGhPPfmGt2CNtpXB5ToN0DRMcTVXl4L1HlWkUbNQF9wv L4gySvFA8+hJxtn7avtIrKS03B6feLfu2wfwkgK0yPa0hGLC28K/+baZgEz2+jYcPNRX Fnm+VFLqgyM29bImwaPD8gAEASaH3CxVGM4N7Mxlipsr4+RPVxHstY9yWHCmNEc4agen logg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="kAigaI/F"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g22-20020a056a001a1600b0058dcdfcf42asi2512629pfv.304.2023.01.17.22.34.42; Tue, 17 Jan 2023 22:34:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="kAigaI/F"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229902AbjARGea (ORCPT + 99 others); Wed, 18 Jan 2023 01:34:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229485AbjARGWH (ORCPT ); Wed, 18 Jan 2023 01:22:07 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 365804DCEF; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3XHBn014174; Wed, 18 Jan 2023 06:11:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=N7HGyx4b1gCBsq4x5Z+3hfZRJYp+aSxT5gUkrccymoQ=; b=kAigaI/FqUy6KsdCL2DhGUI3ixv9oNCZtAwESvmm1hyQn1Ad3vBfMR26orISpDiouWit hAt35mX6SkrzIXckJ5qrN3pYWQp6eKnn4ynQVQMTPSOpiz0FFxe9Eg4XrykuWCZTVaSR uVovhYSG1579+SkfGFVG2WS3Ze3pORVogtfZqNKW3EXFpHwYBeOD0O2QEXVmLqXB2e51 0jUx14IIhU72mLol5QbvPlTb0Dp4zcQsxoOWFLMVnde/nKa3Cu4ftc89LfQqzfJHPhZ1 3Y3UZV19sn0KALNtwbn4FrJPAl/J277Qy7QASnEzusitKuaVpsIjSLihmOGHg3cPOkNf 0w== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68ycaq55-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HMbatS006324; Wed, 18 Jan 2023 06:11:15 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfmtke-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BCtF52756816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DDB7E2004B; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6247C20049; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 440AF605AB; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 06/24] powerpc/secvar: Clean up init error messages Date: Wed, 18 Jan 2023 17:10:31 +1100 Message-Id: <20230118061049.1006141-7-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: AoWWh6DHMsT9RbLMOeVTIb64cAusFruu X-Proofpoint-ORIG-GUID: AoWWh6DHMsT9RbLMOeVTIb64cAusFruu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 mlxlogscore=861 priorityscore=1501 clxscore=1015 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341068710760476?= X-GMAIL-MSGID: =?utf-8?q?1755341068710760476?= Remove unnecessary prefixes from error messages in secvar_sysfs_init() (the file defines pr_fmt, so putting "secvar:" in every message is unnecessary). Make capitalisation and punctuation more consistent. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 031ef37bca99..9f0e49bf3903 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -190,13 +190,13 @@ static int secvar_sysfs_init(void) int rc; if (!secvar_ops) { - pr_warn("secvar: failed to retrieve secvar operations.\n"); + pr_warn("Failed to retrieve secvar operations\n"); return -ENODEV; } secvar_kobj = kobject_create_and_add("secvar", firmware_kobj); if (!secvar_kobj) { - pr_err("secvar: Failed to create firmware kobj\n"); + pr_err("Failed to create firmware kobj\n"); return -ENOMEM; } @@ -208,7 +208,7 @@ static int secvar_sysfs_init(void) secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { - pr_err("secvar: sysfs kobject registration failed.\n"); + pr_err("sysfs kobject registration failed\n"); kobject_put(secvar_kobj); return -ENOMEM; } From patchwork Wed Jan 18 06:10:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45018 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175650wrn; Tue, 17 Jan 2023 22:36:23 -0800 (PST) X-Google-Smtp-Source: AMrXdXvzgb52MeLBf/wd75K+kcpGwrPE9ARziMJysd4iffRzOjwWcY1FHx9PN6w0SBuVE3T/SD2M X-Received: by 2002:a17:90a:f3d8:b0:228:da96:cfd2 with SMTP id ha24-20020a17090af3d800b00228da96cfd2mr5740611pjb.27.1674023783159; Tue, 17 Jan 2023 22:36:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023783; cv=none; d=google.com; s=arc-20160816; b=DBvzUzOP7n79pmRpIry4san1Po5qPxzEWxEu31ItAt3rCuE1yLN6N1yIiYBXjUiACT J+9Gs8qbcGbL9+AqTrMkae0CGIIyWTYdMvQnMkX6rfxtChX/Pys8NdE1G8hDrWj2idHC 4cIXcu1WhUhT53Ab6arp9J5HV3ZFI3ASn8zsLrziUIrwNOhSjSUs/NA5ZAUlJnkGfdId Pa5t/FMlsqMJGqEJqTmfM5UAf4YlN6nAQxJqZk4fwjxS8zQ95bewdQR7fIxEzvaT970/ x758yDZ5yec4acjUhsoKM5WxeS5K7P9czadTBSHCxIzFuB0C6gYtEplBnXEyzGC+RVtB pAOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pSGBK/p1S4qtRP/VoxR01+uYjKCt8SW95Ne9npUDY6Q=; b=u+Sk78U5UNeafpyRODAVNPDoBoX/wLf9gMdKtzRCwZKPqzVOYjlYEhdG8PROG8Yuhq m1adhRdC9luBpG6i6T/GYue0Ppe7vbTWRy8uos7TkjEm1fIMjbTveFL4wgF17Iw1immQ 6QS/fFwbXqafz8nHQXnt56b3e4/leYfvsgBuNUxSAlu0bmBq/o1AzyEqwiYlQcMc9Ywa 668qIyKp+Vn+0jd+Yl6D69u5Hq0H2oNElwDa/GP6PprwpzsUWTmX+Af+k6NLFHb4Yy/C lVKdj6kUj0Wh/Eqf6suXBAnU2nhbcUO/nawtjKXdT2u6A95I/xoGmthcv8LYAsJ2VUlH oS5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=dt4iJOiK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ls9-20020a17090b350900b002239e6e30d4si1275191pjb.169.2023.01.17.22.36.11; Tue, 17 Jan 2023 22:36:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=dt4iJOiK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229483AbjARGfk (ORCPT + 99 others); Wed, 18 Jan 2023 01:35:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229518AbjARGWg (ORCPT ); Wed, 18 Jan 2023 01:22:36 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 661064E50B; Tue, 17 Jan 2023 22:11:30 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3C7wt005658; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=pSGBK/p1S4qtRP/VoxR01+uYjKCt8SW95Ne9npUDY6Q=; b=dt4iJOiK9z+XqTGMNcA1UIgHQuuIrBdQx/i/vOJoA7UKyvqYNSj9uSw9VeohIhv6sg6A pDhNo+PQP88j6UFvYzzfdW6k1/1lyYN7VRSNr3t3YW6gw7ZGT5R6fLmIJPSk+AKzjmmQ fXj2pFWFQbm6hCEp0o3Jrn8XWcNNopl49mRP5Wge3D+bhyuSGQHGBQAd3CC3aLLCzxO3 NBvDb2kFzc7+S6PN+PXX8TrE89cmABcW5j0bQa49NaIq8GTaNUYiPs7KbjxoogZDyR59 RUUyD1uEIKkPZx50Skkq1stUj5dj1YtTtaP0JqSn92vlRWdeL3E8BlRkQI7ojKxWEKsl uw== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68n7u2fs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HNc0Pk030354; Wed, 18 Jan 2023 06:11:16 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgr7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BD5e40108438 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 55EB320043; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 60BF820040; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 49204605F2; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 07/24] powerpc/secvar: Extend sysfs to include config vars Date: Wed, 18 Jan 2023 17:10:32 +1100 Message-Id: <20230118061049.1006141-8-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: tewWwI44R-8DNqf36KS-pMXeCFUAQET8 X-Proofpoint-GUID: tewWwI44R-8DNqf36KS-pMXeCFUAQET8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 suspectscore=0 impostorscore=0 mlxscore=0 malwarescore=0 clxscore=1015 priorityscore=1501 mlxlogscore=999 bulkscore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341162699215264?= X-GMAIL-MSGID: =?utf-8?q?1755341162699215264?= From: Russell Currey The forthcoming pseries consumer of the secvar API wants to expose a number of config variables. Allowing secvar implementations to provide their own sysfs attributes makes it easy for consumers to expose what they need to. This is not being used by the OPAL secvar implementation at present, and the config directory will not be created if no attributes are set. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: Remove unnecessary "secvar:" prefix from error messages (ajd) Merge config attributes into secvar_operations (mpe) --- arch/powerpc/include/asm/secvar.h | 2 ++ arch/powerpc/kernel/secvar-sysfs.c | 33 +++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index b2cb9bb7c540..ebf95386d720 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -10,6 +10,7 @@ #include #include +#include #define SECVAR_MAX_FORMAT_LEN 30 // max length of string returned by ->format() @@ -21,6 +22,7 @@ struct secvar_operations { int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf); int (*max_size)(u64 *max_size); + const struct attribute **config_attrs; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 9f0e49bf3903..b82e95a2e415 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -140,6 +140,19 @@ static int update_kobj_size(void) return 0; } +static int secvar_sysfs_config(struct kobject *kobj) +{ + struct attribute_group config_group = { + .name = "config", + .attrs = (struct attribute **)secvar_ops->config_attrs, + }; + + if (secvar_ops->config_attrs) + return sysfs_create_group(kobj, &config_group); + + return 0; +} + static int secvar_sysfs_load(void) { struct kobject *kobj; @@ -202,26 +215,36 @@ static int secvar_sysfs_init(void) rc = sysfs_create_file(secvar_kobj, &format_attr.attr); if (rc) { - kobject_put(secvar_kobj); - return -ENOMEM; + pr_err("Failed to create format object\n"); + rc = -ENOMEM; + goto err; } secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { pr_err("sysfs kobject registration failed\n"); - kobject_put(secvar_kobj); - return -ENOMEM; + rc = -ENOMEM; + goto err; } rc = update_kobj_size(); if (rc) { pr_err("Cannot read the size of the attribute\n"); - return rc; + goto err; + } + + rc = secvar_sysfs_config(secvar_kobj); + if (rc) { + pr_err("Failed to create config directory\n"); + goto err; } secvar_sysfs_load(); return 0; +err: + kobject_put(secvar_kobj); + return rc; } late_initcall(secvar_sysfs_init); From patchwork Wed Jan 18 06:10:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45015 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175386wrn; Tue, 17 Jan 2023 22:35:39 -0800 (PST) X-Google-Smtp-Source: AMrXdXs16UP0RM9AIDzZbh7DGRrxathZM8cDvraWA+iYaNNg2mpAC8gzIfanNDNr8EYkrZEOXDDG X-Received: by 2002:a17:90b:392:b0:223:f4e9:b22b with SMTP id ga18-20020a17090b039200b00223f4e9b22bmr6160361pjb.41.1674023739383; Tue, 17 Jan 2023 22:35:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023739; cv=none; d=google.com; s=arc-20160816; b=CxpjLgKnQNhE4fzcRVGfKprDIZ8YLgPPnexbGgYiT3ONI2Pecxm3DWZhx+pvD4CaU9 UCci6lGTCb74js+1B8KHIwsoapX6/z0OXtWgkrVCM67a1Z5w8TzghrhcleVqF7osoO1b 6WRA+R27NFNUAAfsOFowKCLHXf9iKIRtZhA/n1EszZTDOtnXQTPJWyhyAuWTIHzNvJxV TkBvFRXaFCGXRK6WpHGi3VXlMf/qks8lxGlLbPn7oLCR35dUI7t1UYpmJdXQmHkf448K 7OZwvk2tzwquzehFvdsBcJ+u+RRwcJBeLqfpk8nETWdeTLB9KDTWXFJr9Xy5yV3j0rqT ZsQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=gSeb7p+nI+cvgpG3tJb8/8BacKZihHB01aYKrRWv7OI=; b=DWDatttbgtujlpA1WsastoO363YluoPTezUJ27HXaeMZQAFyIvO1w1OGZBOP8PfVvU Xi7pRPZYmct2Ne3QjGoPsnh198DPDg3U0CXITQtXK8FdQcNOa32Vh7r+yGXPvxLCMa77 B7uNaG68vUMr22c7REYAwhgt4eCrHEzIGKHzWEoNutcFWbQr0OqcNMcr1yO3T72RN8xu 3oxpT+LAIoHXVD8iCDEEZQ0K4tlOFWcrxYvZjCrD1FUDnYJoF0A5JSSLOdJb9BEzkzfE wHkQQy4SSwze+j/VaWPZkOuK6CWPX80EZAR3dtF04lNvwEbChq2+rFxIrZungUsVNDKC Fusw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=b0qNG6me; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ot11-20020a17090b3b4b00b002263ce0e2b3si1327395pjb.92.2023.01.17.22.35.27; Tue, 17 Jan 2023 22:35:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=b0qNG6me; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229940AbjARGe7 (ORCPT + 99 others); Wed, 18 Jan 2023 01:34:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229524AbjARGWE (ORCPT ); Wed, 18 Jan 2023 01:22:04 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20E484DCEC; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I53UtB015732; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=gSeb7p+nI+cvgpG3tJb8/8BacKZihHB01aYKrRWv7OI=; b=b0qNG6meX11LViiz4h5xJlfO0i6h1PeyqK6IQSWROlreU6PM30vmMg6ZXOfi5PTQu6Ef 4AwQogp5B7K7tp7dU4lXjrSvFSPaWl9zp97ISY6PDQwGsXoRgIeQhpa7z7eSMO4hrHd0 YfWOVwHXXNOcN5LnOjMhc6Ng/NCOSB6zkNN2kJc9UNmi2HpZtOLYgCXoQUKLQKymIrq2 R6Om86dECN7daHmEE49f4U2zWPxl+QiVbrgnmULAC4qKbkvS6xFhk+8GcJfGxzfcGilr bduIJNAlMwomke3X5wrJ0xctSQNyXh0fyMBQjlnuXwML3zcn3driOdC3VOSmorcVW1rH jA== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6a9ph6w2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HM36Aq007923; Wed, 18 Jan 2023 06:11:15 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfmtkh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BD2l48366020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 540862004B; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 606FF20040; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 4D896605F3; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 08/24] powerpc/secvar: Allow backend to populate static list of variable names Date: Wed, 18 Jan 2023 17:10:33 +1100 Message-Id: <20230118061049.1006141-9-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: zVPVTZzltHGxRihbg8CIp5WqLNp44g_V X-Proofpoint-ORIG-GUID: zVPVTZzltHGxRihbg8CIp5WqLNp44g_V X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 phishscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341116200398102?= X-GMAIL-MSGID: =?utf-8?q?1755341116200398102?= Currently, the list of variables is populated by calling secvar_ops->get_next() repeatedly, which is explicitly modelled on the OPAL API (including the keylen parameter). For the upcoming PLPKS backend, we have a static list of variable names. It is messy to fit that into get_next(), so instead, let the backend put a NULL-terminated array of variable names into secvar_ops->var_names, which will be used if get_next() is undefined. