From patchwork Fri Jan 20 07:42:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46183 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65398wrn; Thu, 19 Jan 2023 23:44:17 -0800 (PST) X-Google-Smtp-Source: AMrXdXuiS2Id+7wM9BlOWfs/r14o73ELvHdxvwtSVh/ClEFeSu1gzg+I4OXo/+sYBKcHbiWwO0Z4 X-Received: by 2002:a17:90a:6e4a:b0:223:f234:6a3 with SMTP id s10-20020a17090a6e4a00b00223f23406a3mr13826669pjm.49.1674200657372; Thu, 19 Jan 2023 23:44:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200657; cv=none; d=google.com; s=arc-20160816; b=YkdwxzWabFMmm1Lb6iOTe734hZs1F7ZHD2dzrZPPjd26P5YW6nMWcDSdTsMsEwEo+e K47QVeNhcLvXqITbREF2EmZOqlrmzglhYyXShDT2QxLPOqzMJndExsTE+wBRiB6Sz+3J UO6UjCRkAwDwRte5l4iApwW0afGo1LdKADF0XghAinTyV7ZCpjqMFUHiYcsZ5GrEG2Ai ZyGhHtrDdJ9txDwQEcTVDhyHM64YHb7SOKkA01P3ih28fc+pbSTpOcN0KxYwm3w95Y9c I/YhuOZf8bQoZofRAsVfkfabjVt7Gmqr238A5xfl2588ZKuXvhDML/GStROw2nvylxQ5 BQ6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FLjl7BuIhILUO8rddxgTv9zZJ0712cjD5uiG0ZQ/KkI=; b=fFewz/bzhYS5JntJGLJQHWUt+iGDPXSY65r3Rrn5s4lg3qQ8/a/nqcCUTdiQpg99wT SKuawSxbLrEgupHEWMQlztwiyME8Ro2ASH2E+hcCSu4Xup8QDcHqBzp8OFbuCiMcc8Me I4CngHwU4sDA+eZ86gMFdEfc37CvaNTQ4q+H64XxklfS6t2Pf3DA8BYm5SJmA+Takwud fVTTxPtuYMGhyQNotnmbIRWYQjonNhIiskvMo7fALqSHb3CKBz4Une3b8SkWGgULqMxe Xt1kyl5ODjGF0Q2zaBUSBI/l4FeQdKcv05wz0qoITOMZYD48/arayynClKyK+lXX/R94 /QrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=N4xVjnu1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v4-20020a17090a898400b0021878aebd90si1557640pjn.168.2023.01.19.23.44.05; Thu, 19 Jan 2023 23:44:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=N4xVjnu1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230271AbjATHn4 (ORCPT + 99 others); Fri, 20 Jan 2023 02:43:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230156AbjATHnt (ORCPT ); Fri, 20 Jan 2023 02:43:49 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A90F7DFAD; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7U2rL026954; Fri, 20 Jan 2023 07:43:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=FLjl7BuIhILUO8rddxgTv9zZJ0712cjD5uiG0ZQ/KkI=; b=N4xVjnu1a6qIpWK+c58BJVYvBIHUyR2Cxwwj7dvgoUCKAz133qFR/HXWqE8hxNzDpwwO U0l9jZFBR/5om5yp5JhnUWivimLOB4W3tV8eYI5vpY1jWw9zE+xitZy7vgvnPzM8HkEs wLEPAyxObLefxFHVXatpJK/Z0OmtvYgVVfuh46sdsLIpxHHz9KA37WybZ+CjQ0aKsI/z HBJNHgjYu4DaZETHvUGQQVs87+il8pHQBBFrPpWOFyqIzgUr4KVBv5+OY5EVkwsPcFUN IiEDb59UwvQdxTyOurg/9R+499eQ+FNRTRzWId50ekArEc6j/4xzw8Gs4LDwtonoYBhb 2Q== Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7p1e92fe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JMPBnv010590; Fri, 20 Jan 2023 07:43:34 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma06fra.de.ibm.com (PPS) with ESMTPS id 3n3knfdkre-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:34 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hWUs49152316 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:32 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6B2392004B; Fri, 20 Jan 2023 07:43:32 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E364C20040; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id AB0F2605A5; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 01/24] powerpc/pseries: Fix handling of PLPKS object flushing timeout Date: Fri, 20 Jan 2023 18:42:43 +1100 Message-Id: <20230120074306.1326298-2-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: bXomEqbrNyGopMDAe26t5fNKyzGL8tlJ X-Proofpoint-GUID: bXomEqbrNyGopMDAe26t5fNKyzGL8tlJ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 mlxscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 priorityscore=1501 impostorscore=0 clxscore=1015 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526628228410347?= X-GMAIL-MSGID: =?utf-8?q?1755526628228410347?= plpks_confirm_object_flushed() uses the H_PKS_CONFIRM_OBJECT_FLUSHED hcall to check whether changes to an object in the Platform KeyStore have been flushed to non-volatile storage. The hcall returns two output values, the return code and the flush status. plpks_confirm_object_flushed() polls the hcall until either the flush status has updated, the return code is an error, or a timeout has been exceeded. While we're still polling, the hcall is returning H_SUCCESS (0) as the return code. In the timeout case, this means that upon exiting the polling loop, rc is 0, and therefore 0 is returned to the user. Handle the timeout case separately and return ETIMEDOUT if triggered. Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Reported-by: Benjamin Gray Signed-off-by: Andrew Donnellan Tested-by: Russell Currey Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Neaten how we return at the end of the function (ruscur) v4: Move up in series (npiggin) --- arch/powerpc/platforms/pseries/plpks.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 4edd1585e245..9e85b6d85b0b 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -248,6 +248,7 @@ static int plpks_confirm_object_flushed(struct label *label, struct plpks_auth *auth) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; + bool timed_out = true; u64 timeout = 0; u8 status; int rc; @@ -259,22 +260,26 @@ static int plpks_confirm_object_flushed(struct label *label, status = retbuf[0]; if (rc) { + timed_out = false; if (rc == H_NOT_FOUND && status == 1) rc = 0; break; } - if (!rc && status == 1) + if (!rc && status == 1) { + timed_out = false; break; + } usleep_range(PKS_FLUSH_SLEEP, PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); timeout = timeout + PKS_FLUSH_SLEEP; } while (timeout < PKS_FLUSH_MAX_TIMEOUT); - rc = pseries_status_to_err(rc); + if (timed_out) + return -ETIMEDOUT; - return rc; + return pseries_status_to_err(rc); } int plpks_write_var(struct plpks_var var) From patchwork Fri Jan 20 07:42:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46181 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65365wrn; Thu, 19 Jan 2023 23:44:12 -0800 (PST) X-Google-Smtp-Source: AMrXdXtGciJg1+uKM3pSpKmFIzLnyfbTiC0O2DDCcv6/mXktH1gbmv88okBNB1gvotDAV9JvxMtL X-Received: by 2002:a05:6a20:ba11:b0:ad:5a4d:95b5 with SMTP id fa17-20020a056a20ba1100b000ad5a4d95b5mr34473901pzb.40.1674200651840; Thu, 19 Jan 2023 23:44:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200651; cv=none; d=google.com; s=arc-20160816; b=CA/I7ZTCp0iMztpNBJ3BqoMm74R2F6h0IiBxGjwt0rGJqyKGqzc7L86vdDWs6+PeA5 wV7zYWHPVkwPAylJ/gaNVkSMjL5jFSz0bDaVMPt0Z68lhQ+Jau4ESb2VVkbHi8p7q9Q5 2x59bMi0Y+3fGjk0L0v4FAmtF9vv10EW2SEZNtcFksROvvqvFdrc8Zds6JSR7fn5LRgQ TnuZ6q26yMh5oLHn6g7MEgs4V1/X0poJHlJIL44TfuIQQA/dEjpSRYiGlvbjvZT/kTrM Ezxix+brzQHz8R6WxX17t0IVFlMpOfTzCyDA0WgIARu049sqT/CcnHrA8ouvZzoNKgrj QCnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=grILWy5I/lURrLpjLU3fbP0cTkagwaubXu7uz24+NCo=; b=ThQ8xkmxjgTh7IuHIqPq9b9qeT4YuIyD0MWVsJlnx1IN7ewjepwviCuHPeCqUl07b0 ynNqzHF9yeKkgvHZ+ndBzsT0/oXK1AMeOAsctaxDXkOS5xtmxgH1VxgbMkjoHwzndpMn /31AOBt7cjZSmjae4LSgsHi+CzCaoewMh57JpXFemR0/Oj6qMvkW1anWw+xBau9GvsJQ YCW/vfLA/VZl5D3NdcNHxGLBACuRWjgCzGRW/7oWrC2gBpAM7D7HTAYj335iq+VgNIfP DyRbqhY+5rzzdCxzi4yo6YPMyxnVhCrfvp6yMXO8P04XLbD9dXeJxhX/qBiVjawHcYCi Q7TQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=cX7bhehL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p15-20020a056a000a0f00b0057629288720si45268447pfh.176.2023.01.19.23.43.59; Thu, 19 Jan 2023 23:44:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=cX7bhehL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230209AbjATHnw (ORCPT + 99 others); Fri, 20 Jan 2023 02:43:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230122AbjATHnt (ORCPT ); Fri, 20 Jan 2023 02:43:49 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9FDB27D67A; Thu, 19 Jan 2023 23:43:47 -0800 (PST) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K6U1NM017522; Fri, 20 Jan 2023 07:43:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=grILWy5I/lURrLpjLU3fbP0cTkagwaubXu7uz24+NCo=; b=cX7bhehLLUc2EsyMGPjP65vHV0sTOQiekZ7X2JfMo3qJs2Geu6+riy3bCh7j2gqs4ojq 9uk1VRqhcBMvPjeNtI6AoXl6SbdNyLTcy6v1mlR5mM9UeMJ8ZC1nDuKH3cvU+o05/pcB wWs4t268MQcAhieEjzCEiuFX8QQ95ldtCG8e1rVfuMNCpIHbtH6M5nptMwZmmzsmVIvk ggOnr28oa7/TsRwcT5QxSdcULSKH+WKnLoLMyt9IHiTDZsMwoeIx9wUB9C1r1MKuWzdD Y8RSMK/Eciw9+jFTVqa5tZDCQj8Psx1J8U76krbiLgcMRsr1h7oNIWFgCGFtg2jP1ozQ DA== Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7nr9hec6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JN7s6u006911; Fri, 20 Jan 2023 07:43:34 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3n3m16njxb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:34 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hWUi42664202 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:32 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 62B8B2004B; Fri, 20 Jan 2023 07:43:32 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DAB9420043; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id AF984605A6; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 02/24] powerpc/pseries: Fix alignment of PLPKS structures and buffers Date: Fri, 20 Jan 2023 18:42:44 +1100 Message-Id: <20230120074306.1326298-3-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: RiAFX32W7Ai_p8cphOkPG0zBkvP5Fs4e X-Proofpoint-GUID: RiAFX32W7Ai_p8cphOkPG0zBkvP5Fs4e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 spamscore=0 malwarescore=0 bulkscore=0 priorityscore=1501 adultscore=0 lowpriorityscore=0 mlxlogscore=999 mlxscore=0 clxscore=1015 suspectscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526622830149243?= X-GMAIL-MSGID: =?utf-8?q?1755526622830149243?