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (ajd/mpe) --- arch/powerpc/include/asm/secvar.h | 4 ++ arch/powerpc/kernel/secvar-sysfs.c | 67 ++++++++++++++++++++---------- 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index ebf95386d720..c8bee1834b54 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -23,6 +23,10 @@ struct secvar_operations { ssize_t (*format)(char *buf); int (*max_size)(u64 *max_size); const struct attribute **config_attrs; + + // NULL-terminated array of fixed variable names + // Only used if get_next() isn't provided + const char * const *var_names; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index b82e95a2e415..d9352d4be87b 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -153,9 +153,31 @@ static int secvar_sysfs_config(struct kobject *kobj) return 0; } -static int secvar_sysfs_load(void) +static int add_var(const char *name) { struct kobject *kobj; + int rc; + + kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); + if (!kobj) + return -ENOMEM; + + kobject_init(kobj, &secvar_ktype); + + rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); + if (rc) { + pr_warn("kobject_add error %d for attribute: %s\n", rc, + name); + kobject_put(kobj); + return rc; + } + + kobject_uevent(kobj, KOBJ_ADD); + return 0; +} + +static int secvar_sysfs_load(void) +{ u64 namesize = 0; char *name; int rc; @@ -173,31 +195,26 @@ static int secvar_sysfs_load(void) break; } - kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); - if (!kobj) { - rc = -ENOMEM; - break; - } - - kobject_init(kobj, &secvar_ktype); - - rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); - if (rc) { - pr_warn("kobject_add error %d for attribute: %s\n", rc, - name); - kobject_put(kobj); - kobj = NULL; - } - - if (kobj) - kobject_uevent(kobj, KOBJ_ADD); - + rc = add_var(name); } while (!rc); kfree(name); return rc; } +static int secvar_sysfs_load_static(void) +{ + const char * const *name_ptr = secvar_ops->var_names; + int rc; + while (*name_ptr) { + rc = add_var(*name_ptr); + if (rc) + return rc; + name_ptr++; + } + return 0; +} + static int secvar_sysfs_init(void) { int rc; @@ -239,7 +256,15 @@ static int secvar_sysfs_init(void) goto err; } - secvar_sysfs_load(); + if (secvar_ops->get_next) + rc = secvar_sysfs_load(); + else + rc = secvar_sysfs_load_static(); + + if (rc) { + pr_err("Failed to create variable attributes\n"); + goto err; + } return 0; err: From patchwork Wed Jan 18 06:10:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45006 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174378wrn; Tue, 17 Jan 2023 22:32:31 -0800 (PST) X-Google-Smtp-Source: AMrXdXv0vkhLN7NlqI9hgWSsbBSSfOJjK7g+RO1FAI17I4oulL4/LT/6IdkloPudswv1pCTbsV/d X-Received: by 2002:a62:5bc1:0:b0:58d:ac19:8950 with SMTP id p184-20020a625bc1000000b0058dac198950mr10716763pfb.33.1674023550714; Tue, 17 Jan 2023 22:32:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023550; cv=none; d=google.com; s=arc-20160816; b=YQTmoDHWAaHSO4+l7pvZIL974gvjdH8PTurRg/POVy5nF2ora27s1mujmK4NQyRmgr KH/s+Ezjnuu6cky2xjkjDbniQMDlSITwT2Ot0qZkgjt9U28dAnS9uP0M0zxSj7v/CyZ9 ogvcKYYYkHdPOzlb1Wbxhb2r+WAYLxKKrNn+FkOYb+7S+mx0qRUOhZSz1cKos5Tyfnz9 TAdokmKH92XW6hLKDHsPF8aPYwU8VDs2VolF6UduHn6+PwkSaPOpFMarFfRKSs+B/wdx VmyvoRGvimy3M2O8Zl8ezTHBmupiThPxhotliP7jlgAJfDuQ5O7bom4ZtNYDJEmL+ZHL H1wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KlS74nmS3Ezx0I+6lcH/jklJldEAqLLDt8jDZ9l6P9Y=; b=ICu97p8vZoYmn2kpcxl+RcW1rVSwiValN69lzlV3i+0xEFi5w+2rm563py8DL9doHf 3W0AbGJWyWEwW7W4XUTdbx6T6gaSQYM5BbLJ1K9A8LUsWLxQKmV3Xq9RYGzhOQyDCpNX KTU141uDsxfPahR6jG/l2E62XlvIzXmtGEFSQeDWdZTNI3nztZQ2Fi3lO13+sdxn8oSB NMFpsh7MpuBaXeqKhq0vjNkLkbQr+ID+GaBAzFqqJKCi5w0OwIkNAfYAHVCy131TBR8g aAnlU3CLa0FxR9WYxD7ujg7Vi6g5V03YgsBARSxERKxq1lp2FDiY2HTHMR4+oN9ndZKC j4wA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=A2kOQcO+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f5-20020a056a00228500b0058158371654si5998423pfe.368.2023.01.17.22.32.18; Tue, 17 Jan 2023 22:32:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=A2kOQcO+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229839AbjARGbb (ORCPT + 99 others); Wed, 18 Jan 2023 01:31:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229635AbjARGWK (ORCPT ); Wed, 18 Jan 2023 01:22:10 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75BED4DCF2; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3X6BB013875; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=KlS74nmS3Ezx0I+6lcH/jklJldEAqLLDt8jDZ9l6P9Y=; b=A2kOQcO+0lG+W7t5Qpi4jA4qtwduph2Zc0Kt+cDBuNH00XALzNX8+fCRix7kD761Ms79 bdDR1gdiFNrnXAtqTfVGkBW3AmC97mxMwyIirDtz3lvqLACLJq/VLAsLrfyA5z3yBez6 wL2fvJbjfJqg4WkCbzk7+32uMWtFXdWAAT0AUS9I9/adAOPYOlMXBdfqLhJb15q8fKrn 9VZKUyD08Uwb/6yvpR6/yo8xYY/kGvTJ4+/hx5xJsIE0JgMs/hRJM1OJkF+o0hyHJjxA TrSochxD3f7IdRkIZqk3N+7DoY3ErMc4sxTRxra/EwYmcUmKu8PW8iYAPv+i+a1Du91m Wg== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68ycaq5d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HAM9oW028810; Wed, 18 Jan 2023 06:11:16 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16bh3m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BD6R47382876 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 513E42004E; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C93DD20040; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 516EF6060A; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 09/24] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Date: Wed, 18 Jan 2023 17:10:34 +1100 Message-Id: <20230118061049.1006141-10-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: fVyGledytYs5sCx6nVUetw8ke1ngkkir X-Proofpoint-ORIG-GUID: fVyGledytYs5sCx6nVUetw8ke1ngkkir X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340918907496390?= X-GMAIL-MSGID: =?utf-8?q?1755340918907496390?= Due to sysfs constraints, when writing to a variable, we can only handle writes of up to PAGE_SIZE. It's possible that the maximum object size is larger than PAGE_SIZE, in which case, print a warning on boot so that the user is aware. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index d9352d4be87b..68fb0b857442 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -217,6 +217,7 @@ static int secvar_sysfs_load_static(void) static int secvar_sysfs_init(void) { + u64 max_size; int rc; if (!secvar_ops) { @@ -266,6 +267,14 @@ static int secvar_sysfs_init(void) goto err; } + // Due to sysfs limitations, we will only ever get a write buffer of + // up to 1 page in size. Print a warning if this is potentially going + // to cause problems, so that the user is aware. + secvar_ops->max_size(&max_size); + if (max_size > PAGE_SIZE) + pr_warn_ratelimited("PAGE_SIZE (%lu) is smaller than maximum object size (%llu), writes are limited to PAGE_SIZE\n", + PAGE_SIZE, max_size); + return 0; err: kobject_put(secvar_kobj); From patchwork Wed Jan 18 06:10:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45000 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2173278wrn; Tue, 17 Jan 2023 22:29:27 -0800 (PST) X-Google-Smtp-Source: AMrXdXvXTuKw8Snj8UnumuCVPESWymDb9mmxA6DW0sNqAA21nenR4Gnbq9k8hyHbn9kpnfO8NNAK X-Received: by 2002:aa7:982b:0:b0:58b:4ae0:c761 with SMTP id q11-20020aa7982b000000b0058b4ae0c761mr5599214pfl.34.1674023367617; Tue, 17 Jan 2023 22:29:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023367; cv=none; d=google.com; s=arc-20160816; b=sKPbRZMaEhiMHHKRQ62MNox2+GuK84d4HPTQBnF69jIGJqw7tOIXsj6upbHi7kqdY6 Zh2BR3k6TH6wslq/wEEbmUka9VLAJuDqIyEen2if3wGjURehAG4n3CIHQufPkH2J03M6 QpiabuKr1jlNVmfaL6TxxmBq0ymLshixif6SWv+3a4Cyebe4a3yfiZlgJ6aJaMazYHDZ PoY+RqXfAuxgT2MYXMLWHgb0KYvSdEljvxDeMcrfBOFqtpfxrMTOcfcfp16jnitlSM/L co8qK/BeuLBWG9RVEK2zHOzx3kg+K6ReesrJ02Gts9tIndYMx9KRb9QeSDAGmUn2Ulk6 kJSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=quYvlXGd3HWfAD3cxCnOxAegpQ7Z6mxqz4VBd1Zrs78=; b=SQl4Om25T8gwwdepAQYmaNQ63Au+TCOUeCPyt+E1+lnWThhqPCZlXYRRu8o1THx4mT LtOMhVefoy6GlsjQ3yuNdaVZtrYjYxJEam2/j8jtjwnHTM2Reaw/kT1f2sIaUMW3VtSi 4MzRwISLgcYs24W+LndPsywxDin2RzSU6kOp9ic4ljNyRgTqGlgdBcfb6t8T5nf1m1J6 TySRCJxv04m6boDPDUt1YCC0jUZWQH5c9Rklla3x1iD2bjzB9iBsVFLszZ/44TW7dYS+ 9wKjcHXIxnlGzrW2xpq1CiLFfI6b5AczUgpGXSl2Qacig4yO5ImRG6BeqlyFJHFt6m3k la+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Q2v+zTq5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v21-20020a056a00149500b0058b989440f9si14539717pfu.212.2023.01.17.22.29.15; Tue, 17 Jan 2023 22:29:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Q2v+zTq5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229811AbjARG2c (ORCPT + 99 others); Wed, 18 Jan 2023 01:28:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54060 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229576AbjARGWK (ORCPT ); Wed, 18 Jan 2023 01:22:10 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF8FF4DE28; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I4mIKv027548; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=quYvlXGd3HWfAD3cxCnOxAegpQ7Z6mxqz4VBd1Zrs78=; b=Q2v+zTq5GdcX1d/wsPT/BhZEp1YKBtzbO1IVO7qNqxjI37OlqeCh3oFfrmKV12q6zdkB TBc22Voapr2WXmjnpFaNWMtmhJL79THeF4Luw8p/Me64cx6TmG6VfJv/714fcLeni2FF 8G4LmXetdGd1+DSVdBJNkSpaW7WrDIBuCvzZ7PxH3xZN85ueVfIhlPg4RDbPFe34BUAc gW0GAw5rJ7EeHTSQLVjpcm6+TmvWdsD2Kxz5pL+6diLZN56wkIXJAcqszq6F1PnjwOd1 ZzfCeDEVIYvWMc2+roTWvrjUgh+eRUPatV8pERfikzcHTO/6fl3AKE+Kd9kLLhSFfZOp GQ== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6a2m1dm0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HFKeYd026787; Wed, 18 Jan 2023 06:11:16 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgv2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:16 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BD2g47317368 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 526BD2004F; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CAECA20043; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 54CF4605F1; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 10/24] powerpc/secvar: Don't print error on ENOENT when reading variables Date: Wed, 18 Jan 2023 17:10:35 +1100 Message-Id: <20230118061049.1006141-11-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: mi13pWZlurK2fhKOb70OLfgqcUOLODOc X-Proofpoint-ORIG-GUID: mi13pWZlurK2fhKOb70OLfgqcUOLODOc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 adultscore=0 bulkscore=0 phishscore=0 clxscore=1015 spamscore=0 malwarescore=0 mlxlogscore=999 lowpriorityscore=0 suspectscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340726578886532?= X-GMAIL-MSGID: =?utf-8?q?1755340726578886532?= If attempting to read the size or data attributes of a non-existent variable (which will be possible after a later patch to expose the PLPKS via the secvar interface), don't spam the kernel log with error messages. Only print errors for return codes that aren't ENOENT. Reported-by: Sudhakar Kuppusamy Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/kernel/secvar-sysfs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 68fb0b857442..2499bfd04fad 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -39,8 +39,8 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error retrieving %s variable size %d\n", kobj->name, - rc); + if (rc != -ENOENT) + pr_err("Error retrieving %s variable size %d\n", kobj->name, rc); return rc; } @@ -57,7 +57,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error getting %s variable size %d\n", kobj->name, rc); + if (rc != -ENOENT) + pr_err("Error getting %s variable size %d\n", kobj->name, rc); return rc; } pr_debug("dsize is %llu\n", dsize); From patchwork Wed Jan 18 06:10:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45009 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174978wrn; Tue, 17 Jan 2023 22:34:23 -0800 (PST) X-Google-Smtp-Source: AMrXdXtSb+KRCKv7aIwi1PTIaeAh1mhLTlxKJlZnhe6lcvsVtWRhAxkX/1Lsg5iVyssCqJutKlSg X-Received: by 2002:a17:902:aa97:b0:186:748e:9383 with SMTP id d23-20020a170902aa9700b00186748e9383mr5791358plr.46.1674023663403; Tue, 17 Jan 2023 22:34:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023663; cv=none; d=google.com; s=arc-20160816; b=RRCWJyFBWqDKZlF4mUpEJjKsN/+VnNch0J9aYv/R/5mp31pyhsuioSjH8PtRlaZq7z UirdLeQ/X6XWIFVkYTQaEw1lHwTBbb0xsM+mFVMAznNoM0j9HEcxShIsgwvfRuic6AwL buha01OfE2/eskHvTiBDs8bsXywj22W0wuBthLeIx2Kmee5Y2VZpzUiESiHSVH8k/5Ol LhnOF48xxspOaF16ShEN2TrGU3hESfu6TlF4QhFxJ70B8nA+QHSUv15xvy1Vdr5lO6Pw u7kVYJSHxRbDbZJoONx4DqfdQ7ds01VYA6PGT+i8efYWtPmiTOcCKr6zoVtQQZ2pT89N cHew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ln+dZlD7U92AgJCI5tK8AzpQIQLLs4y6SElYrlmd4Ks=; b=IyWP1V18jFP4CNRImUZiHqTjfx8kCrWlfWCG5a+3tJPFFrG48qOLR/ousLEbtm/QfB 5cip2bWVv80JsonCUetXNhixh90EBtygII5uFGZ+lQqUhf1atcR65995ESR0YFyNsUyD vvGYhARinQRieiiBAcRfuK/PzP8jjpB0zH5dx60ghBMzA/Vb3TwTehhQReIiaSePdBe0 /2Pg1OHpryg/bxFLKG4fa0vj0EH0mkJoNSWFnERKIlkVW+17MwelTMqP0gSyO53FGOEq rzlLWv0MAXN17wucfsoXuj/a6BB9DyqZC25iDyT2a6U6SZIO5o1zNJAHdYRA4Ecw3wha bBOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=U1uIFzXO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b2-20020a170902d88200b00185466d72e8si33628601plz.320.2023.01.17.22.34.11; Tue, 17 Jan 2023 22:34:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=U1uIFzXO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229813AbjARGdl (ORCPT + 99 others); Wed, 18 Jan 2023 01:33:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229540AbjARGWJ (ORCPT ); Wed, 18 Jan 2023 01:22:09 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 452114DCF0; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I5JVE0004401; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ln+dZlD7U92AgJCI5tK8AzpQIQLLs4y6SElYrlmd4Ks=; b=U1uIFzXOc+AHr/x+T6JMUhih5q/3Kui3Wzx4VcGWnhat0btjLQrx036kmcDfnaf3Ll9+ O2x72Mj+k3DetIwCxqPrK3MWbC+AkCtV7W7zdv47yjSt+6mKcJ6AqgLmucCYAwgt4aSl OQtTRxeDbpFxQw6OHCb47Z+qFEXbMYzfQKzRjYu0tSlyj8HDc8SjKZSD0X5mAUpbfSB2 ixku9xmINy1ywCsQxPJCBaYaG0ZX8P7z/MylU8WSsdhh7BAnb0iUHHW5NC9N4RniUw6R p3XHL1S0jE+VR0CJGLZWAq8XP7SLnYDya1zqxkT7oz27po5xr0RfaMZjn5KQ1ChjzWD9 2g== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6agxrwks-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HMHJgI006209; Wed, 18 Jan 2023 06:11:15 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfmtkg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BDxX47907198 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 56EF720049; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CF79420040; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 581F760953; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 11/24] powerpc/pseries: Move plpks.h to include directory Date: Wed, 18 Jan 2023 17:10:36 +1100 Message-Id: <20230118061049.1006141-12-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: GG9VMumpyr3RQkf8Chvc7O0GuDJT0EGg X-Proofpoint-ORIG-GUID: GG9VMumpyr3RQkf8Chvc7O0GuDJT0EGg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 impostorscore=0 phishscore=0 bulkscore=0 adultscore=0 priorityscore=1501 spamscore=0 clxscore=1015 suspectscore=0 malwarescore=0 mlxscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341036950087151?= X-GMAIL-MSGID: =?utf-8?q?1755341036950087151?= From: Russell Currey Move plpks.h from platforms/pseries/ to include/asm/. This is necessary for later patches to make use of the PLPKS from code in other subsystems. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- .../powerpc/{platforms/pseries => include/asm}/plpks.h | 10 +++++++--- arch/powerpc/platforms/pseries/plpks.c | 3 +-- 2 files changed, 8 insertions(+), 5 deletions(-) rename arch/powerpc/{platforms/pseries => include/asm}/plpks.h (89%) diff --git a/arch/powerpc/platforms/pseries/plpks.h b/arch/powerpc/include/asm/plpks.h similarity index 89% rename from arch/powerpc/platforms/pseries/plpks.h rename to arch/powerpc/include/asm/plpks.h index 275ccd86bfb5..8295502ee93b 100644 --- a/arch/powerpc/platforms/pseries/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -6,8 +6,10 @@ * Platform keystore for pseries LPAR(PLPKS). */ -#ifndef _PSERIES_PLPKS_H -#define _PSERIES_PLPKS_H +#ifndef _ASM_POWERPC_PLPKS_H +#define _ASM_POWERPC_PLPKS_H + +#ifdef CONFIG_PSERIES_PLPKS #include #include @@ -68,4 +70,6 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); -#endif +#endif // CONFIG_PSERIES_PLPKS + +#endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 4edd1585e245..955117f81e50 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -18,8 +18,7 @@ #include #include #include - -#include "plpks.h" +#include #define PKS_FW_OWNER 0x1 #define PKS_BOOTLOADER_OWNER 0x2 From patchwork Wed Jan 18 06:10:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 44997 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2173049wrn; Tue, 17 Jan 2023 22:28:38 -0800 (PST) X-Google-Smtp-Source: AMrXdXs/dYTmiAAqKUsl79t7ZADkQUEwlGXzNAEHQodG+TP8BfRMcQy3W+aNDnQricR98ReIbxEB X-Received: by 2002:a05:6a20:7883:b0:a4:fa9d:d2ee with SMTP id d3-20020a056a20788300b000a4fa9dd2eemr25852998pzg.46.1674023318487; Tue, 17 Jan 2023 22:28:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023318; cv=none; d=google.com; s=arc-20160816; b=XWNQT2fzqWRqFx3QK/aUhTKBTL9OYrwCfsZixP/S04FOrPtqttEgY6Ru4E94ttrEa6 czW0FJvQy3Nh4hlA71SdBrWrC/0AXJ9WaQznztrohOksQRvljTIzFnG6qtWTdDL//MCU vqC29nqmVyEbROHo3W7VUJYfoUfEYqPGWRetgxwoj7XrHGaQ7J92n8xS3Pv3p9wd0rY+ T+TxweE8GC25D9IDiU/mu042ZDn5vi5Shk0pzQ3fwKkSnt+1icc1SIxTPUNfN6ZB+lz6 0VO0aXac0VkhHTJcUco1LjK9PzRrCeolJl12dCq+Ky5M+cO9j0/l/V6M/c6PJ8rfdvkL dttA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=YOKVyZlHt9gKVreG+L7L/eHzAmNuRlWREtNcu1SGhnc=; b=ErrZaQjqfXQJ83Qzth1EvYpBnIxFwGcpQBkPETWZBmfOuSknCqGGpoS1wKKQpFTtwY +NSrv3Io37FdCIww22N2mzXaNKpZCMKWQPHl9+Zvjt+eyzVl+2/a8odAwomW6EJEpO0p rb+Kva4W6ZORCqYJAUALeKCU7qPoS4nnQ+CqlNMnM5DNlIfyvOldLU2aqj3uguXxsdGa iud82ywD2d2mOIcfWKzWwfikvskF6A4WEXiPhhICSISSvdzWG0uVzudKD6ErE41N0rql 3xx8n1qzs9ThTXDl36IDlAe+F3JczD1XSVZQ9Kmi6RwD8wqHGAl6gdh5TOdcZ0V5Ml9o 6aZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=RZLKTcMI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q25-20020a637519000000b004cc3c59b5e7si1777971pgc.21.2023.01.17.22.28.25; Tue, 17 Jan 2023 22:28:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=RZLKTcMI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229521AbjARG2L (ORCPT + 99 others); Wed, 18 Jan 2023 01:28:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54058 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229650AbjARGWL (ORCPT ); Wed, 18 Jan 2023 01:22:11 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33B204DE30; Tue, 17 Jan 2023 22:11:27 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3X8PM013916; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=YOKVyZlHt9gKVreG+L7L/eHzAmNuRlWREtNcu1SGhnc=; b=RZLKTcMItTe6NPOL7ASuN3hVnjT9jEhS/5an9Ef4a506Zxqi8naR1g5kTpR3+JpKwoxd kGnCAzwCxHGTuxlMLTNs39XBFnIHtRGYdI0idq/Fu5Jx2RCk6fMY6DFNgSRXFF6qWsnT VskAgnzn+7dSz6MvEpuGrMeYluqFJbrQbatliP8X6YhXqfgM9Gajw3Gol09oNIZqdk2d 0/BY3kf7cA312JqrPOrg98sOSiueIJ8WMM4NCc3Hx1qeCtPQFAX7B858BTONNx4c01pl lch8CJjstzPOxeC/sVA7IzFWcgIKSy3wEExaO0II2vo2vK+CrTBexXXIP3tGe2aaEfdn bw== Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68ycaq5h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HEZ69c007302; Wed, 18 Jan 2023 06:11:16 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:16 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BDGv52429126 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C57BF20040; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CFBB820043; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 5BC8160954; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 12/24] powerpc/pseries: Move PLPKS constants to header file Date: Wed, 18 Jan 2023 17:10:37 +1100 Message-Id: <20230118061049.1006141-13-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: p9p-OMbiirYkwoAKFCJTpoD6eCpnISex X-Proofpoint-ORIG-GUID: p9p-OMbiirYkwoAKFCJTpoD6eCpnISex X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340674771205838?= X-GMAIL-MSGID: =?utf-8?q?1755340674771205838?= From: Russell Currey Move the constants defined in plpks.c to plpks.h, and standardise their naming, so that PLPKS consumers can make use of them later on. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/include/asm/plpks.h | 36 +++++++++++++--- arch/powerpc/platforms/pseries/plpks.c | 57 ++++++++++---------------- 2 files changed, 53 insertions(+), 40 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 8295502ee93b..6466aadd7145 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -14,14 +14,40 @@ #include #include -#define OSSECBOOTAUDIT 0x40000000 -#define OSSECBOOTENFORCE 0x20000000 -#define WORLDREADABLE 0x08000000 -#define SIGNEDUPDATE 0x01000000 +// Object policy flags from supported_policies +#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce +#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce +#define PLPKS_PWSET PPC_BIT32(3) // No access without password set +#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication +#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed +#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot +#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates +#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object -#define PLPKS_VAR_LINUX 0x02 +// Signature algorithm flags from signed_update_algorithms +#define PLPKS_ALG_RSA2048 PPC_BIT(0) +#define PLPKS_ALG_RSA4096 PPC_BIT(1) + +// Object label OS metadata flags +#define PLPKS_VAR_LINUX 0x02 #define PLPKS_VAR_COMMON 0x04 +// Flags for which consumer owns an object is owned by +#define PLPKS_FW_OWNER 0x1 +#define PLPKS_BOOTLOADER_OWNER 0x2 +#define PLPKS_OS_OWNER 0x3 + +// Flags for label metadata fields +#define PLPKS_LABEL_VERSION 0 +#define PLPKS_MAX_LABEL_ATTR_SIZE 16 +#define PLPKS_MAX_NAME_SIZE 239 +#define PLPKS_MAX_DATA_SIZE 4000 + +// Timeouts for PLPKS operations +#define PLPKS_MAX_TIMEOUT 5000 // msec +#define PLPKS_FLUSH_SLEEP 10 // msec +#define PLPKS_FLUSH_SLEEP_RANGE 400 + struct plpks_var { char *component; u8 *name; diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 955117f81e50..5bdc093de6fb 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -20,19 +20,6 @@ #include #include -#define PKS_FW_OWNER 0x1 -#define PKS_BOOTLOADER_OWNER 0x2 -#define PKS_OS_OWNER 0x3 - -#define LABEL_VERSION 0 -#define MAX_LABEL_ATTR_SIZE 16 -#define MAX_NAME_SIZE 239 -#define MAX_DATA_SIZE 4000 - -#define PKS_FLUSH_MAX_TIMEOUT 5000 //msec -#define PKS_FLUSH_SLEEP 10 //msec -#define PKS_FLUSH_SLEEP_RANGE 400 - static u8 *ospassword; static u16 ospasswordlength; @@ -59,7 +46,7 @@ struct label_attr { struct label { struct label_attr attr; - u8 name[MAX_NAME_SIZE]; + u8 name[PLPKS_MAX_NAME_SIZE]; size_t size; }; @@ -122,7 +109,7 @@ static int pseries_status_to_err(int rc) static int plpks_gen_password(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - u8 *password, consumer = PKS_OS_OWNER; + u8 *password, consumer = PLPKS_OS_OWNER; int rc; password = kzalloc(maxpwsize, GFP_KERNEL); @@ -158,7 +145,7 @@ static struct plpks_auth *construct_auth(u8 consumer) { struct plpks_auth *auth; - if (consumer > PKS_OS_OWNER) + if (consumer > PLPKS_OS_OWNER) return ERR_PTR(-EINVAL); auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); @@ -168,7 +155,7 @@ static struct plpks_auth *construct_auth(u8 consumer) auth->version = 1; auth->consumer = consumer; - if (consumer == PKS_FW_OWNER || consumer == PKS_BOOTLOADER_OWNER) + if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER) return auth; memcpy(auth->password, ospassword, ospasswordlength); @@ -188,7 +175,7 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, struct label *label; size_t slen; - if (!name || namelen > MAX_NAME_SIZE) + if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); slen = strlen(component); @@ -202,9 +189,9 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component) memcpy(&label->attr.prefix, component, slen); - label->attr.version = LABEL_VERSION; + label->attr.version = PLPKS_LABEL_VERSION; label->attr.os = varos; - label->attr.length = MAX_LABEL_ATTR_SIZE; + label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE; memcpy(&label->name, name, namelen); label->size = sizeof(struct label_attr) + namelen; @@ -266,10 +253,10 @@ static int plpks_confirm_object_flushed(struct label *label, if (!rc && status == 1) break; - usleep_range(PKS_FLUSH_SLEEP, - PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); - timeout = timeout + PKS_FLUSH_SLEEP; - } while (timeout < PKS_FLUSH_MAX_TIMEOUT); + usleep_range(PLPKS_FLUSH_SLEEP, + PLPKS_FLUSH_SLEEP + PLPKS_FLUSH_SLEEP_RANGE); + timeout = timeout + PLPKS_FLUSH_SLEEP; + } while (timeout < PLPKS_MAX_TIMEOUT); rc = pseries_status_to_err(rc); @@ -284,13 +271,13 @@ int plpks_write_var(struct plpks_var var) int rc; if (!var.component || !var.data || var.datalen <= 0 || - var.namelen > MAX_NAME_SIZE || var.datalen > MAX_DATA_SIZE) + var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen > PLPKS_MAX_DATA_SIZE) return -EINVAL; - if (var.policy & SIGNEDUPDATE) + if (var.policy & PLPKS_SIGNEDUPDATE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -322,10 +309,10 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > MAX_NAME_SIZE) + if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -357,14 +344,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) u8 *output; int rc; - if (var->namelen > MAX_NAME_SIZE) + if (var->namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(consumer); if (IS_ERR(auth)) return PTR_ERR(auth); - if (consumer == PKS_OS_OWNER) { + if (consumer == PLPKS_OS_OWNER) { label = construct_label(var->component, var->os, var->name, var->namelen); if (IS_ERR(label)) { @@ -379,7 +366,7 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_label; } - if (consumer == PKS_OS_OWNER) + if (consumer == PLPKS_OS_OWNER) rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth), virt_to_phys(label), label->size, virt_to_phys(output), maxobjsize); @@ -419,17 +406,17 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) int plpks_read_os_var(struct plpks_var *var) { - return plpks_read_var(PKS_OS_OWNER, var); + return plpks_read_var(PLPKS_OS_OWNER, var); } int plpks_read_fw_var(struct plpks_var *var) { - return plpks_read_var(PKS_FW_OWNER, var); + return plpks_read_var(PLPKS_FW_OWNER, var); } int plpks_read_bootloader_var(struct plpks_var *var) { - return plpks_read_var(PKS_BOOTLOADER_OWNER, var); + return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var); } static __init int pseries_plpks_init(void) From patchwork Wed Jan 18 06:10:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45016 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175396wrn; Tue, 17 Jan 2023 22:35:41 -0800 (PST) X-Google-Smtp-Source: AMrXdXs6vZU1wIKhLra4SgL84SRbDxeVk/DESAMAYHzedv/FFmYFmazKEPAU6wZir8RDGDpogep3 X-Received: by 2002:a05:6a20:9399:b0:9d:efbf:7864 with SMTP id x25-20020a056a20939900b0009defbf7864mr6764332pzh.25.1674023740806; Tue, 17 Jan 2023 22:35:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023740; cv=none; d=google.com; s=arc-20160816; b=Axb4Ws6n1lM8npkg/5UaCW+SsuCJ7qJ7NIIxnob3zu+iETErtcDXJBuGbCkqO2R3om 4R+/wHVeU1wxEFw8LpYuvspR+TcgpHQpes7CXqklKCwuptwv9vV6VvCFnTH9FqlyP4TW O8eaVts4Z8CNb7yu+UwW/Lg3HgsfjdlgCHwP8izffvmxU5HRbCztnWX+MwzCRdHBk5EA +06DDOSlJ73uLe9RBYPPrlQxh5pjM45FD1/YNGaKMthKOzfCzHYfQu6lCs/PYFsQumVl ehbQitOgLDmPyVvrPAwmEisY/7F7M7hwfiCe8nvSkKlCX3VheSCGBJFEjy4ewqy+vNRj ocog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jaBuioqTuCG+mB+2YphoSleBbEkQb92LPZoTaBRbVD0=; b=LVv+g52G2lCGuaP8uTWKKuwceu0q3ZRsbDtEVjxh6jd7SHe37GBPnogruCDFaBl3AW thOzMdQ1/dLi9bIYXfWHxxo03gaUhlfUSop3SKGU+d2pvQ/MhNwwyvWTYyoU/h5pn16o mbbKl0fJx7Gt6t9g2dTNdKHX9aNSJebYmePaBRBIRKMVIWNuSRWc2ogwutmcdbz0U+PS K/t7l6BK1zS7rz+LooOBLeRlFLJ0ZUA6+Np+VFv1cJ+kUPLbseDVKP+RWDIKm7G0EneK j5JBNW+LOUYM4M9ONDeiq3+0kF0KtZuQ2sj5gsXMj4g/v5CAYkfqkhg1I2b2fOnK6Spc KKQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=pe7KwPbK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a14-20020a170902ecce00b00194a85903ecsi4098053plh.106.2023.01.17.22.35.28; Tue, 17 Jan 2023 22:35:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=pe7KwPbK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229721AbjARGfI (ORCPT + 99 others); Wed, 18 Jan 2023 01:35:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229696AbjARGWB (ORCPT ); Wed, 18 Jan 2023 01:22:01 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1389C4DCEB; Tue, 17 Jan 2023 22:11:26 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3XOk4014752; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=jaBuioqTuCG+mB+2YphoSleBbEkQb92LPZoTaBRbVD0=; b=pe7KwPbKxf2R5PIya7iPGntJ7fbpZ5oFbzX43tPzKDWFoe6jSeJe6oFAaC0dTOV2tq68 Jmh+Qb1F5Yn3wdF8JarQE/XCawvG7XL+qKvZZ/VVA4ntDZH1WWNC5ACx0Sr9yOQbTPdN k91majsphhOLoUKr+6sU7HouLxJcAUJaRz6LwZR0+MW6ui7m5yRJn/29k+gmGP9lR+va i6kgyTQWOfBZU2LLiHW7PPV4KHVaLyFsd+P35/Os1AJOA7k92ajB7VPVD3Niq24zqa1J FwETFC8yqz0t5hMgdcCHG90R79iXVusRTdtu3O7kNjy6+RqybKm2RgXmpuUYF244Wygh wA== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68ycaq5b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HMNxWr004735; Wed, 18 Jan 2023 06:11:15 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16mtng-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:15 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BDWN39977256 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 579812005A; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D08262004B; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 6CFF2606DB; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 13/24] powerpc/pseries: Fix handling of PLPKS object flushing timeout Date: Wed, 18 Jan 2023 17:10:38 +1100 Message-Id: <20230118061049.1006141-14-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: DkUeaYkhQ5qClh6lHifxupBx838typ0h X-Proofpoint-ORIG-GUID: DkUeaYkhQ5qClh6lHifxupBx838typ0h X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341117953834932?= X-GMAIL-MSGID: =?utf-8?q?1755341117953834932?= plpks_confirm_object_flushed() uses the H_PKS_CONFIRM_OBJECT_FLUSHED hcall to check whether changes to an object in the Platform KeyStore have been flushed to non-volatile storage. The hcall returns two output values, the return code and the flush status. plpks_confirm_object_flushed() polls the hcall until either the flush status has updated, the return code is an error, or a timeout has been exceeded. While we're still polling, the hcall is returning H_SUCCESS (0) as the return code. In the timeout case, this means that upon exiting the polling loop, rc is 0, and therefore 0 is returned to the user. Handle the timeout case separately and return ETIMEDOUT if triggered. Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Reported-by: Benjamin Gray Signed-off-by: Andrew Donnellan Tested-by: Russell Currey Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Neaten how we return at the end of the function (ruscur) --- arch/powerpc/platforms/pseries/plpks.