= A number of structures and buffers passed to PKS hcalls have alignment requirements, which could on occasion cause problems: - Authorisation structures must be 16-byte aligned and must not cross a page boundary - Label structures must not cross page boundaries - Password output buffers must not cross page boundaries Round up the allocations of these structures/buffers to the next power of 2 to make sure this happens. Reported-by: Benjamin Gray Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Signed-off-by: Andrew Donnellan Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series v4: Fix typo in commit message Move up in series (npiggin) --- arch/powerpc/platforms/pseries/plpks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 9e85b6d85b0b..a01cf2ff140a 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -126,7 +126,8 @@ static int plpks_gen_password(void) u8 *password, consumer = PKS_OS_OWNER; int rc; - password = kzalloc(maxpwsize, GFP_KERNEL); + // The password must not cross a page boundary, so we align to the next power of 2 + password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) return -ENOMEM; @@ -162,7 +163,9 @@ static struct plpks_auth *construct_auth(u8 consumer) if (consumer > PKS_OS_OWNER) return ERR_PTR(-EINVAL); - auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); + // The auth structure must not cross a page boundary and must be + // 16 byte aligned. We align to the next largest power of 2 + auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL); if (!auth) return ERR_PTR(-ENOMEM); @@ -196,7 +199,8 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component && slen > sizeof(label->attr.prefix)) return ERR_PTR(-EINVAL); - label = kzalloc(sizeof(*label), GFP_KERNEL); + // The label structure must not cross a page boundary, so we align to the next power of 2 + label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); if (!label) return ERR_PTR(-ENOMEM); From patchwork Fri Jan 20 07:42:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46182 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65384wrn; Thu, 19 Jan 2023 23:44:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXuqxm/DMGv/3RZny/h6TmDN3JNNM+NODvlYJ447esI6mkEiVf6Llq6ZR7vPt+ddC8xlQD2b X-Received: by 2002:a17:90b:2395:b0:226:f35f:923b with SMTP id mr21-20020a17090b239500b00226f35f923bmr14414312pjb.2.1674200654645; Thu, 19 Jan 2023 23:44:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200654; cv=none; d=google.com; s=arc-20160816; b=emnNy8Fwc7KTjfAFJ4bi5tqWyFlQNBaqKfIKzcFdmMKi7tA5Z5hVF2I+LQvU01oVUt XJOPEiT0r4/pr9exBsgk3Q1EoVsHH5cFF5pDdWpeuokgrLx/wKKNsnsr8PZO7B5y7bSH m5HEup96VlzAS5q+lrGPGgqUTlgW2gWHgsI6Xc3merrjQPuPYvbm13grawP1FIL+Fgpq wEyhDxncAdCtKiJFTzyWiQ0vsKKpO/X/IhyMnnAEBUjrkb6cCyh2zaRJcPkcC5Kyt6Yl 1jI8t5Etj+hWJOk2DKR7f1k3NsWBUiuq/LgTwmLm9G+SEQfbC9mqqw/H8VgyCZRnVWFf MLMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=U0T7vD2M0LInYRTBrTCo83YjKh6AqmuZmIT8n37KGrk=; b=T7x2vfjvRiIFiAIH0BFQmD6u08eBYp5Iisv3Ofv8yAhgafOrN/UX5TNfpVL5RgQxxp oFrWDCwZD3fcxs+KrhUa5SgDhqwVDtLmJTunNZdsgo4bP1zKPIOYceIVEYMVpo09qcjm aX2Ttv0jkqNpRuYn7d22bf5nCyodNDoI/4vdOHyih83f7bnl+hTM5BhoYNk2Z6jyXjqU 70XeoDP3jZ95mriy14UBvT3Jgb0r/AI6jIMEnoYpRN6EsBJvPahDTmGM7nasDw9BeyTq 723hEBTyUwBQmvpuyC0gu7UolMV4q92xYKADPT+uG1mLh2Qw4WhlDskIGIgivd15GUrh SuFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ZvwooqRV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q20-20020a17090a2e1400b00219738f4d3dsi1699154pjd.136.2023.01.19.23.44.02; Thu, 19 Jan 2023 23:44:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ZvwooqRV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230257AbjATHny (ORCPT + 99 others); Fri, 20 Jan 2023 02:43:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44904 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230097AbjATHnt (ORCPT ); Fri, 20 Jan 2023 02:43:49 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44E1A7DFAA; Thu, 19 Jan 2023 23:43:47 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7FXRo019289; Fri, 20 Jan 2023 07:43:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=U0T7vD2M0LInYRTBrTCo83YjKh6AqmuZmIT8n37KGrk=; b=ZvwooqRVNTBSnBafKRmz5oldkQU7FGqr8WplGWvDPjpzLnwHy3P++BnnBK/UZV5sgyiW kMMCXbhbaPZ8JPXkDzFzPji2COuXx3Y0tcFOHSKaWVr+wbCcpCyYuA0nrHyjPdm9wKzq NG3Hy6uR6Nhc/tNMAHlR9zwkkJ+dStTBEAwpP2aeQJxLtybJ9b7HfJGDESACF16FMjCD AtQkNbPdz+6dJwaVW3/+rrLCFi4bvVCsXKguu+6/1ddTzP5053wYxvXLN6m1xtBFpkqt Wcjd6bStfVLIANEWchHYBtqBaR9r5TQOHsDzs4qOyOC5wnDz3+6RxXT5r00TsnVv1KSZ bw== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pdkrhug-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JAGVts011562; Fri, 20 Jan 2023 07:43:35 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dkgv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:35 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hWPI42664204 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:33 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DB8392004D; Fri, 20 Jan 2023 07:43:32 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E49F520043; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id B49B660306; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 03/24] powerpc/secvar: Use u64 in secvar_operations Date: Fri, 20 Jan 2023 18:42:45 +1100 Message-Id: <20230120074306.1326298-4-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: VQQ1sGbo-8_qhLYcHKZ78aKuQ7pKEOHd X-Proofpoint-ORIG-GUID: VQQ1sGbo-8_qhLYcHKZ78aKuQ7pKEOHd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526625382313544?= X-GMAIL-MSGID: =?utf-8?q?1755526625382313544?= From: Michael Ellerman There's no reason for secvar_operations to use uint64_t vs the more common kernel type u64. The types are compatible, but they require different printk format strings which can lead to confusion. Change all the secvar related routines to use u64. Signed-off-by: Michael Ellerman Reviewed-by: Russell Currey Reviewed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: Include new patch --- arch/powerpc/include/asm/secvar.h | 9 +++------ arch/powerpc/kernel/secvar-sysfs.c | 8 ++++---- arch/powerpc/platforms/powernv/opal-secvar.c | 9 +++------ security/integrity/platform_certs/load_powerpc.c | 4 ++-- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 4cc35b58b986..07ba36f868a7 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -14,12 +14,9 @@ extern const struct secvar_operations *secvar_ops; struct secvar_operations { - int (*get)(const char *key, uint64_t key_len, u8 *data, - uint64_t *data_size); - int (*get_next)(const char *key, uint64_t *key_len, - uint64_t keybufsize); - int (*set)(const char *key, uint64_t key_len, u8 *data, - uint64_t data_size); + int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); + int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); + int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 1ee4640a2641..001cdbcdb9d2 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -47,7 +47,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - uint64_t dsize; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -64,8 +64,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { - uint64_t dsize; char *data; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -166,9 +166,9 @@ static int update_kobj_size(void) static int secvar_sysfs_load(void) { - char *name; - uint64_t namesize = 0; struct kobject *kobj; + u64 namesize = 0; + char *name; int rc; name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL); diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 14133e120bdd..ef89861569e0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -54,8 +54,7 @@ static int opal_status_to_err(int rc) return err; } -static int opal_get_variable(const char *key, uint64_t ksize, - u8 *data, uint64_t *dsize) +static int opal_get_variable(const char *key, u64 ksize, u8 *data, u64 *dsize) { int rc; @@ -71,8 +70,7 @@ static int opal_get_variable(const char *key, uint64_t ksize, return opal_status_to_err(rc); } -static int opal_get_next_variable(const char *key, uint64_t *keylen, - uint64_t keybufsize) +static int opal_get_next_variable(const char *key, u64 *keylen, u64 keybufsize) { int rc; @@ -88,8 +86,7 @@ static int opal_get_next_variable(const char *key, uint64_t *keylen, return opal_status_to_err(rc); } -static int opal_set_variable(const char *key, uint64_t ksize, u8 *data, - uint64_t dsize) +static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) { int rc; diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index a2900cb85357..1e4f80a4e71c 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -18,7 +18,7 @@ /* * Get a certificate list blob from the named secure variable. */ -static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) +static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { int rc; void *db; @@ -51,7 +51,7 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) static int __init load_powerpc_certs(void) { void *db = NULL, *dbx = NULL; - uint64_t dbsize = 0, dbxsize = 0; + u64 dbsize = 0, dbxsize = 0; int rc = 0; struct device_node *node; From patchwork Fri Jan 20 07:42:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46180 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65330wrn; Thu, 19 Jan 2023 23:44:06 -0800 (PST) X-Google-Smtp-Source: AMrXdXsJmm3vOkCYqFlxvnYWxGklTq0B69SzY0p5JK87JCz+5oV8oI7a3Jx4LcPnrqe8hmTc1ffv X-Received: by 2002:a05:6a20:4d9d:b0:af:e129:cb7 with SMTP id gj29-20020a056a204d9d00b000afe1290cb7mr12716286pzb.52.1674200646526; Thu, 19 Jan 2023 23:44:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200646; cv=none; d=google.com; s=arc-20160816; b=ScGq+R+ygEVWb5YvkBaxAkyDiAMdEHi+p8MFO3yAZvy3q+gToGNqmYaNFDluQznTKc mkJKqDuZKjK9NldLCvGcJAxDtPU1GMQ5yhOFgoKUe5JRXt9ToOUJl3YzU5YlWC70xps9 PBsb1ilA0rF7Nx6W78WQnBP8tIvBaxdxg1kmf+FmWJUNQyKDcWLwsM/k6EQxukCPbaxL JsLB2qBvwBMbYr+Tx/WNn+wbZ/nuB2upGlc4LPA7SLGSXTx9ZTXw1mJOwFJOTdkgkr0N /RFh+XIvyB6YargqoIl1OysvNfpaB7g2uSARJ6np0BvMY/kXVGIAApqUX5wGOBIgzX11 a5/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lSXMUCav8MSPGkLiWLMSzecOSZJGO0arD0Dqac9w8p4=; b=YmEHv0UUHnAo9aDxvg1kwrQaGd4T3tonDNMcGPZxwyt/5kf2YhuOPWhaNBmmOKl5rN BHtIk6/lrTPl7D4lyuAK58jp/4nfitFxp4CYAspPFOMV/M9VPbFfnTK20R2q7p42NtKw 1p8zaIDR6b+/438SZf3TYH8yuSBEY4oN5570FRzCin1ZgtEHaDNSRW7WChNEa5YASgfO CTlSQUFcLmqDqFQ4KKsP6YmeD0gPY7CZCrVdOitVY3ARDvQx5lHULqhfRa4o2t9UFHLf kyrx3DipfKf6UQ0NvNvYE9WC3JEuZdOx5MxZOwiWZv4LgbiikqiEUcGQ3DrXhGCNbHjl VOyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="f58/WxHh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 123-20020a630081000000b004d0c06283e0si7394101pga.446.2023.01.19.23.43.54; Thu, 19 Jan 2023 23:44:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="f58/WxHh"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230143AbjATHnt (ORCPT + 99 others); Fri, 20 Jan 2023 02:43:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229499AbjATHns (ORCPT ); Fri, 20 Jan 2023 02:43:48 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C74D7DF95; Thu, 19 Jan 2023 23:43:47 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7FUgP019165; Fri, 20 Jan 2023 07:43:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=lSXMUCav8MSPGkLiWLMSzecOSZJGO0arD0Dqac9w8p4=; b=f58/WxHh8H2YX4DNsUhJNaunkkw8o0BSd7VqdipHelW1AYBKQoVB3ASYziCcvZhwVxBv //ix6+ljO3ii5fQOcUrl+vUWvKm00rjc24ADrXIhiKovWfJ4jNg+ZukTPxqkjtXje2Qv UTy08OclSYI74unocAgK+TRl0XkwW9tAp0Q/KcjN/+gZFWfe36fsJ/q64JTzlp5HoiBG KZfirNbpwmnd6FZKC2ircA0tv+LRjot30c0fukPi7EOL7yn+rf6RD3LP/3tH2A6kujaC dvi2HuxRA6ZtPVPPVbrSGKrj5gcQbAD2IyO0HTeLAjZCFH8p7rdyzNItGnXfn8PQXNID xA== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pdkrhud-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:36 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JJTZqO009485; Fri, 20 Jan 2023 07:43:34 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfqpaf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:34 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hWRt43975050 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:32 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6291B20043; Fri, 20 Jan 2023 07:43:32 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DB1D220040; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:31 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id BAED5605B2; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 04/24] powerpc/secvar: Warn and error if multiple secvar ops are set Date: Fri, 20 Jan 2023 18:42:46 +1100 Message-Id: <20230120074306.1326298-5-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: xJvEDN_3WgwwuJUkTmiwj8OVPm1ZHYtW X-Proofpoint-ORIG-GUID: xJvEDN_3WgwwuJUkTmiwj8OVPm1ZHYtW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 spamscore=0 impostorscore=0 clxscore=1011 adultscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526616927748350?