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 5bdc093de6fb..6d1303e4862d 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -234,6 +234,7 @@ static int plpks_confirm_object_flushed(struct label *label, struct plpks_auth *auth) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; + bool timed_out = true; u64 timeout = 0; u8 status; int rc; @@ -245,22 +246,26 @@ static int plpks_confirm_object_flushed(struct label *label, status = retbuf[0]; if (rc) { + timed_out = false; if (rc == H_NOT_FOUND && status == 1) rc = 0; break; } - if (!rc && status == 1) + if (!rc && status == 1) { + timed_out = false; break; + } usleep_range(PLPKS_FLUSH_SLEEP, PLPKS_FLUSH_SLEEP + PLPKS_FLUSH_SLEEP_RANGE); timeout = timeout + PLPKS_FLUSH_SLEEP; } while (timeout < PLPKS_MAX_TIMEOUT); - rc = pseries_status_to_err(rc); + if (timed_out) + return -ETIMEDOUT; - return rc; + return pseries_status_to_err(rc); } int plpks_write_var(struct plpks_var var) From patchwork Wed Jan 18 06:10:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45003 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174074wrn; Tue, 17 Jan 2023 22:31:37 -0800 (PST) X-Google-Smtp-Source: AMrXdXvWEOr2OBFcjB7Si85XGrLPF8CPFtchKQqKEIGBw535UXzNL+HV4u83Fe++tAQokBtoPgyP X-Received: by 2002:a05:6a20:7883:b0:a4:fa9d:d2ee with SMTP id d3-20020a056a20788300b000a4fa9dd2eemr25860498pzg.46.1674023497003; Tue, 17 Jan 2023 22:31:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023496; cv=none; d=google.com; s=arc-20160816; b=oQkozzpldwiTCiYccdf6V61EAwjkV3zd80iEO9Q3SvbG4lBT8wY1lbcpTdFrxdWCSf H4mYLTurV5+Ah99dgAoRNCq8Y/6ZtUch+hWV/psX+FKuGijHSX36nkCTEFHc0hVfsYbd z2uz8j4kSAhuGmFLhIH0OXHniEI9AGBfudU3BZXIc7fG9+E434JbK9P1Ibub8vXgIeaz mAP6gOZHVtLcGxR62hAYOKBq0sAjimH7iqEw2BRwacI0IbQWQtQcQOurY7ZzQO42KqyC MWQQXunizc/9iXJWRMMC05vLdN4hn0oVtXtP15Xwyybc9lCfsTHzWJri0OTXdU7BcJYV uyWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KFZyqneQyMUdZl0hLjuIPI1DZk1TGtJ1pYGhl6U6TgQ=; b=vLKiU+PaJLLJg7yIy89gQUY4zaeQ81TXQ8aZjSAVlu4FhDa2UvGZegKDKvsxNvrg2j lfmmb8cnrJWr+J8GWZDhTXZGaXsLszJB0OMw0kcp+RJoyVD1vBLMxcB8wHWjV+IGQNjD ph3bpfjAjTFK0KXYs9mXH5u+aR/Jsd9B19zX919mzzuz3fmNWbE/1f/PubSA4qdYrYxv XtTnAh7ZISXdhUWdSPhefDPXqtXoVPCCHelhyflf1wRVulXRWEgAPctAQpg52++RbQto BJfnEd6D5RcJi2YOblyMiQe8S//0GEfv2vBAJCNyOCUsJPHEtpUMmyiK/4+1VpI3dIWZ QBOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=POXZRYvF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l191-20020a6388c8000000b004cf6f10f781si3624761pgd.565.2023.01.17.22.31.23; Tue, 17 Jan 2023 22:31:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=POXZRYvF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230006AbjARGak (ORCPT + 99 others); Wed, 18 Jan 2023 01:30:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54156 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229656AbjARGWL (ORCPT ); Wed, 18 Jan 2023 01:22:11 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 736704DE31; Tue, 17 Jan 2023 22:11:27 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I6BC0j026824; Wed, 18 Jan 2023 06:11:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=KFZyqneQyMUdZl0hLjuIPI1DZk1TGtJ1pYGhl6U6TgQ=; b=POXZRYvFs/ay8rz7jvdvQ5QaFdMpt2C9dTDeGKG8KM4zCZLvb/+N+1K8qOIZRQT6q2sl hM/k9WtA5q0yiycDdGul/lydByW11FehCrg5PZSkHRC6XkJbKc0chWf8/apHt3Ab/pf9 dqBUNJEqMowwOp/hW2nbsEI9qWkRC/AM4cfUC9EVdCOtR6yusRJ+MTXJ+5mr9R40aGY2 WamsESX8RRA2Rlza2Y6H68Irq+QIkKwiwYcz876xnsWDw+W62vjisz0Z9a3S9owmB61f 7NAUu4wVu1ANJwhPslwkMa/VJJLS85whgeEOMlvzJWE0bNFzEME7TWutjRI67uw4LOyl /A== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n67swv0g5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HMHJgJ006209; Wed, 18 Jan 2023 06:11:16 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfmtkj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:16 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BDdf52429122 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:13 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 59C7120043; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D28DC2004D; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:12 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 72FBB6096E; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 14/24] powerpc/pseries: Fix alignment of PLPKS structures and buffers Date: Wed, 18 Jan 2023 17:10:39 +1100 Message-Id: <20230118061049.1006141-15-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: J--eV56EedY2BS737J_h7EWaJtBDCmEG X-Proofpoint-ORIG-GUID: J--eV56EedY2BS737J_h7EWaJtBDCmEG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=999 clxscore=1015 adultscore=0 priorityscore=1501 spamscore=0 phishscore=0 mlxscore=0 lowpriorityscore=0 bulkscore=0 suspectscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340862502171534?= X-GMAIL-MSGID: =?utf-8?q?1755340862502171534?= A number of structures and buffers passed to PKS hcalls have alignment requirements, which could on occasion cause problems: - Authorisation structures must be 16-byte aligned and must not cross a page boundary - Label structures must not cross page coundaries - Password output buffers must not cross page boundaries Round up the allocations of these structures/buffers to the next power of 2 to make sure this happens. Reported-by: Benjamin Gray Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Signed-off-by: Andrew Donnellan Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series --- arch/powerpc/platforms/pseries/plpks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 6d1303e4862d..91f3f623a2c7 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -112,7 +112,8 @@ static int plpks_gen_password(void) u8 *password, consumer = PLPKS_OS_OWNER; int rc; - password = kzalloc(maxpwsize, GFP_KERNEL); + // The password must not cross a page boundary, so we align to the next power of 2 + password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) return -ENOMEM; @@ -148,7 +149,9 @@ static struct plpks_auth *construct_auth(u8 consumer) if (consumer > PLPKS_OS_OWNER) return ERR_PTR(-EINVAL); - auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); + // The auth structure must not cross a page boundary and must be + // 16 byte aligned. We align to the next largest power of 2 + auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL); if (!auth) return ERR_PTR(-ENOMEM); @@ -182,7 +185,8 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component && slen > sizeof(label->attr.prefix)) return ERR_PTR(-EINVAL); - label = kzalloc(sizeof(*label), GFP_KERNEL); + // The label structure must not cross a page boundary, so we align to the next power of 2 + label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); if (!label) return ERR_PTR(-ENOMEM); From patchwork Wed Jan 18 06:10:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 44996 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2172844wrn; Tue, 17 Jan 2023 22:27:53 -0800 (PST) X-Google-Smtp-Source: AMrXdXvJEqWuvW+BImCDICO2dJOil+IPF2XxuWlGMCGBTDXNT9drSa/OSV71oImV3aAQZVQxRsvi X-Received: by 2002:a17:90a:6a06:b0:229:6f70:7a68 with SMTP id t6-20020a17090a6a0600b002296f707a68mr6070756pjj.33.1674023273223; Tue, 17 Jan 2023 22:27:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023273; cv=none; d=google.com; s=arc-20160816; b=fyRUKpt8ZhU+kgX9HWeGpJXsaSEz1yE+jgaZe5mIY/eooBrfBKVTxwrt4CAEWNXQLJ m9nUuRISVes49Jcw64Glo/VaWhJARuV87hp1QvVkRVSVFyRvaX1h7kcpy5VhI6cOHBvt 5DOUiU/96PrJA8//2j8+xl4AhZ+FpXmmjkg7vDziW2Fej/+pvHWyJJ+X16+JyVLjFs5m 1UvWV3TYI1cKn1k0pqyJ4ENq89HjrJ1LNlpDrLtSIoVZznZkE3cM6whu99PU7eekKHU/ B2yaQJjtnzt0wvFJRJy2Skl0YvqozkUws/T9C6o7nPCSjZouDC8FyMAVDgXq/IWXMYrg rqIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hP9qjlGVsrBjTqu2sisIkUsIKpm1YIbazfgyAY8cBmo=; b=PSFpdfc1Gnyk6qs/OBsTL71mbkW2pW5Miv+eBmHNnjA16QqdNykQRdnyqiXtBelnWz Hlbtd1yjBWcTpw2fv7vGmXQnurMFyJ97gYGaBGwFeb5d8gPQ/sks4aDHpqy3G8dV2tfP 4JnzfAV50NT+TJtWw1Jy7eG6n7QPKWzK1cO3g/0ncDW/NkUnMOestdVd/k3TLHLc1a8A hqf5gF+VxPnHsJVB5+rUgjDoYKM2LbaFPQYhVQh8+z4R/WGUeiqBGyMhvB0h+zX3nkFD pe3GMMos/yiNtE/CR3UI2EprtJcCu5eI2Sc9+/DOBDmhggtg1hAgs24dJO8XFMds/y1R vgKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=k8v+uqVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 24-20020a631258000000b0048be2671cd0si29188118pgs.170.2023.01.17.22.27.40; Tue, 17 Jan 2023 22:27:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=k8v+uqVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229717AbjARG1E (ORCPT + 99 others); Wed, 18 Jan 2023 01:27:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229479AbjARGWO (ORCPT ); Wed, 18 Jan 2023 01:22:14 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90F7A4DE38; Tue, 17 Jan 2023 22:11:27 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I4WsZ7029973; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=hP9qjlGVsrBjTqu2sisIkUsIKpm1YIbazfgyAY8cBmo=; b=k8v+uqVocKGg63TpuIiTwkcfS8pH91bELO4s9EARrBUUhVC0Roi2KiHt2fZBpYSBSH26 KjyTkn/L2aIKoPE7DnVt5sNBjGDJb+0MFSYOmLm2raM4nKYCyAiKBPh5/N2CusjOfLzU YjN1ZbUB/94+YqoM1trNfOU5kpzypqUcbFWffWrr77h8FK9z9CRNQZwWES/AwpBDFn6p GgcgHvND8tzQtYpKXiEEam4wDNDYrEx7pHe2/w2Q4do2cC5WvMRGt7NJu8snHikqlc2L AKqIBhhPkZR02XIPwEXPMyi+eob/7YLBFMfvl3FfGSZjZO/JK5DJHn4g/9RAmD60Zrv6 zA== Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n66eydg09-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HLgeAj024038; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma06fra.de.ibm.com (PPS) with ESMTPS id 3n3knfbh8x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BEbk44302808 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:14 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BDC192004E; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C861920040; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:13 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 783B560972; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 15/24] powerpc/pseries: Expose PLPKS config values, support additional fields Date: Wed, 18 Jan 2023 17:10:40 +1100 Message-Id: <20230118061049.1006141-16-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Ahuhj0EdDCitTJciWLOqzjR6fQSQv33- X-Proofpoint-GUID: Ahuhj0EdDCitTJciWLOqzjR6fQSQv33- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340627674517970?= X-GMAIL-MSGID: =?utf-8?q?1755340627674517970?= From: Nayna Jain The plpks driver uses the H_PKS_GET_CONFIG hcall to retrieve configuration and status information about the PKS from the hypervisor. Update _plpks_get_config() to handle some additional fields. Add getter functions to allow the PKS configuration information to be accessed from other files. Validate that the values we're getting comply with the spec. While we're here, move the config struct in _plpks_get_config() off the stack - it's getting large and we also need to make sure it doesn't cross a page boundary. Signed-off-by: Nayna Jain [ajd: split patch, extend to support additional v3 API fields, minor fixes] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Refresh config values in plpks_get_usedspace() (ajd) Validate the config values being returned comply with spec (ruscur) Return maxobjlabelsize as is (ruscur) Move plpks.h to include/asm (ruscur) Fix checkpatch checks (ruscur) --- arch/powerpc/include/asm/plpks.h | 58 ++++++++++ arch/powerpc/platforms/pseries/plpks.c | 149 +++++++++++++++++++++++-- 2 files changed, 195 insertions(+), 12 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 6466aadd7145..7c5f51a9af7c 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -96,6 +96,64 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); +/** + * Returns if PKS is available on this LPAR. + */ +bool plpks_is_available(void); + +/** + * Returns version of the Platform KeyStore. + */ +u8 plpks_get_version(void); + +/** + * Returns hypervisor storage overhead per object, not including the size of + * the object or label. Only valid for config version >= 2 + */ +u16 plpks_get_objoverhead(void); + +/** + * Returns maximum password size. Must be >= 32 bytes + */ +u16 plpks_get_maxpwsize(void); + +/** + * Returns maximum object size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectsize(void); + +/** + * Returns maximum object label size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectlabelsize(void); + +/** + * Returns total size of the configured Platform KeyStore. + */ +u32 plpks_get_totalsize(void); + +/** + * Returns used space from the total size of the Platform KeyStore. + */ +u32 plpks_get_usedspace(void); + +/** + * Returns bitmask of policies supported by the hypervisor. + */ +u32 plpks_get_supportedpolicies(void); + +/** + * Returns maximum byte size of a single object supported by the hypervisor. + * Only valid for config version >= 3 + */ +u32 plpks_get_maxlargeobjectsize(void); + +/** + * Returns bitmask of signature algorithms supported for signed updates. + * Only valid for config version >= 3 + */ +u64 plpks_get_signedupdatealgorithms(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 91f3f623a2c7..1189246b03dc 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -24,8 +24,16 @@ static u8 *ospassword; static u16 ospasswordlength; // Retrieved with H_PKS_GET_CONFIG +static u8 version; +static u16 objoverhead; static u16 maxpwsize; static u16 maxobjsize; +static s16 maxobjlabelsize; +static u32 totalsize; +static u32 usedspace; +static u32 supportedpolicies; +static u32 maxlargeobjectsize; +static u64 signedupdatealgorithms; struct plpks_auth { u8 version; @@ -206,32 +214,149 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, static int _plpks_get_config(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - struct { + struct config { u8 version; u8 flags; - __be32 rsvd0; + __be16 rsvd0; + __be16 objoverhead; __be16 maxpwsize; __be16 maxobjlabelsize; __be16 maxobjsize; __be32 totalsize; __be32 usedspace; __be32 supportedpolicies; - __be64 rsvd1; - } __packed config; + __be32 maxlargeobjectsize; + __be64 signedupdatealgorithms; + u8 rsvd1[476]; + } __packed * config; size_t size; - int rc; + int rc = 0; + + size = sizeof(*config); + + // Config struct must not cross a page boundary. So long as the struct + // size is a power of 2, this should be fine as alignment is guaranteed + config = kzalloc(size, GFP_KERNEL); + if (!config) { + rc = -ENOMEM; + goto err; + } + + rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size); + + if (rc != H_SUCCESS) { + rc = pseries_status_to_err(rc); + goto err; + } + + version = config->version; + objoverhead = be16_to_cpu(config->objoverhead); + maxpwsize = be16_to_cpu(config->maxpwsize); + maxobjsize = be16_to_cpu(config->maxobjsize); + maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize); + totalsize = be32_to_cpu(config->totalsize); + usedspace = be32_to_cpu(config->usedspace); + supportedpolicies = be32_to_cpu(config->supportedpolicies); + maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize); + signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms); + + // Validate that the numbers we get back match the requirements of the spec + if (maxpwsize < 32) { + pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize); + rc = -EIO; + goto err; + } + + if (maxobjlabelsize < 255) { + pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n", + maxobjlabelsize); + rc = -EIO; + goto err; + } - size = sizeof(config); + if (totalsize < 4096) { + pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize); + rc = -EIO; + goto err; + } + + if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) { + pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize); + rc = -EIO; + goto err; + } + +err: + kfree(config); + return rc; +} + +u8 plpks_get_version(void) +{ + return version; +} - rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(&config), size); +u16 plpks_get_objoverhead(void) +{ + return objoverhead; +} - if (rc != H_SUCCESS) - return pseries_status_to_err(rc); +u16 plpks_get_maxpwsize(void) +{ + return maxpwsize; +} - maxpwsize = be16_to_cpu(config.maxpwsize); - maxobjsize = be16_to_cpu(config.maxobjsize); +u16 plpks_get_maxobjectsize(void) +{ + return maxobjsize; +} + +u16 plpks_get_maxobjectlabelsize(void) +{ + return maxobjlabelsize; +} + +u32 plpks_get_totalsize(void) +{ + return totalsize; +} + +u32 plpks_get_usedspace(void) +{ + // Unlike other config values, usedspace regularly changes as objects + // are updated, so we need to refresh. + int rc = _plpks_get_config(); + if (rc) { + pr_err("Couldn't get config, rc: %d\n", rc); + return 0; + } + return usedspace; +} + +u32 plpks_get_supportedpolicies(void) +{ + return supportedpolicies; +} + +u32 plpks_get_maxlargeobjectsize(void) +{ + return maxlargeobjectsize; +} + +u64 plpks_get_signedupdatealgorithms(void) +{ + return signedupdatealgorithms; +} + +bool plpks_is_available(void) +{ + int rc; + + rc = _plpks_get_config(); + if (rc) + return false; - return 0; + return true; } static int plpks_confirm_object_flushed(struct label *label, From patchwork Wed Jan 18 06:10:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45008 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174878wrn; Tue, 17 Jan 2023 22:34:02 -0800 (PST) X-Google-Smtp-Source: AMrXdXtkHx/qm3l1iyvNHcanAOkY/GF/8yZmnFKsh4+y+rJDZIzdmUPfwr3fJfCW+br4Tre8NQNC X-Received: by 2002:a05:6a20:7da2:b0:b8:5a85:632c with SMTP id v34-20020a056a207da200b000b85a85632cmr8140325pzj.60.1674023642337; Tue, 17 Jan 2023 22:34:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023642; cv=none; d=google.com; s=arc-20160816; b=Krisi10mr6Oi36msgTVKGHICu7ys4awFNZSRUdjS3N8C4OdLqxQ1hRIeET7UsEgWr0 uqClPkaXinwDrRqK3zlvOTqI2jTGOJlpdZt30pMCWij1q14u1NU2eelyrJi+Pidl8f9L pnRp/8V1V8XXgeupy1m6NGpP+aj5rINZ6Tek56ltxTdEJb1szhbTlfTyhwQ2jsp6RwhN 3TIWMAC6xu4igGj49LT41KyYtNRffKJ5+thSbVoFB/GPBcJfoqSrYZpzBgiLUfaWSUB9 D30QaOsi5mDWKbyGXiQj5kBbX+u45x6WPRwC7994QMZ61BfJRulPPboZIPO/Tba9rXNI iAww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mkAI3uIQ9yV9PNhHRzDDGrjQklI07AEWIgiptDKoL6Q=; b=pRt0aMswvVPObkpgfFlg1Tz85Rta7AOLUYpAyckxPSG50ug2zlgsml24+UqwYKv6YJ 9NTJEMV7pvyG46vbraxVPftBfgY3JvkrfjufYfgneVZFZAflkbbmPdLWCVkKiLAG0TEv 3JVNALgj6UaG7Bwct4F80j2hEHonpLN+jduVTo8OdgNFq6IgCONSsbPh+wMSYaFdJ1RF Eq845nR5Ep59NZU2CvUQZXzV8C8BWgOC8rRkE5Sp0pt7B/WGwH9B5usf5bklhoWo+3wb PsJlBwAFeMBaawBDCNXW9pqp6mkIQtzikDvSPqeaObmM7tTdo26M0NtkzbXbVB66ggkT xhhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fTOYWFVn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bc18-20020a656d92000000b00478fc0cb33bsi35260114pgb.210.2023.01.17.22.33.47; Tue, 17 Jan 2023 22:34:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fTOYWFVn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229944AbjARGdB (ORCPT + 99 others); Wed, 18 Jan 2023 01:33:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229569AbjARGW3 (ORCPT ); Wed, 18 Jan 2023 01:22:29 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65F894E507; Tue, 17 Jan 2023 22:11:29 -0800 (PST) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3mCMX028883; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=mkAI3uIQ9yV9PNhHRzDDGrjQklI07AEWIgiptDKoL6Q=; b=fTOYWFVnbZqHvDJFW7wiDsOUjhcWp1H1i5wHMgiciQY+sRTpuY5LycoiovIZVGc2EyBs kl/2kypNui87yIrlUk9QbXWXIujTEVkxLfAgYk3Td2uaocMpcVJdVh4sBkBKSvs+k5aK segL+vWCWmfDFk1AgKVhzAQ4zqd58/uKG7acAzg0msyHxBfARR0MxvLK+5YSSLctC17L njPIcHnxMcD6a3bhTYsLoWry6kjWQCVSZZvf3/C6uzm3K/7LP7moUR2wf2lbF5+07Vh8 UwIVJ3W+yCo5KFHiGDx75rl28UVgufgYhK0J0WhMTkGGUJTDujPCluPIhlUc/xu2Yhs+ mA== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n696dah4f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HMNxWs004735; Wed, 18 Jan 2023 06:11:18 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16mtnm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BFn022545024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:15 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A980B20040; Wed, 18 Jan 2023 06:11:15 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B3D3A2004B; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 7CE206096D; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 16/24] powerpc/pseries: Implement signed update for PLPKS objects Date: Wed, 18 Jan 2023 17:10:41 +1100 Message-Id: <20230118061049.1006141-17-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: PRrhUTnQhsbSoj2ky06DQqmOKSPAS4RI X-Proofpoint-ORIG-GUID: PRrhUTnQhsbSoj2ky06DQqmOKSPAS4RI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 bulkscore=0 mlxscore=0 spamscore=0 malwarescore=0 phishscore=0 suspectscore=0 priorityscore=1501 impostorscore=0 clxscore=1015 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341014891672783?= X-GMAIL-MSGID: =?utf-8?q?1755341014891672783?= From: Nayna Jain The Platform Keystore provides a signed update interface which can be used to create, replace or append to certain variables in the PKS in a secure fashion, with the hypervisor requiring that the update be signed using the Platform Key. Implement an interface to the H_PKS_SIGNED_UPDATE hcall in the plpks driver to allow signed updates to PKS objects. (The plpks driver doesn't need to do any cryptography or otherwise handle the actual signed variable contents - that will be handled by userspace tooling.) Signed-off-by: Nayna Jain [ajd: split patch, add timeout handling and misc cleanups] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Fix error code handling in plpks_confirm_object_flushed() (ruscur) Pass plpks_var struct to plpks_signed_update_var() by reference (mpe) Consistent constant naming scheme (ruscur) --- arch/powerpc/include/asm/hvcall.h | 3 +- arch/powerpc/include/asm/plpks.h | 5 ++ arch/powerpc/platforms/pseries/plpks.c | 71 ++++++++++++++++++++++++-- 3 files changed, 73 insertions(+), 6 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index 95fd7f9485d5..33b26c0cb69b 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -336,7 +336,8 @@ #define H_SCM_FLUSH 0x44C #define H_GET_ENERGY_SCALE_INFO 0x450 #define H_WATCHDOG 0x45C -#define MAX_HCALL_OPCODE H_WATCHDOG +#define H_PKS_SIGNED_UPDATE 0x454 +#define MAX_HCALL_OPCODE H_PKS_SIGNED_UPDATE /* Scope args for H_SCM_UNBIND_ALL */ #define H_UNBIND_SCOPE_ALL (0x1) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 7c5f51a9af7c..e7204e6c0ca4 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -68,6 +68,11 @@ struct plpks_var_name_list { struct plpks_var_name varlist[]; }; +/** + * Updates the authenticated variable. It expects NULL as the component. + */ +int plpks_signed_update_var(struct plpks_var *var, u64 flags); + /** * Writes the specified var and its data to PKS. * Any caller of PKS driver should present a valid component type for diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 1189246b03dc..796ed5544ee5 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -81,6 +81,12 @@ static int pseries_status_to_err(int rc) err = -ENOENT; break; case H_BUSY: + case H_LONG_BUSY_ORDER_1_MSEC: + case H_LONG_BUSY_ORDER_10_MSEC: + case H_LONG_BUSY_ORDER_100_MSEC: + case H_LONG_BUSY_ORDER_1_SEC: + case H_LONG_BUSY_ORDER_10_SEC: + case H_LONG_BUSY_ORDER_100_SEC: err = -EBUSY; break; case H_AUTHORITY: @@ -184,14 +190,17 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, u16 namelen) { struct label *label; - size_t slen; + size_t slen = 0; if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); - slen = strlen(component); - if (component && slen > sizeof(label->attr.prefix)) - return ERR_PTR(-EINVAL); + // Support NULL component for signed updates + if (component) { + slen = strlen(component); + if (slen > sizeof(label->attr.prefix)) + return ERR_PTR(-EINVAL); + } // The label structure must not cross a page boundary, so we align to the next power of 2 label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); @@ -397,6 +406,58 @@ static int plpks_confirm_object_flushed(struct label *label, return pseries_status_to_err(rc); } +int plpks_signed_update_var(struct plpks_var *var, u64 flags) +{ + unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0}; + int rc; + struct label *label; + struct plpks_auth *auth; + u64 continuetoken = 0; + u64 timeout = 0; + + if (!var->data || var->datalen <= 0 || var->namelen > PLPKS_MAX_NAME_SIZE) + return -EINVAL; + + if (!(var->policy & PLPKS_SIGNEDUPDATE)) + return -EINVAL; + + auth = construct_auth(PLPKS_OS_OWNER); + if (IS_ERR(auth)) + return PTR_ERR(auth); + + label = construct_label(var->component, var->os, var->name, var->namelen); + if (IS_ERR(label)) { + rc = PTR_ERR(label); + goto out; + } + + do { + rc = plpar_hcall9(H_PKS_SIGNED_UPDATE, retbuf, + virt_to_phys(auth), virt_to_phys(label), + label->size, var->policy, flags, + virt_to_phys(var->data), var->datalen, + continuetoken); + + continuetoken = retbuf[0]; + if (pseries_status_to_err(rc) == -EBUSY) { + int delay_ms = get_longbusy_msecs(rc); + mdelay(delay_ms); + timeout += delay_ms; + } + rc = pseries_status_to_err(rc); + } while (rc == -EBUSY && timeout < PLPKS_MAX_TIMEOUT); + + if (!rc) + rc = plpks_confirm_object_flushed(label, auth); + + kfree(label); +out: + kfree(auth); + + return rc; +} +EXPORT_SYMBOL(plpks_signed_update_var); + int plpks_write_var(struct plpks_var var) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; @@ -443,7 +504,7 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) + if (vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(PLPKS_OS_OWNER); From patchwork Wed Jan 18 06:10:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45001 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2173960wrn; Tue, 17 Jan 2023 22:31:18 -0800 (PST) X-Google-Smtp-Source: AMrXdXt3Z4CUjPUa+7g6ISEaiIg/cRmcb1/R3mCXRijJWze8KJ5pCjIRs4vZZdgQRG0eqqzPFIEf X-Received: by 2002:a05:6a00:4089:b0:58a:d606:4258 with SMTP id bw9-20020a056a00408900b0058ad6064258mr6595672pfb.10.1674023478519; Tue, 17 Jan 2023 22:31:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023478; cv=none; d=google.com; s=arc-20160816; b=Ea8kCsIsIE8rCkSlA83KPshPQxLMRHKRj7n+C9qGP4ryr/YGc4LJz0mfR2mQGwhFke vIL3nSP1x8C1+5R4dK/1qnqNLOzgDMArwEU6Xg616bB/DXwN0gj/B3iOJQlKdpFBwcw8 IPMF34MX+p8TYmR5yJnystraUePVQaa1Af2au1zLz8btgEtZ5ChF64T82X0CCcCGHSR6 D27za7ZgIvoZ9azNhQqvm/FpsJD52VbThbON1SFsmgDw1Hj7fSfbJhXDnoBa80SIPEkO d9udMiCb72G5iOeEHkeXlXikVZTpE96XOrNk+szfgF67IEGp1Yd3Di/RAo2GV1yJgy5r liCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pI3uCdNIdbUl/d/24uN/7o7/82qohxj6n/F3JEnXxcE=; b=bi/8s+i57fLp1XTX4NEDOceHboWrLfqJU+Nf6sH1y6lYgShkjzrMTM2DuJeiZFqjKC gPAQ4QKovM/R8rTXChn4gSbVA3lUaJxSZz16/YHLrlJNdmUDUN5i90jLmJgYlu2D7xSd EXEtCB0Ri4ngF9krD3BfJEzD83VD+ibXOcbsLy5fOVXGbERj13JkkvjtUrIA2ll42jya U2MTDzDhPQcZgfdU3fAoB9lCBq/AeVEg/csPG9yYdSqddvDww+GXXoRugHcR744BAEeW hofJSNUR6xqdM4u/0jZFUV159Y7wIfGT0a5hgdmYyw13IFhKLUvKMcFP+sPn34P+5U59 Tgjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="l5uQe0+/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y22-20020a626416000000b0058bb8f860bcsi14630730pfb.124.2023.01.17.22.31.06; Tue, 17 Jan 2023 22:31:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="l5uQe0+/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229904AbjARG3O (ORCPT + 99 others); Wed, 18 Jan 2023 01:29:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229646AbjARGWK (ORCPT ); Wed, 18 Jan 2023 01:22:10 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B5A64DE2D; Tue, 17 Jan 2023 22:11:27 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I4WsZ6029973; Wed, 18 Jan 2023 06:11:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=pI3uCdNIdbUl/d/24uN/7o7/82qohxj6n/F3JEnXxcE=; b=l5uQe0+/WMZdU3DJcOwHz6DKOsy/DBoby7ql2JmG9YvYStk4Dr894DfG57rJ/6IfIpiB vryRUs8vriW89otFYoa+MtTPpO+6PmdmDeqKx3nhzPQS/NLum7SSujlZkLnf7QMVcy6U f6l0uieNPSgRqhUwxt35E/fk91vZgDPWDfLhR+rmk1pgp4HuVHrJr3KEEtXK1DGmqZod Klbax/VNrWnpdkbH4uYYF10rVHzYHaAilcl2g5+zvQwFmdu7jcR7myKIUz+5zTWEsdL1 xHsQ8Ilt8GE6Y3A6REXdQ5/hOgz6TaH80M7KP4Plz1rQpsW5QunCXMTPp9fuyvrdllJS +w== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n66eydg06-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HMOD3M006223; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfmtkk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BEif44761470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:14 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B78752004E; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3C66620040; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 8166860996; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 17/24] powerpc/pseries: Log hcall return codes for PLPKS debug Date: Wed, 18 Jan 2023 17:10:42 +1100 Message-Id: <20230118061049.1006141-18-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: WoA4VEG5Z_XH5FeGV_9cvB1laQ8zKfe_ X-Proofpoint-GUID: WoA4VEG5Z_XH5FeGV_9cvB1laQ8zKfe_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 adultscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340843190664784?= X-GMAIL-MSGID: =?utf-8?q?1755340843190664784?= From: Russell Currey The plpks code converts hypervisor return codes into their Linux equivalents so that users can understand them. Having access to the original return codes is really useful for debugging, so add a pr_debug() so we don't lose information from the conversion. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- arch/powerpc/platforms/pseries/plpks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 796ed5544ee5..96a026a37285 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -117,6 +117,8 @@ static int pseries_status_to_err(int rc) err = -EINVAL; } + pr_debug("Converted hypervisor code %d to Linux %d\n", rc, err); + return err; } From patchwork Wed Jan 18 06:10:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 44992 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2172396wrn; Tue, 17 Jan 2023 22:26:20 -0800 (PST) X-Google-Smtp-Source: AMrXdXvvgDjrUa9tbJv/EtUc+yMrDbNDJTITxJEqdi7B/KXxrtZyWDeP52/TSlfVidmI73vrxJfc X-Received: by 2002:a17:90a:5587:b0:229:74a3:3017 with SMTP id c7-20020a17090a558700b0022974a33017mr6258740pji.27.1674023179911; Tue, 17 Jan 2023 22:26:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023179; cv=none; d=google.com; s=arc-20160816; b=LW5/UkF29+ngM67ctFoirTVWtXKhKdKS+eUsjWG2Xs9DcZ+AJpW/xzRqCZPussZrfn h/bKohe/YfdC000nYN2OaQr9+7OdP6V1OHFWVnjo2lsnwuhr4b6dRvmYBjo10kKa8aTU zlnA8m6eOgLJiFH719a62Qzk+Bcq+uu5wXDXZnvbBbAApMjMhFGPZiL+IW+QTvHlmgpe K+9/y6pOmGMGBKsHNvwnUhpRSmZZ1hjshUbsUu+e+AEWTCzzFa56NFg0BVy/b7fdo2rV Xdc/lWd1RRSZXQ4gg9aTlC3mYu7Ay1JSDnQeeuj1sdjvgU3Xb88PQAWw1Uzn2SKhbRry CegQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tOqrA5VidJRNAvnD59zsGYLxdqrQfaR9ST7oWeBkVOs=; b=AoBsHtUAP+emO1/nH5b8hTVlmVwHDmZeBdAl+z6hKuzOtWFBgWBsfhGDuWZIqpfY3n CJGHVtjmDvlOZrTAvB8Q4bgyyX94tnvgroqF60JUQxg44oXI2GSJGl0YqBhEhUeLL2qx 7v/wFtKO2AX3PfmpN1ect8125GXn+0n0m9dE7jPiySF/EkOYnEDnRxK1NT2HWNn5S+2C AhQ1QKPiuy0IiNlBDb7jn3Q0iWwp6cEeCwPk7PHBfHAqsfKVrMjErEmj66fbDVn8uI20 iMJ9H27JKsMMpz24f/J+leFgvGGXAk/E9EDgXEC5f23t8Om8BhAeScmcH8OYceP8BwWT /87w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QTdU0tmZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y3-20020a17090ad70300b0021a0bf0330esi1161176pju.73.2023.01.17.22.26.08; Tue, 17 Jan 2023 22:26:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QTdU0tmZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229783AbjARGZR (ORCPT + 99 others); Wed, 18 Jan 2023 01:25:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229460AbjARGWM (ORCPT ); Wed, 18 Jan 2023 01:22:12 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80F744DE34; Tue, 17 Jan 2023 22:11:27 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I5MpfN007543; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=tOqrA5VidJRNAvnD59zsGYLxdqrQfaR9ST7oWeBkVOs=; b=QTdU0tmZ7sX18Cksu331QGwPcFLN2Y8n7S16WOa3Rzne51Tp+WTyAQrz5MXl6uH/PNVQ K5ij5Y0O7jiqMx/+90nGT8oEx7gdon+/q4gPtyKD+7hBAhB2crm7ar1XJl8jd2JNWxzB 4dtCLXhKlVVynpspYKwHn6INToptbTY/LdA2xUjzXKNA4/go1eZs0uLiL8vmPZaAs9Yk YNQmsz4BZkyqpwIem+VHkuIlpuwfTJKsXsQDEZ9QgzWxW4uItIxdsVbpnAmAjA4RllPG ahxLZaWk3YKofB3aVv13osBOpTfH8WF17TCjhGxFVXfkBnKLgd3GfW+qWSdjtkrNasCa BQ== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n63tk9abp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HLWgwT023782; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16mtte-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BEfn48366026 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:14 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B7C362004F; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3CD8420043; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 85806609A2; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 18/24] powerpc/pseries: Make caller pass buffer to plpks_read_var() Date: Wed, 18 Jan 2023 17:10:43 +1100 Message-Id: <20230118061049.1006141-19-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: OCTt7Kb0VNL5SntzAwEFLQUM3J0JRG7N X-Proofpoint-GUID: OCTt7Kb0VNL5SntzAwEFLQUM3J0JRG7N X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 bulkscore=0 priorityscore=1501 impostorscore=0 mlxscore=0 suspectscore=0 adultscore=0 clxscore=1015 spamscore=0 mlxlogscore=999 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340530125110420?