= X-GMAIL-MSGID: =?utf-8?q?1755526616927748350?= From: Russell Currey The secvar code only supports one consumer at a time. Multiple consumers aren't possible at this point in time, but we'd want it to be obvious if it ever could happen. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v4: Return an error and don't actually try to set secvar_operations if the warning is triggered (npiggin) --- arch/powerpc/include/asm/secvar.h | 4 ++-- arch/powerpc/kernel/secvar-ops.c | 8 ++++++-- arch/powerpc/platforms/powernv/opal-secvar.c | 4 +--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 07ba36f868a7..4ce3f12c5613 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -21,11 +21,11 @@ struct secvar_operations { #ifdef CONFIG_PPC_SECURE_BOOT -extern void set_secvar_ops(const struct secvar_operations *ops); +extern int set_secvar_ops(const struct secvar_operations *ops); #else -static inline void set_secvar_ops(const struct secvar_operations *ops) { } +static inline int set_secvar_ops(const struct secvar_operations *ops) { return 0; } #endif diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c index 6a29777d6a2d..9c8dd4e7c270 100644 --- a/arch/powerpc/kernel/secvar-ops.c +++ b/arch/powerpc/kernel/secvar-ops.c @@ -8,10 +8,14 @@ #include #include +#include -const struct secvar_operations *secvar_ops __ro_after_init; +const struct secvar_operations *secvar_ops __ro_after_init = NULL; -void set_secvar_ops(const struct secvar_operations *ops) +int set_secvar_ops(const struct secvar_operations *ops) { + if (WARN_ON_ONCE(secvar_ops)) + return -1; secvar_ops = ops; + return 0; } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index ef89861569e0..4c0a3b030fe0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -113,9 +113,7 @@ static int opal_secvar_probe(struct platform_device *pdev) return -ENODEV; } - set_secvar_ops(&opal_secvar_ops); - - return 0; + return set_secvar_ops(&opal_secvar_ops); } static const struct of_device_id opal_secvar_match[] = { From patchwork Fri Jan 20 07:42:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46190 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65554wrn; Thu, 19 Jan 2023 23:44:52 -0800 (PST) X-Google-Smtp-Source: AMrXdXvi+hXzdFkrnZrs3hK05IvH9IR788nX6Ypai/QCeq1+PQcxncL5jyhVEx4hn468YgHYiMwX X-Received: by 2002:a17:902:bc86:b0:194:9c6f:64a8 with SMTP id bb6-20020a170902bc8600b001949c6f64a8mr13729871plb.38.1674200692308; Thu, 19 Jan 2023 23:44:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200692; cv=none; d=google.com; s=arc-20160816; b=R4jmGJMUR/bGhbYyYi6skZlYLk672CkVybyPFzzLNNoIU0bQqPrdEXD8BUMaZpEkqC IkA62uw47pIzFPoe6EUqu+pyWvFlRUjNvZ91Wak52o0w6cuiVDj7MVoDWwjOFKASMHB/ UQLvNFPhawLauWFEaS4ctee78EBWeA9VX4iwtB/drmEbXV+96oo/AHg/DP8YG0JFEVam qjl68gVRSx8xUha7lrwfO4Pc3vBk/+FOt94XgLfJdE+QoBDO7iUEOwuWOd5cCQ1Yaasy VRpCm8K4d2ByMeyOY8CJob9RRMmo7rbEt5OTCLoV9VGFdZteIM9yrUZWyEFkLE7AJlva eStA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JfBITR2ZTvNGGVcMLga9xRX0KrOMIU4bb//V61PbJuU=; b=w117J3hQM+WS5e4RxEdhtQUjh+lsyRid+67gxgutCyuugDhyTUbuF4I2ye+MGtWlmh /j0GsT1LR8S9S4Fel6YYuptujb0FaE8XKyZBW2kiuExsKQBGBuMhOQCGDTpncmtXHSs6 z6myHKX4uHjoXCkluo8neipmq4gl8cUcbemnQa9jirCRsHFZU28s/FE/ooitgaiFG1HI IaxSQGQvQfpmALi8Ot9eB6vTb70/QrMdOHiJz9NXP8AweQMa4T1hFwbdLf98uOgezJCy TZodikjTECz4RkcxOAcxcVnM9zgqBtZQdKUpt5nSucFHdr2rZgiBkaAkitCIUQ3h7gz5 227g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=pM6pqwdD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k3-20020a170902c40300b0019497c8fea0si15149414plk.436.2023.01.19.23.44.40; Thu, 19 Jan 2023 23:44:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=pM6pqwdD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230465AbjATHoY (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230213AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA8CD819B7; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7erfC024241; Fri, 20 Jan 2023 07:43:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=JfBITR2ZTvNGGVcMLga9xRX0KrOMIU4bb//V61PbJuU=; b=pM6pqwdDKXBaF+cveZ46DEyy7FCsWmJ0uoQ16TwbDiJ4N6lu6TV1vD7aL2KQv79/oIUz 3ABLfxm7DnO1jhqVBoPp0uk/NtJ7cEnaHD7oh0RhllKb2rTMsC+nWjmLOfZGaME5Ti37 HSV1RdDMhPi9UDpjrYABy1HmOro3ABiO62X9xVuwjOWd8uv2R7IK2smwq8siEtVR1PCb A/X1lsffgzW891Di+UAVX64b3pnZNxMkoiENXsTDn/QHjjUJtTEAEfz1CLad9bkr6jRd t6iA37bcoIh5S68X/5JmbQXLDxBt7fiVjDfelGKmCoRdDU7aREZPisqAEApMW/zwDP70 Pw== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7ntys3yu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30K3Pmvd010967; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dk5y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hYV222675836 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:34 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B55962004E; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 39A4D20040; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id C0B8D605DC; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 05/24] powerpc/secvar: Use sysfs_emit() instead of sprintf() Date: Fri, 20 Jan 2023 18:42:47 +1100 Message-Id: <20230120074306.1326298-6-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: vj_owl7ErgWk96jldBTosSO9UAu7hGBf X-Proofpoint-GUID: vj_owl7ErgWk96jldBTosSO9UAu7hGBf X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0 clxscore=1015 suspectscore=0 priorityscore=1501 mlxlogscore=864 lowpriorityscore=0 phishscore=0 bulkscore=0 malwarescore=0 adultscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526665470598485?= X-GMAIL-MSGID: =?utf-8?q?1755526665470598485?= From: Russell Currey The secvar format string and object size sysfs files are both ASCII text, and should use sysfs_emit(). No functional change. Suggested-by: Greg Kroah-Hartman Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v2: New patch (gregkh) --- arch/powerpc/kernel/secvar-sysfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 001cdbcdb9d2..462cacc0ca60 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -35,7 +35,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, if (rc) goto out; - rc = sprintf(buf, "%s\n", format); + rc = sysfs_emit(buf, "%s\n", format); out: of_node_put(node); @@ -57,7 +57,7 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, return rc; } - return sprintf(buf, "%llu\n", dsize); + return sysfs_emit(buf, "%llu\n", dsize); } static ssize_t data_read(struct file *filep, struct kobject *kobj, From patchwork Fri Jan 20 07:42:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46188 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65531wrn; Thu, 19 Jan 2023 23:44:46 -0800 (PST) X-Google-Smtp-Source: AMrXdXs6arxaFSLMpyecAm4S9H5MVV2nR+1WEnGXB8N7g79kNrt9nna2TWDDeTF9k8FqWYHlmlsf X-Received: by 2002:a17:90a:3844:b0:225:fa7a:cf04 with SMTP id l4-20020a17090a384400b00225fa7acf04mr13999783pjf.44.1674200686556; Thu, 19 Jan 2023 23:44:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200686; cv=none; d=google.com; s=arc-20160816; b=y5vXVgdntUg5Ap+cceTTlKtKfuUzvvmtk/owjny/U79bt34V3oHZ62EkG5odZIAqJR rzI93BaS8E0y/Z1ULoso4K9uXiJrULF5O8n6DuYrNG8H5Dmi6GU5jhjTOyLhstUvwiEk 8hi6wCqnuSKuPD1AjeCojlCqlO4uulANm7AhWGApRn7ZfzltgVp4zMdNQC1SQZJiqU/f hzjqToPA9XMiO6kfI6s5D8cRtZ+UnP4+7o5kw7zhX1Fa11tUHWqXbUtdkmIx07j8+oD6 /fcdDDu+cy8epiDUOnlkrtpfPt3p5upJGUzIMMUrKQMZmgmgzRjjptFBGHQDupM4XXqn Sxlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4DCR1zvmhkQPu6Y5t4kD75CSkG3Z6bMheFbraY4aYXQ=; b=ueCYDWZzTcg4VW4UwBS5FC/1fVHbk4c2zxMESrARfrqfZAnTJH/Np4epIrIwv5KSS4 43qoUXmkKD02IkQY/ogFzt++1/Qx/+L65L9XnXwM5uCS5hhebQl1CbXeCxwhNBMR9QaV dS/ntpjW530LL2C5Bze1o7k+3OlMGXz1QQGg8Zh5EheS0BhIlv43E3UzIfAMDkzkR5s/ Eprhv6Yd/7FuALEeZ3nBq2v+Sr/NOXYghCi+UK7jNQMrkyHbJ1OyyzDlxMNeoBmtNduM eAS267naNoobDipxkoDWDFgATdZh5Bv6ecEq7vEiMii33RQwnQY2VSmVvITiU3RppH1W c0ZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=EM84+RY7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e9-20020a17090a9a8900b002299da59595si1590793pjp.184.2023.01.19.23.44.33; Thu, 19 Jan 2023 23:44:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=EM84+RY7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230444AbjATHoS (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230199AbjATHnu (ORCPT ); Fri, 20 Jan 2023 02:43:50 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A671580B8F; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7FUvb019162; Fri, 20 Jan 2023 07:43:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=4DCR1zvmhkQPu6Y5t4kD75CSkG3Z6bMheFbraY4aYXQ=; b=EM84+RY7RJCASdRnL/aQxGlp05z65h+nh5dfvMkuCvcsHXgQFfvaQ6ZGCB+7HhZOXeLu 11sVkkbTfBrv2bk4GIymHiYSF5WVR07r8TpM5nU2A52nmz8Q7PU1UL/SfJNjXQjesFv6 cus7TA5pSUymlWgxkY7SQoaWKewlTOz1v7OJL4YmtpsaVaMDipKP6FaHSZGq5ARdUc4Q Yn5CQWyTun0jIzehRbthIPvi5sjCzQB4Cs8HE4Ym+LSk1X2wUObTTxxY5zuVqEd14ka6 eSgKh1i+bav7TYWoor2WKCpqDXiKhR8nJWlybEGMI9A6PD+c92FYjbFm+BHfKw8mPVV8 Lg== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pdkrhuy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JJtEHP005139; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16qnpm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZNe46465504 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2EB3F2004B; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 390F720040; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id C6170605F1; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 06/24] powerpc/secvar: Handle format string in the consumer Date: Fri, 20 Jan 2023 18:42:48 +1100 Message-Id: <20230120074306.1326298-7-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: mCmBB8A1PhQR84L8b4peojLVVGSZ7w-z X-Proofpoint-ORIG-GUID: mCmBB8A1PhQR84L8b4peojLVVGSZ7w-z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526658880679331?= X-GMAIL-MSGID: =?utf-8?q?1755526658880679331?