= X-GMAIL-MSGID: =?utf-8?q?1755340530125110420?= Currently, plpks_read_var() allocates a buffer to pass to the H_PKS_READ_OBJECT hcall, then allocates another buffer, of the caller's preferred size if necessary, into which the data is copied, and returns that buffer to the caller. This is a bit over the top - while we probably still want to allocate a separate buffer to pass to the hypervisor in the hcall, we can let the caller allocate the final buffer and specify the size. Don't allocate var->data in plpks_read_var(), instead expect the caller to allocate it. If the caller needs to discover the size, it can set var->data to NULL and var->datalen will be populated. Update header file to document this. Suggested-by: Michael Ellerman Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (mpe) --- arch/powerpc/include/asm/plpks.h | 12 ++++++++++++ arch/powerpc/platforms/pseries/plpks.c | 11 ++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index e7204e6c0ca4..0c49969b0864 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -88,16 +88,28 @@ int plpks_remove_var(char *component, u8 varos, /** * Returns the data for the specified os variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_os_var(struct plpks_var *var); /** * Returns the data for the specified firmware variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_fw_var(struct plpks_var *var); /** * Returns the data for the specified bootloader variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_bootloader_var(struct plpks_var *var); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 96a026a37285..5d9c6a3b2014 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -578,17 +578,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_output; } - if (var->datalen == 0 || var->datalen > retbuf[0]) + if (!var->data || var->datalen > retbuf[0]) var->datalen = retbuf[0]; - var->data = kzalloc(var->datalen, GFP_KERNEL); - if (!var->data) { - rc = -ENOMEM; - goto out_free_output; - } var->policy = retbuf[1]; - memcpy(var->data, output, var->datalen); + if (var->data) + memcpy(var->data, output, var->datalen); + rc = 0; out_free_output: From patchwork Wed Jan 18 06:10:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 44993 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2172619wrn; Tue, 17 Jan 2023 22:27:00 -0800 (PST) X-Google-Smtp-Source: AMrXdXto9RdDP6ZPxMy4nHcMCq121YuPvb63bBcdiE68Yt+BDY1iatRAMvxzGpvXP5A3DcPcYQ2o X-Received: by 2002:a05:6a20:4d9d:b0:af:e129:cb7 with SMTP id gj29-20020a056a204d9d00b000afe1290cb7mr5336792pzb.52.1674023220538; Tue, 17 Jan 2023 22:27:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023220; cv=none; d=google.com; s=arc-20160816; b=yCW5qFsSHm9BLbXnDB1ZT6VgS4YU4gUrCa3pG4NhCJ9HtsPc7gC+GbD8EwqO+TJYwF r3j1qIDrH64zt0yhfRpV+2qR9bufql1VMcB3JX9ajA6U0E8eCl4vzRZKpAc6s3WHyh9x pjzbithmeJXWBD6D+CA2QMmQLKD8Blczl0pjlyNm2EFsYtSfx+FDFaLbKE68Xbz3ildN 2Kls0qLUgnNOaSMs8ZDMnMFursDxjp+hzH3Ugf++JpsWE45On9+wcG7ZmViViQ/HM2P/ DQvpMWji6Rc3HkIcKclgh5nO7iCHdcQTwoQAqLPkxfI4G1sUKDgXB3GziGkuSt3rflPF I4tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=E0dq3ETgVtjHnACRGN3zQsVSK1Z5Iyw8g63/v3XZrW4=; b=gCIr1MtdyDoLjk3T3or349LnZWhtPYDJ4biGH4JDxR9hWA9/kB8UwwgaZgoR9gWIAC zia1Pvs9d/suPl2R4RdLWwuldDwWrMv4SETgXLWCzjbhmW13AfgioWqV6ffDZ95lLLFL EmHOoXxqt8MGsONbVjXDiKAy7zXgO5SMzfsWsLtrDiU3lN5k1ITZdxzrKHyrq8r9LuC6 01yEYQ2BqwNa8ZEeh1zkVN0sq3jn2lqhYbjpl0nQYhN3iig9lUKeF31DjooTIEBDqric 8aCm1pzyCLQO9XBN7HDXNOMtIgJwVzOFqYWfrGxBp8LRfnRxyJ9DPBMXxiW7ikJtu1Rl yHLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VSOqmk05; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q67-20020a632a46000000b004cd2eebb381si8766996pgq.57.2023.01.17.22.26.48; Tue, 17 Jan 2023 22:27:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VSOqmk05; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229584AbjARG0I (ORCPT + 99 others); Wed, 18 Jan 2023 01:26:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229454AbjARGWO (ORCPT ); Wed, 18 Jan 2023 01:22:14 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D6354DE39; Tue, 17 Jan 2023 22:11:27 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I5MNdw007599; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=E0dq3ETgVtjHnACRGN3zQsVSK1Z5Iyw8g63/v3XZrW4=; b=VSOqmk05kYdsOLhoHUGsW9399GZevHRlsU4Pd+AScDqjcQ5HpRp05FS7kdwkV4s8Y5wf 9oQeYs7jb6JDRRot6bnE6BEx7J5psH5l+O45R5Kaj+mKGXsQboT8FKCVNVLCoTmjV526 hkLrV35tz100//lXT4cMQlZn8XMHRnUlCxwICvmLorXqRI7p3XI/8lh1iW2F13716Ll1 z/x0nKSUDPp1mPteUlUUdDcSGt8jD9KnsJN0ntKV6YRijQ2aPveT0MP+O6q7FJw1oVuM c6K1lwfnboDo3RWYzYmHYmKS53vsOKdiEnr3LpIunUJNiZrXqTGh3E06+/moIRS7mZCI 0Q== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n63tk9abk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HAZrN3028803; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16bh3p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BES214942540 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:14 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B729A20043; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3CE2A20040; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 89AF4609BC; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 19/24] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Date: Wed, 18 Jan 2023 17:10:44 +1100 Message-Id: <20230118061049.1006141-20-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 5kK0W0JAPrzucMCOg-J59ZU-HiBeon_7 X-Proofpoint-GUID: 5kK0W0JAPrzucMCOg-J59ZU-HiBeon_7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 bulkscore=0 priorityscore=1501 impostorscore=0 mlxscore=0 suspectscore=0 adultscore=0 clxscore=1015 spamscore=0 mlxlogscore=781 lowpriorityscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340572697276479?= X-GMAIL-MSGID: =?utf-8?q?1755340572697276479?= It seems a bit unnecessary for the PLPKS code to have a user-visible config option when it doesn't do anything on its own, and there's existing options for enabling Secure Boot-related features. It should be enabled by PPC_SECURE_BOOT, which will eventually be what uses PLPKS to populate keyrings. However, we can't get of the separate option completely, because it will also be used for SED Opal purposes. Change PSERIES_PLPKS into a hidden option, which is selected by PPC_SECURE_BOOT. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch --- arch/powerpc/Kconfig | 1 + arch/powerpc/platforms/pseries/Kconfig | 11 +---------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b8c4ac56bddc..d4ed46101bec 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -1029,6 +1029,7 @@ config PPC_SECURE_BOOT depends on PPC_POWERNV || PPC_PSERIES depends on IMA_ARCH_POLICY imply IMA_SECURE_AND_OR_TRUSTED_BOOT + select PSERIES_PLPKS if PPC_PSERIES help Systems with firmware secure boot enabled need to define security policies to extend secure boot to the OS. This config allows a user diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index a3b4d99567cb..82b6f993be0f 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -151,16 +151,7 @@ config IBMEBUS config PSERIES_PLPKS depends on PPC_PSERIES - bool "Support for the Platform Key Storage" - help - PowerVM provides an isolated Platform Keystore(PKS) storage - allocation for each LPAR with individually managed access - controls to store sensitive information securely. It can be - used to store asymmetric public keys or secrets as required - by different usecases. Select this config to enable - operating system interface to hypervisor to access this space. - - If unsure, select N. + bool config PAPR_SCM depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM From patchwork Wed Jan 18 06:10:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45002 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174039wrn; Tue, 17 Jan 2023 22:31:31 -0800 (PST) X-Google-Smtp-Source: AMrXdXtH7pCvmRJtnxhS+lJw2zOzId0o3fZopSxitR90KNqpXmnYGAomk4cqcm1QndeI6hlKnYcS X-Received: by 2002:a05:6a20:e609:b0:b8:9c66:cd66 with SMTP id my9-20020a056a20e60900b000b89c66cd66mr6037152pzb.18.1674023491557; Tue, 17 Jan 2023 22:31:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023491; cv=none; d=google.com; s=arc-20160816; b=09IjtuvEPeK8DprujKy9mX5QXMQ3HwENMqEhqghogqEl1Xpo9pdgB506CFTHWFIQTe sVG+luo0DeEZtUq0o6lq9pKh0CrZ87g8YbWIIMnfp2Dm8gV/adcyIfV+8SyErRvRRNhY o6QbHRObZI4DoLYLV2jpiTxkEpwMJeZdoZuGH/Ty8/K6It9gxRh3h0K665RtfWvmghW0 3tPsslGbNZHhQms+tuBpoMOCtFcF6C215ag//5fyQaK78zX5jn0HYS0glp7PgPNT75Rw vaYRZB0HM5kl1XGyrrGXlQRIB1pc3xEFY1/lbHAq/x2r1jKIgNocFf7wamiYdJKKzEem TaUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NbAGOkJyKTdzGBUpPMnKfY++xIugD/a7G/Z7957aSpQ=; b=cPpXfh/YW2B6ilIaQiLEuz6vnSp4XMSzRqbPYxqy+6FaE96UMJqi6RzIN3ntv+HJTH N3tM/KTt3/w5wKSj4POJ+VGTJXrxKsB0CjGiooAFsesb8R0rzXhT7CzBUBt9/Qt/CpBH 2Ag/n+E1zux/sRleSkUPP1WaX/ImnW4SbfZwsGLQkEXn0OzViUJ+oBsj5eXaeHKHqflr x6aaVWB4SgcudPiXhMSXPlxXlDmvzJiTykxUAn+Z96ge2aHgiUCRMhUFhH8i6sLQbQIo R1GDhsrB+ne8s0Jf50+NV++FNd//u8gdxzOjEPdYcnr1PHFaE7X/LA18dHfW2IFEjzGs jy0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kF0uXYNP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j191-20020a638bc8000000b004cf0cc0dc35si4494394pge.874.2023.01.17.22.31.17; Tue, 17 Jan 2023 22:31:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kF0uXYNP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229929AbjARG3z (ORCPT + 99 others); Wed, 18 Jan 2023 01:29:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229517AbjARGW3 (ORCPT ); Wed, 18 Jan 2023 01:22:29 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65E5E4E503; Tue, 17 Jan 2023 22:11:28 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I53Z1M015897; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=NbAGOkJyKTdzGBUpPMnKfY++xIugD/a7G/Z7957aSpQ=; b=kF0uXYNPWlFkxgF6my4vekuw5ZTt+xnwFLJW3MzsQPn1hoDYaPu9+zJ+tI5c/OHGY0fV AjawqG9JgBu1CQepciyLg+a4f5lsN2FdymCznyxAPpaXqGpyaf8S5a0BwpMdNGCTDh7m Q8tmxV4e1MNhKoRFX84GYq7YhjO3qTY1t+7vp8Ssfee3Wj9xDks/4frpFu3+fabm2n0e sxthGsE0ZWy9Ew+jA4yRjbw7suV2p0PuMfiTcuQAomGbU9ByKPcFU2yArwrbFwJEA4/V ahNe9U4ZpgHjDZS0SYuljf1ERmBNOSzzelwWQ0UGN1Q0mTAGGLWyXrY1c/aDz3WPV9lH vg== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6a9ph6x5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HNFFDG007008; Wed, 18 Jan 2023 06:11:18 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfmtkm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:18 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BFUL50790782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:15 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A43BB20040; Wed, 18 Jan 2023 06:11:15 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2884820043; Wed, 18 Jan 2023 06:11:15 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:15 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 8EDF56097C; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 20/24] powerpc/pseries: Add helpers to get PLPKS password Date: Wed, 18 Jan 2023 17:10:45 +1100 Message-Id: <20230118061049.1006141-21-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: BOXolXkxoR4OCsa-PnXtg5y54IYkBD2d X-Proofpoint-ORIG-GUID: BOXolXkxoR4OCsa-PnXtg5y54IYkBD2d X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 phishscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 spamscore=0 mlxlogscore=748 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340856661026280?= X-GMAIL-MSGID: =?utf-8?q?1755340856661026280?= From: Russell Currey Add helper functions to get the PLPKS password. This will be used in a later patch to support passing the password between kernels over kexec. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/include/asm/plpks.h | 11 +++++++++++ arch/powerpc/platforms/pseries/plpks.c | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 0c49969b0864..08355c89f5fd 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -171,6 +171,17 @@ u32 plpks_get_maxlargeobjectsize(void); */ u64 plpks_get_signedupdatealgorithms(void); +/** + * Returns the PLPKS password generated by the hypervisor. + * Should only be used to prepare a different OS to use the PLPKS, i.e. kexec. + */ +u8 *plpks_get_password(void); + +/** + * Returns the length of the PLPKS password in bytes. + */ +u16 plpks_get_passwordlen(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 5d9c6a3b2014..b3c7410a4f13 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -359,6 +359,16 @@ u64 plpks_get_signedupdatealgorithms(void) return signedupdatealgorithms; } +u8 *plpks_get_password(void) +{ + return ospassword; +} + +u16 plpks_get_passwordlen(void) +{ + return ospasswordlength; +} + bool plpks_is_available(void) { int rc; From patchwork Wed Jan 18 06:10:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45019 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175870wrn; Tue, 17 Jan 2023 22:37:05 -0800 (PST) X-Google-Smtp-Source: AMrXdXuamXMH3ajTAr3GevRV+eLwykm62Rc/3RcbiHfNKYKgp8nHrf8XH+b+0+4ANw4arZmbqj2a X-Received: by 2002:a17:902:74c9:b0:194:8ae7:501f with SMTP id f9-20020a17090274c900b001948ae7501fmr12453113plt.10.1674023825368; Tue, 17 Jan 2023 22:37:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023825; cv=none; d=google.com; s=arc-20160816; b=R3DxPZPA8j9UXQaeTe4TYHCxB+w2A/fyDs8oWS3xhsfIgB8Gyq5zIN9hvEvOLFEqcb YvmgdhbCkW3t87iZM9sCs4BaAswSctx0QAY+2lbEEa+sXdm2KUuGmq8mkcKxIVhfiEzT tcSaHA0+/NuDgZO7WJ64/YqBXbpBMYrlG2dvRyVMn67glzYjDiB50PR8bCuWwsV8iz/B /HuE7YY7WiISGCKtXYDW7kY4qbHv/A9YxsAeZq8RhR8DE5FHCp7BYgWS/iPcdRQNnWKS lqA6m8QVwch9IhP1E6PmhR175ddv0Wq5wKBLShgUaMMxiLuBxyC8LP7IZNlhIMokP/Tp 4tmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=gKmctAbEoVSJh+STbpQjqFTlXKnJs2vfjJ8NG4/pbcM=; b=d/ripU935AnwDjwyyZ4nhgpSsWguXaXPkmWmHqXZ9aXMp3PtFIq1XWi0Gi7IIVDVdh P7t1kEaNScg1gkoy+A+dJW7mXuQHQcIrfuoytOLIymb7pbKLAXElBaOWXJKi1deSAjWF yYKBGQjDQPPy5b+cYVDr6tI5lXS/Lri9MV9xYvMvukQMycywltbJO6mxQg3UZNCYBkt+ MrYeZlu6gLOuyFsSAGXlHPwmlxDhXtwEx2LK3vtBgo9dLcwTZhCejNFMVI6nwGs2KQRY tjbtiTEXlIQykXLtryJv+c/2fg5UBqaieCQoad3fNstuRv9+OdLnyt7c2yjgk3I9ViPW ZqSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=k9X17KQB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id az10-20020a170902a58a00b00189c05664e8si31998083plb.563.2023.01.17.22.36.53; Tue, 17 Jan 2023 22:37:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=k9X17KQB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229807AbjARGf4 (ORCPT + 99 others); Wed, 18 Jan 2023 01:35:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229489AbjARGWg (ORCPT ); Wed, 18 Jan 2023 01:22:36 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97BB84ED19; Tue, 17 Jan 2023 22:11:34 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I4Hm14008429; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=gKmctAbEoVSJh+STbpQjqFTlXKnJs2vfjJ8NG4/pbcM=; b=k9X17KQB0/vBrtXxMYGwqnJTuD35wIoRbGpxXIvN3ntk1P3oobavdKZMsxia53PbNw7I POA2RZEx5iPIj3FaLWT3makewc/xybjB243jCN4SGkXewJzaFlFZZkNQUcKGFBnlhEHh /NisVSZwbFpV/fRPaxklqVyMW5yB9qw+NnA+AGl/OcWbX3uk/QNlnL+8Poh5ODZfUCVr VY61zy2uEnlw2PPdfIBGa/lr7X/WZGjg8/2oNi/V6RsQCWQEzoa1bICae/9l1LYQ9GDv 155x5z8k+kB2dHe0rotsL+xld9aZAo1k1wRbFa1KWhoeCoLZa+nsGLX4NeG3ez0I6f2B FQ== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n69ma1wvw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HLo66C005139; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16mtnk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BFlm44302814 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:15 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 336EA2004D; Wed, 18 Jan 2023 06:11:15 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3F6F820040; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 94173609BE; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 21/24] powerpc/pseries: Pass PLPKS password on kexec Date: Wed, 18 Jan 2023 17:10:46 +1100 Message-Id: <20230118061049.1006141-22-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 8NB8u-wE6gBWeMo37igpwsigabP7qowd X-Proofpoint-ORIG-GUID: 8NB8u-wE6gBWeMo37igpwsigabP7qowd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 suspectscore=0 mlxlogscore=867 malwarescore=0 priorityscore=1501 impostorscore=0 phishscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341206645142664?= X-GMAIL-MSGID: =?utf-8?q?1755341206645142664?= From: Russell Currey Before interacting with the PLPKS, we ask the hypervisor to generate a password for the current boot, which is then required for most further PLPKS operations. If we kexec into a new kernel, the new kernel will try and fail to generate a new password, as the password has already been set. Pass the password through to the new kernel via the device tree, in /chosen/plpks-pw. Check for the presence of this property before trying to generate a new password - if it exists, use the existing password and remove it from the device tree. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/kexec/file_load_64.c | 17 ++++++++++++++++- arch/powerpc/platforms/pseries/plpks.c | 18 +++++++++++++++++- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c index af8854f9eae3..f0e25700ae77 100644 --- a/arch/powerpc/kexec/file_load_64.c +++ b/arch/powerpc/kexec/file_load_64.c @@ -27,6 +27,7 @@ #include #include #include +#include struct umem_info { u64 *buf; /* data buffer for usable-memory property */ @@ -1155,7 +1156,7 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt, unsigned long initrd_len, const char *cmdline) { struct crash_mem *umem = NULL, *rmem = NULL; - int i, nr_ranges, ret; + int i, nr_ranges, ret, chosen_node; /* * Restrict memory usage for kdump kernel by setting up @@ -1230,6 +1231,20 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt, } } +#ifdef CONFIG_PSERIES_PLPKS + // If we have PLPKS active, we need to provide the password + if (plpks_is_available()) { + chosen_node = fdt_path_offset(fdt, "/chosen"); + if (!chosen_node) { + pr_err("Can't find chosen node: %s\n", + fdt_strerror(chosen_node)); + goto out; + } + ret = fdt_setprop(fdt, chosen_node, "ibm,plpks-pw", + plpks_get_password(), plpks_get_passwordlen()); + } +#endif // CONFIG_PSERIES_PLPKS + out: kfree(rmem); kfree(umem); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index b3c7410a4f13..0350f10e1755 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -126,7 +127,22 @@ static int plpks_gen_password(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; u8 *password, consumer = PLPKS_OS_OWNER; - int rc; + struct property *prop; + int rc, len; + + // Before we generate the password, we may have been booted by kexec and + // provided with a previous password. Check for that first. + prop = of_find_property(of_chosen, "ibm,plpks-pw", &len); + if (prop) { + ospasswordlength = (u16)len; + ospassword = kzalloc(ospasswordlength, GFP_KERNEL); + if (!ospassword) { + of_remove_property(of_chosen, prop); + return -ENOMEM; + } + memcpy(ospassword, prop->value, len); + return of_remove_property(of_chosen, prop); + } // The password must not cross a page boundary, so we align to the next power of 2 password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); From patchwork Wed Jan 18 06:10:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45005 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174159wrn; Tue, 17 Jan 2023 22:31:52 -0800 (PST) X-Google-Smtp-Source: AMrXdXtHbvJNgkI6NPxtg1Z8QAvEHZC2XvWaaRPRLqTAXbp5rS1/77/pT4CzhXuljMBTwDcwX18x X-Received: by 2002:a17:903:1306:b0:189:5f5c:da1e with SMTP id iy6-20020a170903130600b001895f5cda1emr4928876plb.27.1674023512504; Tue, 17 Jan 2023 22:31:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023512; cv=none; d=google.com; s=arc-20160816; b=faceXeXw14euUFej5LipbOIaNSTR0s6NppVfAys84sKTklxM4nwJgN6Nup7HlpTjWy VnuPwiP3OaBHq4visvM9p22T7fPPzikZ8a+OamUoa7f2OGzD6/HxmXpHpJnpCFwFrRLo KTyKfEaH52fdpiYQYVBzZC8W1tDA+4Pzmp63DOtnc8u/XPBhhx5L9XdF3PSDJHZRZwkH z73QLic19cToYtTA1vTM8C9ICCBDJeihe8aFwMduSjT1YbGvFG3OavWrsYIK38rlxiw+ BoCGUiff6/DKK+zrcgmA/UiUwO94Dpe1HqlwiUVpc6XjRQUTUy5Jq/XrQBpX46fIdxcm 4tRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=t3m47uvq+CqvvF8pstMZiVfGvV0dkV3Mb/lcW53rAF8=; b=JO/0bjT1I1X9l6/tFwzuWIbqHi3/aTqtfo0I3sGaEszhzbAFhTUJ2zwnhJvL2FmeUF xdU9iNXwbyQmWeFlRhq4v3RITwZNrxPDBChVlbYQunFjAxmH1h2HeazQK9eUR64ZEldA uNBZJ9UFy4+ZJZ/zx58TpIfrCnkofrWzU8XW2egxYreqKPojrJmFGaCGBI1ZVgrMSBgh wyroCYsEaB2iCMHO6y7IXWLm0mvOUzA2IRdik+q4KK9ZVXAyw1HNUfgLc9JiT8lMWw+B kgpq8k46yrgEzfpSZ5DHPGNYXbXfzOf90H3ytp9VvcYUOxmuLYlC6hUTn9bbOhbzh76x uhxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=LNSI0Odx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s28-20020a63525c000000b0047895cb2289si34070773pgl.644.2023.01.17.22.31.37; Tue, 17 Jan 2023 22:31:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=LNSI0Odx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229655AbjARGbM (ORCPT + 99 others); Wed, 18 Jan 2023 01:31:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229535AbjARGW3 (ORCPT ); Wed, 18 Jan 2023 01:22:29 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65EFB4E506; Tue, 17 Jan 2023 22:11:28 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I53UC8015717; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=t3m47uvq+CqvvF8pstMZiVfGvV0dkV3Mb/lcW53rAF8=; b=LNSI0OdxhRjA8IXpaYyPRiRO9rFY4rKNCW+DBx4DFT2l2fSBoKtb3a5/5oqDIb04jpkf uTQs0kz+//dDOc26woT4KQvLpB8e0x8yb9QbrvW/KpKY4wt2xQDjN5x4jKaslntZcP+9 9jEzHZmwzhA4ZTFC8OrQkGyuRkUFAC8uNJeYCOG0tQgsbcN/Cd+Z+NHCCKvWxFAZc2TC 6tu9pif/ct7JxKQLS+w2PKiazMI/bOCQpINFAL+qXHXWA9thCP8u2JcWuMFMus43ePa9 e6g5SqEN79YbkcCvrk5/fg/b2Hv3VOiZjAmNeYbgJU/a/ob1mVltwuSlGpNsqC9AwlD/ ZQ== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n6a9ph6x6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HAxqLW003649; Wed, 18 Jan 2023 06:11:18 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3n3m16bh27-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BFti14942544 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:15 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3687920040; Wed, 18 Jan 2023 06:11:15 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 40E0320043; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 991FB609C1; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 22/24] powerpc/pseries: Implement secvars for dynamic secure boot Date: Wed, 18 Jan 2023 17:10:47 +1100 Message-Id: <20230118061049.1006141-23-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: HuvbMilrSmSURaMwbqLUS6W3yvHLdxFl X-Proofpoint-ORIG-GUID: HuvbMilrSmSURaMwbqLUS6W3yvHLdxFl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxscore=0 phishscore=0 malwarescore=0 adultscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340878388441250?= X-GMAIL-MSGID: =?utf-8?q?1755340878388441250?= From: Russell Currey The pseries platform can support dynamic secure boot (i.e. secure boot using user-defined keys) using variables contained with the PowerVM LPAR Platform KeyStore (PLPKS). Using the powerpc secvar API, expose the relevant variables for pseries dynamic secure boot through the existing secvar filesystem layout. The relevant variables for dynamic secure boot are signed in the keystore, and can only be modified using the H_PKS_SIGNED_UPDATE hcall. Object labels in the keystore are encoded using ucs2 format. With our fixed variable names we don't have to care about encoding outside of the necessary byte padding. When a user writes to a variable, the first 8 bytes of data must contain the signed update flags as defined by the hypervisor. When a user reads a variable, the first 4 bytes of data contain the policies defined for the object. Limitations exist due to the underlying implementation of sysfs binary attributes, as is the case for the OPAL secvar implementation - partial writes are unsupported and writes cannot be larger than PAGE_SIZE. Co-developed-by: Nayna Jain Signed-off-by: Nayna Jain Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v2: Remove unnecessary config vars from sysfs and document the others, thanks to review from Greg. If we end up needing to expose more, we can add them later and update the docs. Use sysfs_emit() instead of sprintf(), thanks to Greg. Change the size of the sysfs binary attributes to include the 8-byte flags header, preventing truncation of large writes. v3: plpks_set_variable(): pass var to plpks_signed_update_var() as a pointer (mpe) Update copyright date (ajd) Consistent comment style (ajd) Change device_initcall() to machine_arch_initcall(pseries...) so we don't try to load on powernv and kill the machine (mpe) Add config attributes into plpks_secvar_ops (mpe) Get rid of PLPKS_SECVAR_COUNT macro (mpe) Reworded descriptions in ABI documentation (mpe) Switch to using secvar_ops->var_names rather than secvar_ops->get_next() (ajd/mpe) Optimise allocation/copying of buffers (mpe) Elaborate the comment documenting the "format" string (mpe) Return -EIO on errors in the read case (mpe) Add "grubdbx" variable (Sudhakar Kuppusamy) Use utf8s_to_utf16s() rather than our own "UCS-2" conversion code (mpe) Change uint64_t to u64 (mpe) Fix SB_VERSION data length (ruscur) Stop prepending policy data on read (ruscur) Enforce max format length on format string (not strictly needed, but makes the length limit clear) (ajd) Update include of plpks.h to reflect new path (ruscur) Consistent constant naming scheme (ruscur) --- Documentation/ABI/testing/sysfs-secvar | 75 +++++- arch/powerpc/platforms/pseries/Makefile | 4 +- arch/powerpc/platforms/pseries/plpks-secvar.c | 214 ++++++++++++++++++ 3 files changed, 290 insertions(+), 3 deletions(-) create mode 100644 arch/powerpc/platforms/pseries/plpks-secvar.c diff --git a/Documentation/ABI/testing/sysfs-secvar b/Documentation/ABI/testing/sysfs-secvar index feebb8c57294..a19f4d5fcec6 100644 --- a/Documentation/ABI/testing/sysfs-secvar +++ b/Documentation/ABI/testing/sysfs-secvar @@ -18,6 +18,14 @@ Description: A string indicating which backend is in use by the firmware. This determines the format of the variable and the accepted format of variable updates. + On powernv/OPAL, this value is provided by the OPAL firmware + and is expected to be "ibm,edk2-compat-v1". + + On pseries/PLPKS, this is generated by the kernel based on the + version number in the SB_VERSION variable in the keystore, and + has the form "ibm,plpks-sb-v", or + "ibm,plpks-sb-unknown" if there is no SB_VERSION variable. + What: /sys/firmware/secvar/vars/ Date: August 2019 Contact: Nayna Jain @@ -34,7 +42,7 @@ Description: An integer representation of the size of the content of the What: /sys/firmware/secvar/vars//data Date: August 2019 -Contact: Nayna Jain h +Contact: Nayna Jain Description: A read-only file containing the value of the variable. The size of the file represents the maximum size of the variable data. @@ -44,3 +52,68 @@ Contact: Nayna Jain Description: A write-only file that is used to submit the new value for the variable. The size of the file represents the maximum size of the variable data that can be written. + +What: /sys/firmware/secvar/config +Date: December 2022 +Contact: Nayna Jain +Description: This optional directory contains read-only config attributes as + defined by the secure variable implementation. All data is in + ASCII format. The directory is only created if the backing + implementation provides variables to populate it, which at + present is only PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/version +Date: December 2022 +Contact: Nayna Jain +Description: Config version as reported by the hypervisor in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/max_object_size +Date: December 2022 +Contact: Nayna Jain +Description: Maximum allowed size of objects in the keystore in bytes, + represented in ASCII decimal format. + + This is not necessarily the same as the max size that can be + written to an update file as writes can contain more than + object data, you should use the size of the update file for + that purpose. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/total_size +Date: December 2022 +Contact: Nayna Jain +Description: Total size of the PLPKS in bytes, represented in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/used_space +Date: December 2022 +Contact: Nayna Jain +Description: Current space consumed by the key store, in bytes, represented + in ASCII decimal format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/supported_policies +Date: December 2022 +Contact: Nayna Jain +Description: Bitmask of supported policy flags by the hypervisor, + represented as an 8 byte hexadecimal ASCII string. Consult the + hypervisor documentation for what these flags are. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/signed_update_algorithms +Date: December 2022 +Contact: Nayna Jain +Description: Bitmask of flags indicating which algorithms the hypervisor + supports for signed update of objects, represented as a 16 byte + hexadecimal ASCII string. Consult the hypervisor documentation + for what these flags mean. + + Currently only provided by PLPKS on the pseries platform. diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 92310202bdd7..d52b7ec1a678 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -27,8 +27,8 @@ obj-$(CONFIG_PAPR_SCM) += papr_scm.o obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o -obj-$(CONFIG_PSERIES_PLPKS) += plpks.o - +obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PPC_SECVAR_SYSFS) += plpks-secvar.