= From: Russell Currey The code that handles the format string in secvar-sysfs.c is entirely OPAL specific, so create a new "format" op in secvar_operations to make the secvar code more generic. No functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v2: Use sysfs_emit() instead of sprintf() (gregkh) v3: Enforce format string size limit (ruscur) v4: Pass the buffer size as an argument, not using a macro (stefanb, npiggin) Fix error reporting (npiggin) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 27 +++++++------------- arch/powerpc/platforms/powernv/opal-secvar.c | 25 ++++++++++++++++++ 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 4ce3f12c5613..2d9816dff128 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -17,6 +17,7 @@ struct secvar_operations { int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); + ssize_t (*format)(char *buf, size_t bufsize); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 462cacc0ca60..4beec935f5e7 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -21,26 +21,17 @@ static struct kset *secvar_kset; static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - ssize_t rc = 0; - struct device_node *node; - const char *format; - - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } + char tmp[32]; + ssize_t len = secvar_ops->format(tmp, sizeof(tmp)); - rc = of_property_read_string(node, "format", &format); - if (rc) - goto out; + if (len > 0) + return sysfs_emit(buf, "%s\n", tmp); + else if (len < 0) + pr_err("Error %zd reading format string\n", len); + else + pr_err("Got empty format string from backend\n"); - rc = sysfs_emit(buf, "%s\n", format); - -out: - of_node_put(node); - - return rc; + return -EIO; } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 4c0a3b030fe0..e33bb703ecbc 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -98,10 +98,35 @@ static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) return opal_status_to_err(rc); } +static ssize_t opal_secvar_format(char *buf, size_t bufsize) +{ + ssize_t rc = 0; + struct device_node *node; + const char *format; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_string(node, "format", &format); + if (rc) + goto out; + + rc = snprintf(buf, bufsize, "%s", format); + +out: + of_node_put(node); + + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, + .format = opal_secvar_format, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Fri Jan 20 07:42:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46201 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp69387wrn; Thu, 19 Jan 2023 23:57:25 -0800 (PST) X-Google-Smtp-Source: AMrXdXuN2tWm/ca6TZBYoqc3jtIy575zri5l/sEL379ocf+bOze2V4oT48g5YWbGdI4KzQlVAOuI X-Received: by 2002:a17:902:f1ca:b0:194:d48a:2c17 with SMTP id e10-20020a170902f1ca00b00194d48a2c17mr3657659plc.11.1674201445689; Thu, 19 Jan 2023 23:57:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674201445; cv=none; d=google.com; s=arc-20160816; b=PItYhFimgMf1DpHH991F1szHkKaa1aNho+LoFBJEYcrnk8+oazuI5YVxbDtGDaGdV0 8eBccPZhNpifDelMIx3emZJWA07xxWMEnu5LzpBw/iMBV9tFIHPtUieW3L6x9pmo2gZM 1r4akeOCXS44tjdJIoQgF3iz3Kdl72MCo39NsNUTSUvBK31QWG3JkAaGrztyKsJbEXMm hWV+29X+gzE8qlUn4ZztBZBkQHMw7qcVed+oHJ02aDZEqGh1nhj8D3JLl1tPum/zYrNM 7kxY58AtqT6jlzrUFH/qWcHMcmgilLEur/2AQEODkGHKEECaD9b3n2xgck0To9hbs2Lc RZrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Te5YU6YGvqU5K6+sZoUFCjko+4aelRmhWa/p/mRpz/s=; b=WKQvgzYw2me2GpIjC5TnXFyPfq1LL9YtN1Pj6fOuUok5SqUMamue2JDmPAj9sldJDm GX/psFRWv8f251bnKuhxktMTyycgwTZFuV4koXrHG2cuYzkuwv3QVAoEVpwEkjI32avH Xso+RjGzX50D9yiBwTGdNS7OgQYDU3Vjf06j0InfkAL4kfY+RBBKC6v5cmB61p8g0K9W /osZlyWoxOEunhwnlF49QgUQyauffZYjwI85cAIyPELROHnyXwOweAGBc7zjVwPmhkvU t+9j6+UA16hZcCmzcSV3KnXLeOAqAN+sPu6fvCN5bWrZhRukj7g5CsoCcxoMNe5xVufR Bq1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=U1I2H1Uk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k7-20020a170902ce0700b00192dbc36b89si15078698plg.232.2023.01.19.23.57.12; Thu, 19 Jan 2023 23:57:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=U1I2H1Uk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231151AbjATHpR (ORCPT + 99 others); Fri, 20 Jan 2023 02:45:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230382AbjATHom (ORCPT ); Fri, 20 Jan 2023 02:44:42 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EA9D7DF95; Thu, 19 Jan 2023 23:44:03 -0800 (PST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K5ncDV025122; Fri, 20 Jan 2023 07:43:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Te5YU6YGvqU5K6+sZoUFCjko+4aelRmhWa/p/mRpz/s=; b=U1I2H1UkogVHlm6EbSeXSCrFIY4+J4zCBjFIL8rrPtIHqi0XwE4CU3j5B8f/5zBJUzqR 5zoojB+Z6boC59CJP2++Xkja9OeRC7wFEk9kr7jlfHUBzeRQW4/rkala6xnENsXTytVF e2jde0gW9NjxCN+9V2b4j3AF3GSF2uhLRaS5vbBcY48HbDIrVE63E36Cgw2vOlQJQrMC xRUYehjrDfLjPWvD5m2nn2FdqwRZwxalHlbZkbVv5mSqwAxaDi3y64ePK8M1Ij9la6vG BbKfT7CzMP+bjTt/3k2CAFFhjA0bRzSb6PIGtfmrI7uaolvkbpUXEKxkrTmxpHAgGTxU Vg== Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7n5b23ru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30K2ZGbm027441; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma06fra.de.ibm.com (PPS) with ESMTPS id 3n3knfdkrg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZ7o42992080 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2B3F22004E; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 36D0F20040; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id D4A09605AB; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 07/24] powerpc/secvar: Handle max object size in the consumer Date: Fri, 20 Jan 2023 18:42:49 +1100 Message-Id: <20230120074306.1326298-8-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: qiEwPYUdPPMhq_6V6tbDj8WTGinipoqJ X-Proofpoint-ORIG-GUID: qiEwPYUdPPMhq_6V6tbDj8WTGinipoqJ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 clxscore=1015 spamscore=0 adultscore=0 priorityscore=1501 bulkscore=0 mlxlogscore=999 impostorscore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755527454956367009?= X-GMAIL-MSGID: =?utf-8?q?1755527454956367009?= From: Russell Currey Currently the max object size is handled in the core secvar code with an entirely OPAL-specific implementation, so create a new max_size() op and move the existing implementation into the powernv platform. Should be no functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: Change uint64_t type to u64 (mpe) v4: Return immediately if node is NULL (gjoyce) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 17 +++------------ arch/powerpc/platforms/powernv/opal-secvar.c | 22 ++++++++++++++++++++ 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 2d9816dff128..b97ab793cc8a 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -18,6 +18,7 @@ struct secvar_operations { int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf, size_t bufsize); + int (*max_size)(u64 *max_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 4beec935f5e7..d2f65a67845c 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -132,27 +132,16 @@ static struct kobj_type secvar_ktype = { static int update_kobj_size(void) { - struct device_node *node; u64 varsize; - int rc = 0; + int rc = secvar_ops->max_size(&varsize); - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } - - rc = of_property_read_u64(node, "max-var-size", &varsize); if (rc) - goto out; + return rc; data_attr.size = varsize; update_attr.size = varsize; -out: - of_node_put(node); - - return rc; + return 0; } static int secvar_sysfs_load(void) diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index e33bb703ecbc..a8436bf35e2f 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -122,11 +122,33 @@ static ssize_t opal_secvar_format(char *buf, size_t bufsize) return rc; } +static int opal_secvar_max_size(u64 *max_size) +{ + int rc; + struct device_node *node; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!node) + return -ENODEV; + + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_u64(node, "max-var-size", max_size); + +out: + of_node_put(node); + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, .format = opal_secvar_format, + .max_size = opal_secvar_max_size, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Fri Jan 20 07:42:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46187 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65517wrn; Thu, 19 Jan 2023 23:44:44 -0800 (PST) X-Google-Smtp-Source: AMrXdXuJeNN0L0F1/rZ2hhqu7ok6ncw6HMxvJkgFPuVTvXWEXI8HB59smfPhrqsE6Wjj2z3o1Idf X-Received: by 2002:a05:6a20:c705:b0:b8:827c:42c0 with SMTP id hi5-20020a056a20c70500b000b8827c42c0mr13217257pzb.61.1674200684226; Thu, 19 Jan 2023 23:44:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200684; cv=none; d=google.com; s=arc-20160816; b=VVZTFNVFI8ZXFo0y4KASGQRfm5G7HgEBjrZoQQ+TSqMZnSWDSWTxgx25Dv9sm27SwL Ztj0Y81u9zkfnnVw0IhgScuL0zHP37/QpXaqWD+kteYp7llZ8XOvk20d1+dbUN4ZlilU 4/PSDxcrJYEn75hnAS2JGFO4MvUle0fz58jDG4OcEK/jBWvPtIQt0KdfSnhxXZpj/lA2 JzBsQfoFprMzsDj6qO/rBDQXa2ha7gzr+y+dHAbRCFUpMfOQd36u8U41yzO4J1g3VN4a 31z6tJG1R4TSgE6oYdQeMIGU2F8VEEr87E1DwnTOQspUzy7QR6BNPOBdP/JAukhfasAJ A/jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=R3X1+d8XSbbdrupKtnXrTQ8wURmB8gVvaJ2DMpvtQ3U=; b=kRMiwuqosgFK2dVr/9ifLo/j5dp0ewXWN3AJLMyA73anMLtLCuur6rvqf8mAhywy9Y jdO7QNWt3Ljr3a3kD3uk5ePsZDWocG4SuJhZ8QTn+3KmjJjlGFWTsbTDxsDo6VcAC6hl wzokI2B+4DBMlIPmN+zl7b5dP/6UQKGf0s2GAObe9usMZYEKKPuzVJQEfSb5O3eP18jW /9LvE0+MQPOzD5VzItpaxkoma8l6dOUZwf+GES5eQbkF0PinMVot36GmZRY5am+CEo6P kcO6Sg/7aOPQ+zYHSqoGxdkm9vtafZgH4JhG46cFeYIqeExhlTNq03qjQxW5QCg95Pp1 DdJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ClWE1JT9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m3-20020a63fd43000000b004d309e5ef82si2137234pgj.505.2023.01.19.23.44.31; Thu, 19 Jan 2023 23:44:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ClWE1JT9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230433AbjATHoN (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230196AbjATHnu (ORCPT ); Fri, 20 Jan 2023 02:43:50 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7CEBD7ED46; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7cXLa012431; Fri, 20 Jan 2023 07:43:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=R3X1+d8XSbbdrupKtnXrTQ8wURmB8gVvaJ2DMpvtQ3U=; b=ClWE1JT9c8UmzAYPtZv4HC8yADgi2uS5vOVvLF/vZZTZUUTfWH1/LFYEzLlPjXrfIizo klJWxDHWRwiJALC174hAWOLMcvTJxRCm2a91RiqNqkcwEcIMFGOU6yIofJK1W+RXSPzD 6k254aI1VVJhffY44Srpe8XMseqkdK/Zk1iRYUw28wqP68OG4k4337BOimR3iPTDO/P8 waC4Md2zfVQhHlhzSI9nmb4dqB5jyVGxOyLUqZu8B16Ey5798YWDKxeoq2zW52Bakm94 TZJiMecOkzD04D2nCoBqRvhy0yARis4fVk2xXA0xuXa1jZq88ELg4sWAnjyQvFmOjRtO sw== Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7kvx3gv9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JN76PF006701; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3n3m16njxc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hYMk24248812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:34 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B65092004F; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3B23120043; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id D99FE605F3; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 08/24] powerpc/secvar: Clean up init error messages Date: Fri, 20 Jan 2023 18:42:50 +1100 Message-Id: <20230120074306.1326298-9-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: zGpZZoF0KW5iTb-M4EEXym2JAK4CR7WD X-Proofpoint-GUID: zGpZZoF0KW5iTb-M4EEXym2JAK4CR7WD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 mlxscore=0 suspectscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 phishscore=0 spamscore=0 mlxlogscore=864 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526656993991758?= X-GMAIL-MSGID: =?utf-8?q?1755526656993991758?= Remove unnecessary prefixes from error messages in secvar_sysfs_init() (the file defines pr_fmt, so putting "secvar:" in every message is unnecessary). Make capitalisation and punctuation more consistent. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index d2f65a67845c..53ac01e0eb0b 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -194,13 +194,13 @@ static int secvar_sysfs_init(void) int rc; if (!secvar_ops) { - pr_warn("secvar: failed to retrieve secvar operations.\n"); + pr_warn("Failed to retrieve secvar operations\n"); return -ENODEV; } secvar_kobj = kobject_create_and_add("secvar", firmware_kobj); if (!secvar_kobj) { - pr_err("secvar: Failed to create firmware kobj\n"); + pr_err("Failed to create firmware kobj\n"); return -ENOMEM; } @@ -212,7 +212,7 @@ static int secvar_sysfs_init(void) secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { - pr_err("secvar: sysfs kobject registration failed.\n"); + pr_err("sysfs kobject registration failed\n"); kobject_put(secvar_kobj); return -ENOMEM; } From patchwork Fri Jan 20 07:42:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46184 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65426wrn; Thu, 19 Jan 2023 23:44:24 -0800 (PST) X-Google-Smtp-Source: AMrXdXunAmcw+1tRhjjYkXP26yJOAJjOp36oHWISCtYkM7282mlVZA2NYkCFBV17SZCjw7r8cSJS X-Received: by 2002:a17:90a:738d:b0:229:3d1c:3612 with SMTP id j13-20020a17090a738d00b002293d1c3612mr14754786pjg.2.1674200664631; Thu, 19 Jan 2023 23:44:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200664; cv=none; d=google.com; s=arc-20160816; b=kE7HEuyPBlW24XQGVAwV3iBdG7V1Dc4US1MUfidCcv/rTQIs0YzSkap6QQjwc3OYb4 7H9VlHk19WuuSFTycnQXRmh/bb/+VkKGxhDlEZjLzF4Nf32BR/EQENGMdyD6yMcAb6l6 oote1iiz4xTvGZX07FF5famljJgLjhspJZDNOCU4oAJjMqf850GTQPO4UvGRfLtG8kf7 gK9K53Pl9G+9SRXjCWHPr2A01rFmufueRzsp08ZILMcLUzMP2wmcm3Gbr2RllETIp5O5 FOSaAjyCnvf8gKL6zaE7IHyYm1ckTvkkXEM+tRLXGQtoqJYYFHxYKr1HgDaaZNlm/0K3 Rf1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=X9RWK7u+lqZXzvGKT1EUO/s3FORrcaMWOKcvj7V2ig0=; b=iO8PSFAanbZ6Fwm5Uv34i9jgqVBCqXgd9PPK1TMR3OdgmQR+OuDmOFVSa0vsVLf6++ IUlAyJ+Cgn8U2AMxOT29/6u5Difk5UWUacrBboLw5wtnNa8F1k5tmimDdb+YaVvrQj0p wLHahTKND9fB0bXG4BA7fSz3KoNiowZTqdHq8aW7p3ju6pAwbG10m22YOjkJ4xxnPSZr 3mswbs9+iGqlqmRVE6k/IdD2izeFsNqJI0m9wPU2XZ+daGrTg/13JPnhZ3nfaK7oj7oX ksL3N6AR5Wqkw53/0w9BLXe66AeJDjXB2qqcXG14IiJT9PdBeM5OrPjZOfEhA1jOobZE E4FA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=HY43z9Q0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l7-20020a17090a72c700b0022939a02263si1758933pjk.45.2023.01.19.23.44.11; Thu, 19 Jan 2023 23:44:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=HY43z9Q0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230325AbjATHoD (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44922 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230163AbjATHnt (ORCPT ); Fri, 20 Jan 2023 02:43:49 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5975A7DF95; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K6nkao012526; Fri, 20 Jan 2023 07:43:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=X9RWK7u+lqZXzvGKT1EUO/s3FORrcaMWOKcvj7V2ig0=; b=HY43z9Q0MAKVMH4kMvWtja8PBBnBjCWN9WJG5hexyzBf+4Gif1by1q1qKTVOUGiQNoxU mzP6G7UkfiItSxS/rtXKRmKevnjUa99ZMsP2hxgJA10MqrP0kIljKHk7RDj2mMZgEK68 kW6rV5xso7ZHFuPxbkxHwcyl/ilHyqO9/DpyWrHEmmX/ik5mE2FhwfeogNlzEFfw4ei3 QZL0IEG8WKXiQQf/HmnMGrzuHkeizjbe1ZdUmKaB1axJscDVpyb2kQsmKxXBljyFWgvD QSDitqo6Xcgj1RuRV9Q0CCFVwFgzu2ZVaDvXF6I0TJBGGUDuWLi1Dr7HFm+9dkIrVXzq eQ== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7p1e92gf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:40 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JK7XrM006209; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfqpah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZaq37355810 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 347A420040; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3E59F20043; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id E92B06060A; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 09/24] powerpc/secvar: Extend sysfs to include config vars Date: Fri, 20 Jan 2023 18:42:51 +1100 Message-Id: <20230120074306.1326298-10-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: LErvDv8MSMcIYhMWMHLUPFAtvp02iDt4 X-Proofpoint-GUID: LErvDv8MSMcIYhMWMHLUPFAtvp02iDt4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 mlxscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 priorityscore=1501 impostorscore=0 clxscore=1015 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526636082039280?= X-GMAIL-MSGID: =?utf-8?q?1755526636082039280?= From: Russell Currey The forthcoming pseries consumer of the secvar API wants to expose a number of config variables. Allowing secvar implementations to provide their own sysfs attributes makes it easy for consumers to expose what they need to. This is not being used by the OPAL secvar implementation at present, and the config directory will not be created if no attributes are set. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: Remove unnecessary "secvar:" prefix from error messages (ajd) Merge config attributes into secvar_operations (mpe) --- arch/powerpc/include/asm/secvar.h | 2 ++ arch/powerpc/kernel/secvar-sysfs.c | 33 +++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index b97ab793cc8a..5ed141c711b0 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -10,6 +10,7 @@ #include #include +#include extern const struct secvar_operations *secvar_ops; @@ -19,6 +20,7 @@ struct secvar_operations { int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf, size_t bufsize); int (*max_size)(u64 *max_size); + const struct attribute **config_attrs; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 53ac01e0eb0b..d7936d8c7478 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -144,6 +144,19 @@ static int update_kobj_size(void) return 0; } +static int secvar_sysfs_config(struct kobject *kobj) +{ + struct attribute_group config_group = { + .name = "config", + .attrs = (struct attribute **)secvar_ops->config_attrs, + }; + + if (secvar_ops->config_attrs) + return sysfs_create_group(kobj, &config_group); + + return 0; +} + static int secvar_sysfs_load(void) { struct kobject *kobj; @@ -206,26 +219,36 @@ static int secvar_sysfs_init(void) rc = sysfs_create_file(secvar_kobj, &format_attr.attr); if (rc) { - kobject_put(secvar_kobj); - return -ENOMEM; + pr_err("Failed to create format object\n"); + rc = -ENOMEM; + goto err; } secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { pr_err("sysfs kobject registration failed\n"); - kobject_put(secvar_kobj); - return -ENOMEM; + rc = -ENOMEM; + goto err; } rc = update_kobj_size(); if (rc) { pr_err("Cannot read the size of the attribute\n"); - return rc; + goto err; + } + + rc = secvar_sysfs_config(secvar_kobj); + if (rc) { + pr_err("Failed to create config directory\n"); + goto err; } secvar_sysfs_load(); return 0; +err: + kobject_put(secvar_kobj); + return rc; } late_initcall(secvar_sysfs_init); From patchwork Fri Jan 20 07:42:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46185 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65464wrn; Thu, 19 Jan 2023 23:44:34 -0800 (PST) X-Google-Smtp-Source: AMrXdXuBxReBoQJkZf7CkD8Mp3hhE0XKg+WqgiON1SdiwDNFU818ew5ZHhbyPOHhg7FflNI4Bt+A X-Received: by 2002:a05:6a20:12d4:b0:b8:bc6a:f696 with SMTP id v20-20020a056a2012d400b000b8bc6af696mr18557604pzg.14.1674200673824; Thu, 19 Jan 2023 23:44:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200673; cv=none; d=google.com; s=arc-20160816; b=VymO+isDyKIMeiN7yHqjUgtm+wky/psSSYutPdg3z9MIqM5TS+zC+xViesvj9mCDSB g7vM4H5QW+wvSNtiwmue3fOj1w3FGTJLWrfPx0kZ5r4WgZugU7/57uXAsAzZ7fwPlwzk Tj57/Jg3Wog5JWcAW0NSJL1USe82BHErSeiO/SAl4mzAq7sZR9YYpNTdvP6RF+ygdDO3 agdpmwwtM9t9HD7/pf0euAopTYTQ781HD223eVMjrT/TGHqQ6tR/34Dg/MckmK1VfDqV C22zrmudinPImlCGeXFPuUHMnpspeKTRWZw59iKAnODlzGCaXEKPsFEYuznRszszb5PZ 2Luw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5gNfdhTcsLZsf246o2RpjEEusH6QTl70oDb5wKedPWU=; b=CGCjUkz8mQoQVkw+SdOIFDeL3/GKX/WkOUkE/4iIZxf2F/2y9GmAfTG5ewpbfGhFJn ujNVVuHamQftahlDV2FB31GXjPVxuQh06sBQkj9SVEQvvvX+WkCOyub3+cbc7elTjdj+ XSOHeBtlTFOr8GO0/5N22hQykNrsMY/YqfmAs2/Rq5wVtTQC4i5Z9Wym79IRJRI7H1D7 Mp0/OcAC4i2P3wR2dV5zVB6iAXZNxJPzjivYGX3b9mJD7xdMA4RtL3akrlK/bsx0RcsV VKJ49NRTXJjXoxsAovxT7TKcYJi8OEbus1dN+zUJKvlUBW8YCWmTRVwtcb4a06RGojnp LDnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=m0SK3Fyx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n20-20020a635914000000b00498688359b6si41220728pgb.287.2023.01.19.23.44.21; Thu, 19 Jan 2023 23:44:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=m0SK3Fyx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230253AbjATHoG (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44936 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230188AbjATHnu (ORCPT ); Fri, 20 Jan 2023 02:43:50 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F93C7E6BA; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7Jm1Q028170; Fri, 20 Jan 2023 07:43:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=5gNfdhTcsLZsf246o2RpjEEusH6QTl70oDb5wKedPWU=; b=m0SK3FyxTQzHwkeA7t3aewtogzrN8hpO7j2mdbGCjG8mEIkYMAP4p+K6w14i4aJ6AHqq I3NZj7ol/hh6cx5rh6rJcMcrDYOfAeNvJNYSeboEStThxV6Dk8WRD0TKUvMV5VZqiMNR 1V0dWib+ngZ8wvFmodObmfzvIsoKpoGa1X+fKXjTsVZv6B0nRlNTqltsx2W4b7faeBaE n0OYr/wfhRxhRqrOPDndqG2oakQhLoaux9+Sdo/zxqoxcurUfwcs7x/xNkrw4GAh+USG zRTWeCqC0fhXDICDfnKm2IsadejKlmMMWK7lGqvzAuQuNtkz/YfKcf/xHKK7Sm+lRX0I +Q== Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pfj8cjv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:40 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JNR9ba007521; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3n3m16nk1g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZML39125442 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 324CB2004F; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3DE0820043; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id EE18A605F2; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 10/24] powerpc/secvar: Allow backend to populate static list of variable names Date: Fri, 20 Jan 2023 18:42:52 +1100 Message-Id: <20230120074306.1326298-11-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: jJok9X8QG8eVljlj3-NMZW8GWgGeNElv X-Proofpoint-GUID: jJok9X8QG8eVljlj3-NMZW8GWgGeNElv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 adultscore=0 bulkscore=0 suspectscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526646230970386?