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c b/arch/powerpc/platforms/pseries/plpks-secvar.c new file mode 100644 index 000000000000..35f33c4509f5 --- /dev/null +++ b/arch/powerpc/platforms/pseries/plpks-secvar.c @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: GPL-2.0-only + +// Secure variable implementation using the PowerVM LPAR Platform KeyStore (PLPKS) +// +// Copyright 2022, 2023 IBM Corporation +// Authors: Russell Currey +// Andrew Donnellan +// Nayna Jain + +#define pr_fmt(fmt) "secvar: "fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// Config attributes for sysfs +#define PLPKS_CONFIG_ATTR(name, fmt, func) \ + static ssize_t name##_show(struct kobject *kobj, \ + struct kobj_attribute *attr, \ + char *buf) \ + { \ + return sysfs_emit(buf, fmt, func()); \ + } \ + static struct kobj_attribute attr_##name = __ATTR_RO(name) + +PLPKS_CONFIG_ATTR(version, "%u\n", plpks_get_version); +PLPKS_CONFIG_ATTR(max_object_size, "%u\n", plpks_get_maxobjectsize); +PLPKS_CONFIG_ATTR(total_size, "%u\n", plpks_get_totalsize); +PLPKS_CONFIG_ATTR(used_space, "%u\n", plpks_get_usedspace); +PLPKS_CONFIG_ATTR(supported_policies, "%08x\n", plpks_get_supportedpolicies); +PLPKS_CONFIG_ATTR(signed_update_algorithms, "%016llx\n", plpks_get_signedupdatealgorithms); + +static const struct attribute *config_attrs[] = { + &attr_version.attr, + &attr_max_object_size.attr, + &attr_total_size.attr, + &attr_used_space.attr, + &attr_supported_policies.attr, + &attr_signed_update_algorithms.attr, + NULL, +}; + +static u32 get_policy(const char *name) +{ + if ((strcmp(name, "db") == 0) || + (strcmp(name, "dbx") == 0) || + (strcmp(name, "grubdb") == 0) || + (strcmp(name, "grubdbx") == 0) || + (strcmp(name, "sbat") == 0)) + return (PLPKS_WORLDREADABLE | PLPKS_SIGNEDUPDATE); + else + return PLPKS_SIGNEDUPDATE; +} + +static const char * const plpks_var_names[] = { + "PK", + "KEK", + "db", + "dbx", + "grubdb", + "grubdbx", + "sbat", + "moduledb", + "trustedcadb", + NULL, +}; + +static int plpks_get_variable(const char *key, u64 key_len, u8 *data, + u64 *data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + var.os = PLPKS_VAR_LINUX; + if (data) { + var.data = data; + var.datalen = *data_size; + } + rc = plpks_read_os_var(&var); + + if (rc) + goto err; + + *data_size = var.datalen; + +err: + kfree(var.name); + if (rc && rc != -ENOENT) { + pr_err("Failed to read variable '%s': %d\n", key, rc); + // Return -EIO since userspace probably doesn't care about the + // specific error + rc = -EIO; + } + return rc; +} + +static int plpks_set_variable(const char *key, u64 key_len, u8 *data, + u64 data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + u64 flags; + + // Secure variables need to be prefixed with 8 bytes of flags. + // We only want to perform the write if we have at least one byte of data. + if (data_size <= sizeof(flags)) + return -EINVAL; + + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + memcpy(&flags, data, sizeof(flags)); + + var.datalen = data_size - sizeof(flags); + var.data = data + sizeof(flags); + var.os = PLPKS_VAR_LINUX; + var.policy = get_policy(key); + + // Unlike in the read case, the plpks error code can be useful to + // userspace on write, so we return it rather than just -EIO + rc = plpks_signed_update_var(&var, flags); + +err: + kfree(var.name); + return rc; +} + +// PLPKS dynamic secure boot doesn't give us a format string in the same way OPAL does. +// Instead, report the format using the SB_VERSION variable in the keystore. +static ssize_t plpks_secvar_format(char *buf) +{ + struct plpks_var var = {0}; + ssize_t ret; + + var.component = NULL; + // Only the signed variables have null bytes in their names, this one doesn't + var.name = "SB_VERSION"; + var.namelen = 10; + var.datalen = 1; + var.data = kzalloc(1, GFP_KERNEL); + + // Unlike the other vars, SB_VERSION is owned by firmware instead of the OS + ret = plpks_read_fw_var(&var); + if (ret) { + if (ret == -ENOENT) { + ret = snprintf(buf, SECVAR_MAX_FORMAT_LEN, "ibm,plpks-sb-unknown"); + } else { + pr_err("Error %ld reading SB_VERSION from firmware\n", ret); + ret = -EIO; + } + goto err; + } + + // This string is made up by us - the hypervisor doesn't provide us + // with a format string in the way that OPAL firmware does. Hypervisor + // defines SB_VERSION as a "1 byte unsigned integer value". + ret = snprintf(buf, SECVAR_MAX_FORMAT_LEN, "ibm,plpks-sb-v%hhu", var.data[0]); + +err: + kfree(var.data); + return ret; +} + +static int plpks_max_size(u64 *max_size) +{ + // The max object size reported by the hypervisor is accurate for the + // object itself, but we use the first 8 bytes of data on write as the + // signed update flags, so the max size a user can write is larger. + *max_size = (u64)plpks_get_maxobjectsize() + 8; + + return 0; +} + + +static const struct secvar_operations plpks_secvar_ops = { + .get = plpks_get_variable, + .set = plpks_set_variable, + .format = plpks_secvar_format, + .max_size = plpks_max_size, + .config_attrs = config_attrs, + .var_names = plpks_var_names, +}; + +static int plpks_secvar_init(void) +{ + if (!plpks_is_available()) + return -ENODEV; + + set_secvar_ops(&plpks_secvar_ops); + return 0; +} +machine_device_initcall(pseries, plpks_secvar_init); From patchwork Wed Jan 18 06:10:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45017 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2175575wrn; Tue, 17 Jan 2023 22:36:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXtLYssSBS8PGZjC+upXE60HXg+LzCEf9apiIMdWGote7nVLHgaxV50MxpEL44ob39tfDo00 X-Received: by 2002:a17:902:a38d:b0:194:b982:e064 with SMTP id x13-20020a170902a38d00b00194b982e064mr1215494pla.34.1674023774055; Tue, 17 Jan 2023 22:36:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023774; cv=none; d=google.com; s=arc-20160816; b=Ow10b7VyqQV8/B57rm+OEhlOwifq6n0WQPryBl9W782MwstdWzG5lwP5FBhIQ45sX7 SaBJY2seXi4EaqJROFYA7pHGvNBiYt/OJPMAm8gQ8MkcLg0yzsh03xgUveUMedcHo94a YmOoePx/Oga9yRRroVxtrokEq5DG3qmslTPXdQ2jQxVAZZMulr57ZgmDOqyNqbNZEEWn D7UmGQd90V5Q3NBedALCVUmEcQuGRN+9nTAjMVhp9kQS3LZaI2A4tpHDA/rZg5jnqUCG Qru2Y9x+cyidQV9bXIrym3Oqj3BB00nEzNkVZsqrtJrIGlEDngb2BV2PeYNW/IfYMX0C ys2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zTIV6PRVUVjhP5LqIHw2BlDGgUnAlkowALzDmGJNn38=; b=efK89oP5BmOM1FsZrLtDdQ5G7zirfNbvhEdUQRJX5XfmJ1wkBBNOj6JCg9snRBFdGt mUkzVthMV9VYP4m1f5JpKRzXMPMSyJZ5a52ecZViaDomxDTmawbOP3mzZ1wPVwTKAOwu ErBErrqc7d2DEdbGX8XNaZpRSlNg+FeucZRrKfTW3RXuy4KsdnKbd6ftgjKDk54QqwiX 8K/4N8sx5gHwRLHWqCSpUlIDnk9FZlE5eaaSJy6uyWOKBZEbbBSdUyoe9wUnobxBmNmb sQp61vb491aXirPFXf3IIbACkslgryfg4hal6b5tvYbV9MSXZU9AUr8Mhd/vPnCqg+GL HBQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PYaxnPro; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q9-20020a170902bd8900b00189efa12957si29992360pls.126.2023.01.17.22.36.02; Tue, 17 Jan 2023 22:36:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PYaxnPro; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229741AbjARGfb (ORCPT + 99 others); Wed, 18 Jan 2023 01:35:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229706AbjARGWb (ORCPT ); Wed, 18 Jan 2023 01:22:31 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 660204E509; Tue, 17 Jan 2023 22:11:29 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3C7wv005658; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=zTIV6PRVUVjhP5LqIHw2BlDGgUnAlkowALzDmGJNn38=; b=PYaxnProKxeXPcGsCkoagkyTaeE/+CdGEp3IAmHTpmg++n5jJdL0N2XwmDAQExaZtlTc Gz6uWfc2DTW7HPeVDLxtfxZkH5ZS1RzTS6mELQZI5l2kMAtem+Rh/BAdf0wR8+0gjpgv y5v/jcl60AePmeJc1bwopZSgGzUJ6gDytyaTnRjI2/CNxoBA2axOMcTig60fkocAq7XA 2SIvmWeZnpOhQ8aLZAlzLHFc/TLWrH5KffyODOKDjo3MUryV4ba1eJNNp2ucZ3Z0zQ7k FwUzGHPWvI8+zPAAiSrGcIcf6ODRfwcKUyEtl/FIBFkW6qbz59NmfvSxaFfwDDxpZPPX /w== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68n7u2g7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30HLRDYn004659; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16mtnj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BEUR44630348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:14 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BB9722004D; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4119520049; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id A9D2E609BD; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 23/24] integrity/powerpc: Improve error handling & reporting when loading certs Date: Wed, 18 Jan 2023 17:10:48 +1100 Message-Id: <20230118061049.1006141-24-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: GzLCZsfabuhnXz8eBLEXXzmTCrjoyt1e X-Proofpoint-GUID: GzLCZsfabuhnXz8eBLEXXzmTCrjoyt1e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 suspectscore=0 impostorscore=0 mlxscore=0 malwarescore=0 clxscore=1015 priorityscore=1501 mlxlogscore=999 bulkscore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755341152854774665?= X-GMAIL-MSGID: =?utf-8?q?1755341152854774665?= From: Russell Currey A few improvements to load_powerpc.c: - include integrity.h for the pr_fmt() - move all error reporting out of get_cert_list() - use ERR_PTR() to better preserve error detail - don't use pr_err() for missing keys Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- .../integrity/platform_certs/load_powerpc.c | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index 1e4f80a4e71c..dee51606d5f4 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -14,9 +14,15 @@ #include #include #include "keyring_handler.h" +#include "../integrity.h" /* * Get a certificate list blob from the named secure variable. + * + * Returns: + * - a pointer to a kmalloc'd buffer containing the cert list on success + * - NULL if the key does not exist + * - an ERR_PTR on error */ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { @@ -25,19 +31,19 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) rc = secvar_ops->get(key, keylen, NULL, size); if (rc) { - pr_err("Couldn't get size: %d\n", rc); - return NULL; + if (rc == -ENOENT) + return NULL; + return ERR_PTR(rc); } db = kmalloc(*size, GFP_KERNEL); if (!db) - return NULL; + return ERR_PTR(-ENOMEM); rc = secvar_ops->get(key, keylen, db, size); if (rc) { kfree(db); - pr_err("Error reading %s var: %d\n", key, rc); - return NULL; + return ERR_PTR(rc); } return db; @@ -69,7 +75,11 @@ static int __init load_powerpc_certs(void) */ db = get_cert_list("db", 3, &dbsize); if (!db) { - pr_err("Couldn't get db list from firmware\n"); + pr_info("Couldn't get db list from firmware\n"); + } else if (IS_ERR(db)) { + rc = PTR_ERR(db); + pr_err("Error reading db from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:db", db, dbsize, get_handler_for_db); @@ -81,6 +91,10 @@ static int __init load_powerpc_certs(void) dbx = get_cert_list("dbx", 4, &dbxsize); if (!dbx) { pr_info("Couldn't get dbx list from firmware\n"); + } else if (IS_ERR(dbx)) { + rc = PTR_ERR(dbx); + pr_err("Error reading dbx from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:dbx", dbx, dbxsize, get_handler_for_dbx); From patchwork Wed Jan 18 06:10:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 45004 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2174151wrn; Tue, 17 Jan 2023 22:31:49 -0800 (PST) X-Google-Smtp-Source: AMrXdXsDgEFihpS1q8/yw5F3knq/meJ+5WJQH4H/UwBq2sDC3G8YDnP7AVMv/qtdDH79IXOdV5RI X-Received: by 2002:a17:902:e788:b0:194:9e58:13da with SMTP id cp8-20020a170902e78800b001949e5813damr6345133plb.11.1674023509263; Tue, 17 Jan 2023 22:31:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674023509; cv=none; d=google.com; s=arc-20160816; b=YdzSs1J8SkyM7NhtVYHBkgp7cKxg0ANoh9OSBOu94rhOVkGgkt/bDR0ubViak60YqE r1+v9EJnjbxPETeDCk8lP0LLicW6kbMS65f6B3lNB7awtgCVwj1/usQaDk7lRgSBtOkS rXoDW2Uo2EexlRJtYe89Fb7h2pRbCeHYs/Jj6uLeOYt14pLF31DKI/Fn/zF0gV8srbrM jk15DKnLs1DZKNUhem90XDpXk1kqFtJJ0qxfYOUZwAKqg9LWfhQMPMtqj6mn2o8sPbfT xVlNhCEeryPBhcUvXKmDDOv2hMSxxSzw0CPN4iVGx4JggkNPPYWEzbyw6lp4t/TJIlyX jBSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/LIOovBYmShleYv8Bo+CZamu22fOrs0higkDrpFHkdw=; b=K5EtpEmKnKQiRsrRyj5bBtmfC57OQCuv0s3HorxbLpQwbh8btTr1FjEpY6ekylb4nj PNlK7P89FyN1MuIIcZEGFq9IL261znFZVAqywCD39O4Opz2bIM9VIC4BL/yVSwrMKXd7 aR1i9vfJ8j+fDiMV2/MsCqB6DPaO10WAlp9MkAkpd7TvoDipaeXbEe/L+8X45pcHZ/Ea q4VfnI8/pQZpIRJxNW+mPEPfG4laukEVvc0D7QGtX+6ZCijmS8w7N9hVb8wguGAWQU0G W3DO22zA4qPpyVQubYaZPwMIFvzIdP6HQzadBrjfWxurZgVjksGJQajNSVIvL1Z2lzYL Tpkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=r6deEbyf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q14-20020a170902f78e00b00189a6834dbesi33499214pln.103.2023.01.17.22.31.34; Tue, 17 Jan 2023 22:31:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=r6deEbyf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229950AbjARGaS (ORCPT + 99 others); Wed, 18 Jan 2023 01:30:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229448AbjARGWX (ORCPT ); Wed, 18 Jan 2023 01:22:23 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65DE24E501; Tue, 17 Jan 2023 22:11:28 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30I3X8PN013916; Wed, 18 Jan 2023 06:11:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=/LIOovBYmShleYv8Bo+CZamu22fOrs0higkDrpFHkdw=; b=r6deEbyffEeIPqqn1RIlfNQY8lGTJI9QcfqGW3f95cZa4IVEB1dafKGEWOjmbIaigwp/ H46+WRjnmwWjNEmUyhDXjE8zcfN3IPuFeVg7Nb6TtSkaPUzXnNE5SH9HQasPJ8JId5QK Sw24Kvctzr2XXItX2fcCdBMKuMq3OBkO9q4R47LGrvgXBuEOmgFCCptMUdkPW3+yqI8R yRgOTrbo3KRADm845Bg/oQABYzS+KkbXAwoOA6O1QqiTXQXBxTB5a/gRoKPtQv7hU/3H g8dw4En9dM88/y7gkfzNTVQGE+L/tqndXpET+Nd84iVMMgChHTmbqanPvP/F/yk+4Pdg 6Q== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n68ycaq67-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:19 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30I1u6wi012206; Wed, 18 Jan 2023 06:11:17 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3n3m16kgv3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 06:11:17 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30I6BEaf41943346 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jan 2023 06:11:15 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BBAD72005A; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4137D2004B; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jan 2023 06:11:14 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id AFF08609C3; Wed, 18 Jan 2023 17:11:08 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com Subject: [PATCH v3 24/24] integrity/powerpc: Support loading keys from pseries secvar Date: Wed, 18 Jan 2023 17:10:49 +1100 Message-Id: <20230118061049.1006141-25-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118061049.1006141-1-ajd@linux.ibm.com> References: <20230118061049.1006141-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: DTpzqE4IM2rQevC0e56YT0J8QZVUR-_Q X-Proofpoint-ORIG-GUID: DTpzqE4IM2rQevC0e56YT0J8QZVUR-_Q X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-18_01,2023-01-17_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301180051 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755340875125777230?= X-GMAIL-MSGID: =?utf-8?q?1755340875125777230?= From: Russell Currey The secvar object format is only in the device tree under powernv. We now have an API call to retrieve it in a generic way, so we should use that instead of having to handle the DT here. Add support for pseries secvar, with the "ibm,plpks-sb-v1" format. The object format is expected to be the same, so there shouldn't be any functional differences between objects retrieved from powernv and pseries. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- .../integrity/platform_certs/load_powerpc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index dee51606d5f4..8fa899616d92 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include "keyring_handler.h" @@ -59,16 +58,22 @@ static int __init load_powerpc_certs(void) void *db = NULL, *dbx = NULL; u64 dbsize = 0, dbxsize = 0; int rc = 0; - struct device_node *node; + ssize_t len; + char buf[SECVAR_MAX_FORMAT_LEN]; if (!secvar_ops) return -ENODEV; - /* The following only applies for the edk2-compat backend. */ - node = of_find_compatible_node(NULL, NULL, "ibm,edk2-compat-v1"); - if (!node) + len = secvar_ops->format(buf); + if (len <= 0) return -ENODEV; + // Check for known secure boot implementations from OPAL or PLPKS + if (strcmp("ibm,edk2-compat-v1", buf) && strcmp("ibm,plpks-sb-v1", buf)) { + pr_err("Unsupported secvar implementation \"%s\", not loading certs\n", buf); + return -ENODEV; + } + /* * Get db, and dbx. They might not exist, so it isn't an error if we * can't get them. @@ -103,8 +108,6 @@ static int __init load_powerpc_certs(void) kfree(dbx); } - of_node_put(node); - return rc; } late_initcall(load_powerpc_certs);