= X-GMAIL-MSGID: =?utf-8?q?1755526646230970386?= Currently, the list of variables is populated by calling secvar_ops->get_next() repeatedly, which is explicitly modelled on the OPAL API (including the keylen parameter). For the upcoming PLPKS backend, we have a static list of variable names. It is messy to fit that into get_next(), so instead, let the backend put a NULL-terminated array of variable names into secvar_ops->var_names, which will be used if get_next() is undefined. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (ajd/mpe) --- arch/powerpc/include/asm/secvar.h | 4 ++ arch/powerpc/kernel/secvar-sysfs.c | 67 ++++++++++++++++++++---------- 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 5ed141c711b0..467f83c24084 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -21,6 +21,10 @@ struct secvar_operations { ssize_t (*format)(char *buf, size_t bufsize); int (*max_size)(u64 *max_size); const struct attribute **config_attrs; + + // NULL-terminated array of fixed variable names + // Only used if get_next() isn't provided + const char * const *var_names; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index d7936d8c7478..e1d4c70dd327 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -157,9 +157,31 @@ static int secvar_sysfs_config(struct kobject *kobj) return 0; } -static int secvar_sysfs_load(void) +static int add_var(const char *name) { struct kobject *kobj; + int rc; + + kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); + if (!kobj) + return -ENOMEM; + + kobject_init(kobj, &secvar_ktype); + + rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); + if (rc) { + pr_warn("kobject_add error %d for attribute: %s\n", rc, + name); + kobject_put(kobj); + return rc; + } + + kobject_uevent(kobj, KOBJ_ADD); + return 0; +} + +static int secvar_sysfs_load(void) +{ u64 namesize = 0; char *name; int rc; @@ -177,31 +199,26 @@ static int secvar_sysfs_load(void) break; } - kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); - if (!kobj) { - rc = -ENOMEM; - break; - } - - kobject_init(kobj, &secvar_ktype); - - rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); - if (rc) { - pr_warn("kobject_add error %d for attribute: %s\n", rc, - name); - kobject_put(kobj); - kobj = NULL; - } - - if (kobj) - kobject_uevent(kobj, KOBJ_ADD); - + rc = add_var(name); } while (!rc); kfree(name); return rc; } +static int secvar_sysfs_load_static(void) +{ + const char * const *name_ptr = secvar_ops->var_names; + int rc; + while (*name_ptr) { + rc = add_var(*name_ptr); + if (rc) + return rc; + name_ptr++; + } + return 0; +} + static int secvar_sysfs_init(void) { int rc; @@ -243,7 +260,15 @@ static int secvar_sysfs_init(void) goto err; } - secvar_sysfs_load(); + if (secvar_ops->get_next) + rc = secvar_sysfs_load(); + else + rc = secvar_sysfs_load_static(); + + if (rc) { + pr_err("Failed to create variable attributes\n"); + goto err; + } return 0; err: From patchwork Fri Jan 20 07:42:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46189 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65547wrn; Thu, 19 Jan 2023 23:44:50 -0800 (PST) X-Google-Smtp-Source: AMrXdXt3yHsbwPPhrZdoHi0+lBSaXovoLTEfsdwHdzP/ZZMkEwOAcEJX3356yNcLt6/XKqnF9fgz X-Received: by 2002:a05:6a00:bef:b0:58b:ca6e:af26 with SMTP id x47-20020a056a000bef00b0058bca6eaf26mr13410544pfu.23.1674200689893; Thu, 19 Jan 2023 23:44:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200689; cv=none; d=google.com; s=arc-20160816; b=qk3zrpGFq4xEUZ4OByjV/4qfwSzRFeJMzmGzWaDKxaNQ/Pf0oqS6ZwpS9MjVBoPprU GkMMVtDe65P8NNygp/HL5uM2rFyNUMZlyiwgnb4pc2YB7UlslauMvp/wgquD5pr78ajk /sqfid8qM4qbMvrfkWuxuZW2xyeKtVQTsKFeVedW+V0UDymyd3NYSiiV51eH+aUcgFjy ePRQBBc5ZG9pXCwbH86cyIVnVH+eIi+kXDMgdxDdpVVWyp8on/vootyceGixWa5AFPTq QreVs9XGMDvPRptFkPclBrX5oqA+RB/0oSJfsVu0pyUx3ATLRc0kTfkjmD7J3G9c+85p tyyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NuXtRi+sNxhe/sIBYKY/0XKqxvWUK0NbODRPNhFZ7Jc=; b=W+Mh6au5duRZ5260Claj88oKK8+ii5tlDP8711B3K9YanlmFojtHi01B5f686FNLDv K5XPFe/O2cx0gHI1/+Hkx8Jzcu/CJC5fskxRkrl6IBBPmFTRnRo4AmOYumcLAH8ChtNF dvygJ1wRPLjZaqJJEBqg1kuQTbI2jyxwlsKcyyv1VWKECpiorYoEfQ54kGi1hdhq2s40 kRKbvFNyGPHMmNvy5OY7+MM84NpO2L7nE/BlPDJfVKL2Lf7WRj0oc6ZL8thn40mrY6vY g+Y0V8lGip5KV5oLQKXpdgS4g8Bh6jDwAWAgcF2dqQ7loJSBX4UOZla6RGRE4iUVRq/p VarQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=SHk+KIBM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b22-20020a056a000a9600b00547d55a4d3bsi42769672pfl.285.2023.01.19.23.44.36; Thu, 19 Jan 2023 23:44:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=SHk+KIBM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230451AbjATHoT (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230207AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C07C6819A5; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7FTRe019108; Fri, 20 Jan 2023 07:43:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=NuXtRi+sNxhe/sIBYKY/0XKqxvWUK0NbODRPNhFZ7Jc=; b=SHk+KIBMviNwYI6Wd9HHa9/YjqyIIg8scfL78gcjFYZEHqPJjsAVKWnClZgefDoAE99O CBYwQxxImWbT43/LrZcUZrCRRJsrh0uf6Jqe84vZov2KyW5OM8NJJkoQ3ujwlbOCyark 6+SNpNocuPAHSoHVj3qAv579ojx4TQEec6p0Z4m4DN0Z55C5qWySMvzda6IR6KUMb1Ix c4T0/FoZB5BqJskB1P7XpRuM5nAsZG4BzIH8zx0HgAVJB9qsh2KfJMChPReDXGGymodc MN2Hmhrl40DD/FiYoLVLN7QvZ62GAJxbPHS2ZCZuWyxE/Jm4afoRx8HGmwSyeANlTIBz 9A== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pdkrhv1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JH5NIp006282; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfqpaj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZJV30212390 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 38CB52005A; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC7952004B; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id F264160953; Fri, 20 Jan 2023 18:43:29 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 11/24] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Date: Fri, 20 Jan 2023 18:42:53 +1100 Message-Id: <20230120074306.1326298-12-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 1gBG9Pl-n7gmN5Xgvd4U_8W0XJOlMpvw X-Proofpoint-ORIG-GUID: 1gBG9Pl-n7gmN5Xgvd4U_8W0XJOlMpvw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526662630860654?= X-GMAIL-MSGID: =?utf-8?q?1755526662630860654?= Due to sysfs constraints, when writing to a variable, we can only handle writes of up to PAGE_SIZE. It's possible that the maximum object size is larger than PAGE_SIZE, in which case, print a warning on boot so that the user is aware. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index e1d4c70dd327..6dd9b4f6f87c 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -221,6 +221,7 @@ static int secvar_sysfs_load_static(void) static int secvar_sysfs_init(void) { + u64 max_size; int rc; if (!secvar_ops) { @@ -270,6 +271,14 @@ static int secvar_sysfs_init(void) goto err; } + // Due to sysfs limitations, we will only ever get a write buffer of + // up to 1 page in size. Print a warning if this is potentially going + // to cause problems, so that the user is aware. + secvar_ops->max_size(&max_size); + if (max_size > PAGE_SIZE) + pr_warn_ratelimited("PAGE_SIZE (%lu) is smaller than maximum object size (%llu), writes are limited to PAGE_SIZE\n", + PAGE_SIZE, max_size); + return 0; err: kobject_put(secvar_kobj); From patchwork Fri Jan 20 07:42:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46202 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp72879wrn; Fri, 20 Jan 2023 00:06:19 -0800 (PST) X-Google-Smtp-Source: AMrXdXvePe5aWnWeVWQhVJeXQs+DsAgmUUeboKyPV2WU+USEQf2Ffi015F8PtBjAhin2jvP4wf7J X-Received: by 2002:a05:6a20:c25:b0:b8:cef2:b478 with SMTP id bw37-20020a056a200c2500b000b8cef2b478mr12774310pzb.60.1674201979364; Fri, 20 Jan 2023 00:06:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674201979; cv=none; d=google.com; s=arc-20160816; b=bB+B7Fv75mD3hyu/fdwgWeTNupIShi1jh8UtPwoVBCADVu1/PBYW6x+PcU7NoTK4Xu crZN+MoL9vaEXVOUWGB6QM4IWsZpnta7NEBJ/3DPpFtjatD8DPWGJj9/aHxnu4qlKEae 1VOqxvDOuLfxfsLjdIbaOyCYxT9ly9Ts6XA/x7EB9YAk4ODiXyW6AxJritEpxs2LpGca BUze6FCTOpHzxwtXgZq3djdggJz+sM8INKhzdaZ4oe8fnC5MbDfXVUJW9BszYM6mkepa nPgVvWvLMBPT76nED+Er0yDuOcQLkjfSaUDD9EMDpqbInMJGbay2vtNUHRMYofmIOXfB 8M9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jHqYnNNSehOqnFYe+obF2xo6NpZcocauyYjQSPOSdDw=; b=QZ+tDSQY3D4BZ09CQ83JzUj6dVUD7dRpFwJuYJpuv3gKboNs1earwJH1naOfNrQNrE Gh8HPaBB28NiLkvMb7m3mpgsk7HK8lkVN5gNSQnwKIjEGcnssXVggQieXXCoe281EGOg /7lCUQgVQXDc+/ceB11LM2WcK6A4FO0m9rh3/h47BHekqP92MrIhUr3sfi0bIXOfZvij XV0CvmJ+p2I7yqMvIcCB9/x2nMrTgcgM+TgKn4aDNi0LZfmWa6lH2h7aLjXVX3YAQp0l g4MIyLoh8fYK9T4B9Z1Bo7aMlUZUHtO+iDBuRCCTPGywhG/R667OFzZRStvOVUqq1f4k QcGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=G5mCpinw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s7-20020a639247000000b00434ffe3cc11si39045125pgn.870.2023.01.20.00.06.05; Fri, 20 Jan 2023 00:06:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=G5mCpinw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231277AbjATHpU (ORCPT + 99 others); Fri, 20 Jan 2023 02:45:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231235AbjATHpD (ORCPT ); Fri, 20 Jan 2023 02:45:03 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEB3F891CC; Thu, 19 Jan 2023 23:44:04 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K785c3022812; Fri, 20 Jan 2023 07:43:39 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=jHqYnNNSehOqnFYe+obF2xo6NpZcocauyYjQSPOSdDw=; b=G5mCpinwVQlulxQfRCCa0+pD/r6Bez9jGrAaTerINTkWWyd/6D+D3u38JCkc8K5e4HhB dOEj6yqpNzMB6P98D7D4bLgvuxSKRvOHFURVc8UKuA9iJz9WkAMsTn3EaQgleERNgR00 ck3CzFTpku5HrTFf+lHwQkxiOW6uzatl8vAPbRSblitiIGpcuqU/epciSnQHRYoch41F BhiAkkjrco0n4EpESC+iZwEd+rV33mgFT+1ljUez53q0/7lygl7SVAfnafCXrESNMZag WY55BSJpR+dajKxQxpOgef7+6vW+RdZrI9ZCdM3mWpkLwp269jy0udgK4Cf5eukG1mSN FA== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7p1drwyx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30K0KahD003649; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dk60-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZMw35979604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 384CC20043; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B0CA02004B; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 0284060954; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 12/24] powerpc/secvar: Don't print error on ENOENT when reading variables Date: Fri, 20 Jan 2023 18:42:54 +1100 Message-Id: <20230120074306.1326298-13-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: -y2bkWUupNMP6jiDJJn3BjdWY5ihTm_e X-Proofpoint-GUID: -y2bkWUupNMP6jiDJJn3BjdWY5ihTm_e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 adultscore=0 priorityscore=1501 impostorscore=0 spamscore=0 bulkscore=0 suspectscore=0 mlxscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755528014480103793?= X-GMAIL-MSGID: =?utf-8?q?1755528014480103793?= If attempting to read the size or data attributes of a non-existent variable (which will be possible after a later patch to expose the PLPKS via the secvar interface), don't spam the kernel log with error messages. Only print errors for return codes that aren't ENOENT. Reported-by: Sudhakar Kuppusamy Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/kernel/secvar-sysfs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 6dd9b4f6f87c..33d1797851ba 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -43,8 +43,8 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error retrieving %s variable size %d\n", kobj->name, - rc); + if (rc != -ENOENT) + pr_err("Error retrieving %s variable size %d\n", kobj->name, rc); return rc; } @@ -61,7 +61,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error getting %s variable size %d\n", kobj->name, rc); + if (rc != -ENOENT) + pr_err("Error getting %s variable size %d\n", kobj->name, rc); return rc; } pr_debug("dsize is %llu\n", dsize); From patchwork Fri Jan 20 07:42:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46193 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65652wrn; Thu, 19 Jan 2023 23:45:09 -0800 (PST) X-Google-Smtp-Source: AMrXdXvnUPr6zPdgvBB9Ip7CNxxdHhjAL1kwA3UCCFTNfxu9J0tPev98rqTM54aBQUsIPcG/ZW/1 X-Received: by 2002:a17:902:7614:b0:194:bcca:5e71 with SMTP id k20-20020a170902761400b00194bcca5e71mr8607679pll.68.1674200709077; Thu, 19 Jan 2023 23:45:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200709; cv=none; d=google.com; s=arc-20160816; b=Qen79mbTgtd80ZOXYGnGHxaxMiOvdZ/nK1JWYkZYwQVlakj0DlaPybIp6ydc74DsNE a8ieeVfnC9DMO4u4kpLXoPrN2OLDWOTKLwKS1wlLNXTcEdO6TX+6AsJbm/JFZeowGv2/ 29NLDHAlkImnTrbn9FwncLuDW0Hh+cWRsKzvGLsCFs4DG01N8nkdCmWx1rsSKtPM78bW SXPyKBEDHJTFI9DaolFpoMRl4A12FLwCrPHYPSFArn3WxJCR9q5m9kcLT/ZxwejF/bA7 2ef/sxDrVstHwSJ84KJJLK6ZarFphaXWABCi1epULfXhX/+ZRdq6TBB6YINUQje13VCt 7xEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6OGClhRQ684WONO53FSabRo00ZX26Q62iyN9ttQk2xE=; b=nqXbkkAH382rxkS7ceK/2qExgPckpkw4g8/iw8iIW0napofxk5XVWI46f3mQTxEnP1 8cXTWooMiMwXTj8B8rUtuuG270Q87cG6+MHlisvptmGNQMc/1mXx7ez13VaNefcYWwN7 2hiFUdw3Cj54P26y0G3FyRny8gplB8a7EaoYQCSFR+vF27UTnOFQT5iqn0S3W5qN1oGj rzAQLOeQgQY9jtZ0wVO8HtSd+bOUWPs/agtz8f5rRiysBtQnUwpVX7FYOEuFn0Q0FEiX /Z1Sbg7n3OwsnGRw1Bo9P2wB3ezlb8wGxN8h+PE3WRMWyfkVmrtwm/4PF9+cxEhBG4wp bInA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=E+0paSCD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l3-20020a170903244300b001890f5957c4si20753613pls.353.2023.01.19.23.44.55; Thu, 19 Jan 2023 23:45:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=E+0paSCD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230502AbjATHof (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44984 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230216AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59F68829B2; Thu, 19 Jan 2023 23:43:49 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K6biob022206; Fri, 20 Jan 2023 07:43:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=6OGClhRQ684WONO53FSabRo00ZX26Q62iyN9ttQk2xE=; b=E+0paSCDPJv/cvKdu2hZZQCOYHMqJ57xRagNFgJ2C2AbWeU84OoWCAdJ3NDY0P8H2si5 riYMyxSys2thcPBgCYTZqTacdVWHDyGQC96QmlgEkzCQW5OscLbrmnD4ckdTR0Iz07iG u1rOYvWK9G8PpaN3xIos6Bw6YK6qj1PhfBRwgH8WRAmGSW6Wo5+xDeMcPyIo42eRL8uk 1I1Q9wUKF13YbcXgAl8MfamF0m81OIFTGOY00WcWJqPuRXQRVPKrJ+b/vP+yqzpS3rdz k1nQX8mJ+0y86uznqzrtP+nH8G48NVQYiGiaoV09hnR1O9ad/usxWKxotPNxYKnx29fR CA== Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7n6cswfk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:40 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JN7s6v006911; Fri, 20 Jan 2023 07:43:37 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3n3m16njxd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:37 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZb843057556 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3A6BE20063; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AEA502004D; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 12318606DB; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 13/24] powerpc/pseries: Move plpks.h to include directory Date: Fri, 20 Jan 2023 18:42:55 +1100 Message-Id: <20230120074306.1326298-14-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: BAxAJu5nTwDvSNIooTnDNNuJvF3WbYY- X-Proofpoint-ORIG-GUID: BAxAJu5nTwDvSNIooTnDNNuJvF3WbYY- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 priorityscore=1501 mlxscore=0 phishscore=0 mlxlogscore=999 suspectscore=0 spamscore=0 impostorscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526682591522256?= X-GMAIL-MSGID: =?utf-8?q?1755526682591522256?= From: Russell Currey Move plpks.h from platforms/pseries/ to include/asm/. This is necessary for later patches to make use of the PLPKS from code in other subsystems. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- .../powerpc/{platforms/pseries => include/asm}/plpks.h | 10 +++++++--- arch/powerpc/platforms/pseries/plpks.c | 3 +-- 2 files changed, 8 insertions(+), 5 deletions(-) rename arch/powerpc/{platforms/pseries => include/asm}/plpks.h (89%) diff --git a/arch/powerpc/platforms/pseries/plpks.h b/arch/powerpc/include/asm/plpks.h similarity index 89% rename from arch/powerpc/platforms/pseries/plpks.h rename to arch/powerpc/include/asm/plpks.h index 275ccd86bfb5..8295502ee93b 100644 --- a/arch/powerpc/platforms/pseries/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -6,8 +6,10 @@ * Platform keystore for pseries LPAR(PLPKS). */ -#ifndef _PSERIES_PLPKS_H -#define _PSERIES_PLPKS_H +#ifndef _ASM_POWERPC_PLPKS_H +#define _ASM_POWERPC_PLPKS_H + +#ifdef CONFIG_PSERIES_PLPKS #include #include @@ -68,4 +70,6 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); -#endif +#endif // CONFIG_PSERIES_PLPKS + +#endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index a01cf2ff140a..13e6daadb179 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -18,8 +18,7 @@ #include #include #include - -#include "plpks.h" +#include #define PKS_FW_OWNER 0x1 #define PKS_BOOTLOADER_OWNER 0x2 From patchwork Fri Jan 20 07:42:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46186 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65493wrn; Thu, 19 Jan 2023 23:44:39 -0800 (PST) X-Google-Smtp-Source: AMrXdXtxYlp1/XLqoPETuSgeeO1kKBdG/8jkHKx4wDHVT+9abANajCBps2EJJ7iwqa7Uk7PBw4uw X-Received: by 2002:a05:6a20:1596:b0:b8:5f00:bbdc with SMTP id h22-20020a056a20159600b000b85f00bbdcmr17998123pzj.50.1674200679236; Thu, 19 Jan 2023 23:44:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200679; cv=none; d=google.com; s=arc-20160816; b=NYvKb/q7aOTCIvey5/nZAdBG+Y8cM4WdkWK5cQM/I47IgP6MQlj/9sFH59pOI3Vww0 LTp3eHiOSpzL3D/qI8G5265PYh/MbYwGDjtsZhbrRQpCBO/Z4J2DHiLMOIKOX5ICbpcX GFWGaSp8TYtMtm5sFAjOYk7zT6QJ+ExG83FGs+nWPSR6HSx4sbHguiAdiALMIohOe/J/ 7OdoMYCLT3ooKrs54cxVT0rOl/D+obhgORJ7hNdDMrGRQLYESLuv5laT7nKaH3G3UH7H Qy4im45e2kniqxhHKBjeC2wEzOVZPpTQDfGvI+huor2yYpHORjrgQNSnso6CAJ/rv9xn WVtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IqqaNkGszMHZvB6PEm1qTf1UDr88EmlgNbzmmdZ7dNA=; b=wruO5L+9pS7v2bl9CBcRkTn1Jok2b1MOBMnAZ+zqMQWW2ueVOHa34jBK9RnuTDgStC D9yaRAfetfnLckq1N1TKd+ZpbDPbpDxVx673SOm0qxFMpHeooveQdscic8lJq89bW9mG FQJz4RKEMfHF9TBEfn7clSeZsdwnPjukcj4pISNeu38CNTo/wVnwbbFaQa4zgVmqChsR SbN21NLRcK6hS6nP+WeoSxFQvkt9K2/95YCOLbDLEk3nCt2xTGaVQ+NxGIM4j04w194H iurASS33gM4o1r4UO4yahQ7kiYtZ6K+3czstpo9i4+f9kslR9kBA4XphNgYuq1XDg2gL 27/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kK78rxkB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e10-20020a63aa0a000000b00477bb3c1b5csi41169826pgf.871.2023.01.19.23.44.27; Thu, 19 Jan 2023 23:44:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kK78rxkB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230417AbjATHoI (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230206AbjATHnu (ORCPT ); Fri, 20 Jan 2023 02:43:50 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FE2B80B8E; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K6nbwk012329; Fri, 20 Jan 2023 07:43:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=IqqaNkGszMHZvB6PEm1qTf1UDr88EmlgNbzmmdZ7dNA=; b=kK78rxkBTyyCoY/fiw4UPuFLQhWpwMK9RrUt5BloGxz07ek/ynXCrZ6WwX9bnIz0ldkm AG8hu7gDSJLCCCmh5nK3whEH5jlziqq702wv+oM7cFJwVtRk8IY0l4Pz4PFc30b1dL9/ nOsoVICkWcAofvSYRU1RgQt/JLTW+Roi8ywv790UnI80ZY2bqxrjeysDhh5MZWFhRcLB haj3fGMBlk05RM8oARAb10SDyCOMurzaoq99d0tc1l18nNcNhzS4X5VoqYU35IX8Afas a+wLjDKR+5F0xQVfXjEXFZ8AnZrqEy4KAeaiXxTvjcgkIQIus2u/Uw798aYQxpBnkEPA fA== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7p1e92gj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:40 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JAGVtt011562; Fri, 20 Jan 2023 07:43:38 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dkgw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:38 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hZ2e43581864 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:35 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A9BCC20043; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B357820049; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:34 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 225536096E; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 14/24] powerpc/pseries: Move PLPKS constants to header file Date: Fri, 20 Jan 2023 18:42:56 +1100 Message-Id: <20230120074306.1326298-15-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: bIhumNl2V8wa4m50eVadyq1LqAnzZIN7 X-Proofpoint-GUID: bIhumNl2V8wa4m50eVadyq1LqAnzZIN7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 mlxscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 priorityscore=1501 impostorscore=0 clxscore=1015 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526651284924918?= X-GMAIL-MSGID: =?utf-8?q?1755526651284924918?= From: Russell Currey Move the constants defined in plpks.c to plpks.h, and standardise their naming, so that PLPKS consumers can make use of them later on. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/include/asm/plpks.h | 36 +++++++++++++--- arch/powerpc/platforms/pseries/plpks.c | 57 ++++++++++---------------- 2 files changed, 53 insertions(+), 40 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 8295502ee93b..6466aadd7145 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -14,14 +14,40 @@ #include #include -#define OSSECBOOTAUDIT 0x40000000 -#define OSSECBOOTENFORCE 0x20000000 -#define WORLDREADABLE 0x08000000 -#define SIGNEDUPDATE 0x01000000 +// Object policy flags from supported_policies +#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce +#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce +#define PLPKS_PWSET PPC_BIT32(3) // No access without password set +#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication +#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed +#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot +#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates +#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object -#define PLPKS_VAR_LINUX 0x02 +// Signature algorithm flags from signed_update_algorithms +#define PLPKS_ALG_RSA2048 PPC_BIT(0) +#define PLPKS_ALG_RSA4096 PPC_BIT(1) + +// Object label OS metadata flags +#define PLPKS_VAR_LINUX 0x02 #define PLPKS_VAR_COMMON 0x04 +// Flags for which consumer owns an object is owned by +#define PLPKS_FW_OWNER 0x1 +#define PLPKS_BOOTLOADER_OWNER 0x2 +#define PLPKS_OS_OWNER 0x3 + +// Flags for label metadata fields +#define PLPKS_LABEL_VERSION 0 +#define PLPKS_MAX_LABEL_ATTR_SIZE 16 +#define PLPKS_MAX_NAME_SIZE 239 +#define PLPKS_MAX_DATA_SIZE 4000 + +// Timeouts for PLPKS operations +#define PLPKS_MAX_TIMEOUT 5000 // msec +#define PLPKS_FLUSH_SLEEP 10 // msec +#define PLPKS_FLUSH_SLEEP_RANGE 400 + struct plpks_var { char *component; u8 *name; diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 13e6daadb179..91f3f623a2c7 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -20,19 +20,6 @@ #include #include -#define PKS_FW_OWNER 0x1 -#define PKS_BOOTLOADER_OWNER 0x2 -#define PKS_OS_OWNER 0x3 - -#define LABEL_VERSION 0 -#define MAX_LABEL_ATTR_SIZE 16 -#define MAX_NAME_SIZE 239 -#define MAX_DATA_SIZE 4000 - -#define PKS_FLUSH_MAX_TIMEOUT 5000 //msec -#define PKS_FLUSH_SLEEP 10 //msec -#define PKS_FLUSH_SLEEP_RANGE 400 - static u8 *ospassword; static u16 ospasswordlength; @@ -59,7 +46,7 @@ struct label_attr { struct label { struct label_attr attr; - u8 name[MAX_NAME_SIZE]; + u8 name[PLPKS_MAX_NAME_SIZE]; size_t size; }; @@ -122,7 +109,7 @@ static int pseries_status_to_err(int rc) static int plpks_gen_password(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - u8 *password, consumer = PKS_OS_OWNER; + u8 *password, consumer = PLPKS_OS_OWNER; int rc; // The password must not cross a page boundary, so we align to the next power of 2 @@ -159,7 +146,7 @@ static struct plpks_auth *construct_auth(u8 consumer) { struct plpks_auth *auth; - if (consumer > PKS_OS_OWNER) + if (consumer > PLPKS_OS_OWNER) return ERR_PTR(-EINVAL); // The auth structure must not cross a page boundary and must be @@ -171,7 +158,7 @@ static struct plpks_auth *construct_auth(u8 consumer) auth->version = 1; auth->consumer = consumer; - if (consumer == PKS_FW_OWNER || consumer == PKS_BOOTLOADER_OWNER) + if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER) return auth; memcpy(auth->password, ospassword, ospasswordlength); @@ -191,7 +178,7 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, struct label *label; size_t slen; - if (!name || namelen > MAX_NAME_SIZE) + if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); slen = strlen(component); @@ -206,9 +193,9 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component) memcpy(&label->attr.prefix, component, slen); - label->attr.version = LABEL_VERSION; + label->attr.version = PLPKS_LABEL_VERSION; label->attr.os = varos; - label->attr.length = MAX_LABEL_ATTR_SIZE; + label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE; memcpy(&label->name, name, namelen); label->size = sizeof(struct label_attr) + namelen; @@ -274,10 +261,10 @@ static int plpks_confirm_object_flushed(struct label *label, break; } - usleep_range(PKS_FLUSH_SLEEP, - PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); - timeout = timeout + PKS_FLUSH_SLEEP; - } while (timeout < PKS_FLUSH_MAX_TIMEOUT); + usleep_range(PLPKS_FLUSH_SLEEP, + PLPKS_FLUSH_SLEEP + PLPKS_FLUSH_SLEEP_RANGE); + timeout = timeout + PLPKS_FLUSH_SLEEP; + } while (timeout < PLPKS_MAX_TIMEOUT); if (timed_out) return -ETIMEDOUT; @@ -293,13 +280,13 @@ int plpks_write_var(struct plpks_var var) int rc; if (!var.component || !var.data || var.datalen <= 0 || - var.namelen > MAX_NAME_SIZE || var.datalen > MAX_DATA_SIZE) + var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen > PLPKS_MAX_DATA_SIZE) return -EINVAL; - if (var.policy & SIGNEDUPDATE) + if (var.policy & PLPKS_SIGNEDUPDATE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -331,10 +318,10 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > MAX_NAME_SIZE) + if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -366,14 +353,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) u8 *output; int rc; - if (var->namelen > MAX_NAME_SIZE) + if (var->namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(consumer); if (IS_ERR(auth)) return PTR_ERR(auth); - if (consumer == PKS_OS_OWNER) { + if (consumer == PLPKS_OS_OWNER) { label = construct_label(var->component, var->os, var->name, var->namelen); if (IS_ERR(label)) { @@ -388,7 +375,7 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_label; } - if (consumer == PKS_OS_OWNER) + if (consumer == PLPKS_OS_OWNER) rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth), virt_to_phys(label), label->size, virt_to_phys(output), maxobjsize); @@ -428,17 +415,17 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) int plpks_read_os_var(struct plpks_var *var) { - return plpks_read_var(PKS_OS_OWNER, var); + return plpks_read_var(PLPKS_OS_OWNER, var); } int plpks_read_fw_var(struct plpks_var *var) { - return plpks_read_var(PKS_FW_OWNER, var); + return plpks_read_var(PLPKS_FW_OWNER, var); } int plpks_read_bootloader_var(struct plpks_var *var) { - return plpks_read_var(PKS_BOOTLOADER_OWNER, var); + return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var); } static __init int pseries_plpks_init(void) From patchwork Fri Jan 20 07:42:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46196 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65771wrn; Thu, 19 Jan 2023 23:45:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXsmUMQ+rXzMKhRs6EmL6ztiJ/1bK7WgDhTLM6gB12z4RE7cg1xx605vdUJPIytp7iE7Fl2p X-Received: by 2002:a05:6a20:3a8f:b0:af:74f5:93a3 with SMTP id d15-20020a056a203a8f00b000af74f593a3mr13209386pzh.61.1674200730030; Thu, 19 Jan 2023 23:45:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200730; cv=none; d=google.com; s=arc-20160816; b=LcQNX4G46j2/X8bUTpS5ZKcp1n62nt5zrp++xi0kbLRSQp5LGxCAHO3nhYtBBt9Sio cHxImUJSK1M0rwu6bvTJo5XMY3MHCQ3raXsLsv4xk3+Kw7i6O+3+0x6xnyYRXJyv+NCN rY9NMkZN3eF5q+dSw73cFy62rD/wvAr8pFcQsRm/p3wHiTKDvEqlQATza0Hk3nLVKrmS VSKj0Tg6MIdJj4RurM7iLSMBj5/cQXiak7hU4eBZXodmnWMWKmjRnjjPvnHom2/UshWe GBZF29XMZiKKI2haEeRFyoPfuk6gwXfn/3tuFw1dpsrsT6Icpwpz0cBlA631NuBKLUcb FBTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hP9qjlGVsrBjTqu2sisIkUsIKpm1YIbazfgyAY8cBmo=; b=C09mH0JCyCi4V/LtuHnwVDAShvaaoF9Vfg3e5Ug7EAg3LEHJoV/BdVoshBQzpoxy/g YT7DKE2ieyIGJjXeZ4pkEizZmnmyj5amGFZhy3wVxwVHVqS+dAteMWHUkUZfjkUfntVY c8XG6vxcT30l8lVmKl4/jd5fJIo7DpUJsXRE8VAAbYXIjNxULADyHIOHWgPd1kQd2MgA 4P4WwxrDDI5FhVabat4W0MtbS2VGGsdOXDUZnb6JIU8JnWaCe0mab78/2xHzAB/hH/2I uoixpP1noRRhSGx3FmLNBDmIN+qUJ9ndZBMaLW80/oFImLqqk00rN43YTz1v4BNgB2Qx FCTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=KqfIoJmG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a10-20020a634d0a000000b004782ca58117si40907987pgb.611.2023.01.19.23.45.17; Thu, 19 Jan 2023 23:45:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=KqfIoJmG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230309AbjATHoo (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230226AbjATHnw (ORCPT ); Fri, 20 Jan 2023 02:43:52 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0A307DFAC; Thu, 19 Jan 2023 23:43:49 -0800 (PST) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K6U130017292; Fri, 20 Jan 2023 07:43:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=hP9qjlGVsrBjTqu2sisIkUsIKpm1YIbazfgyAY8cBmo=; b=KqfIoJmGJEmyQsFPaLr9B5I2N5fRuXxzyQmWJlv+dBZU7Ourr/PCPRSq6uiZx3+RkghB 4JNVDxHUZl2NHDyWHJl8UpRYX03Xo9+j6m4vueiNFPBuBVfYVXfu0ZlJbtTa5xwkN4hR IzLt8M3HAI91I5DPyFkaMefcCp3kt7j+AZdtH+rIY70eM4dENgSg7PBTNH6PlVBgaLWO 1b7QySY144vMuSr6eMRRx+vPa0tQM+eGEwhLstGyyo/duCHzSaK/85EFEUFO/FWHg1wM 6Or9cldYAfwe3WBN39tYJ6qF96bC5dbH/CkHvu/uoEbLRWv52aSVMKSw3DGZz8tEul2Z aA== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7nr9hed8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JJXD1R030244; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3n3m16njj7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7haQN22217146 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:36 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 946AC2004D; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9F76320040; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 28A0360972; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 15/24] powerpc/pseries: Expose PLPKS config values, support additional fields Date: Fri, 20 Jan 2023 18:42:57 +1100 Message-Id: <20230120074306.1326298-16-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: hBWZ4aXL3kv8_pynrOGj2V_wjnwfFTZ4 X-Proofpoint-GUID: hBWZ4aXL3kv8_pynrOGj2V_wjnwfFTZ4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 spamscore=0 malwarescore=0 bulkscore=0 priorityscore=1501 adultscore=0 lowpriorityscore=0 mlxlogscore=999 mlxscore=0 clxscore=1015 suspectscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526704245387190?= X-GMAIL-MSGID: =?utf-8?q?1755526704245387190?= From: Nayna Jain The plpks driver uses the H_PKS_GET_CONFIG hcall to retrieve configuration and status information about the PKS from the hypervisor. Update _plpks_get_config() to handle some additional fields. Add getter functions to allow the PKS configuration information to be accessed from other files. Validate that the values we're getting comply with the spec. While we're here, move the config struct in _plpks_get_config() off the stack - it's getting large and we also need to make sure it doesn't cross a page boundary. Signed-off-by: Nayna Jain [ajd: split patch, extend to support additional v3 API fields, minor fixes] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Refresh config values in plpks_get_usedspace() (ajd) Validate the config values being returned comply with spec (ruscur) Return maxobjlabelsize as is (ruscur) Move plpks.h to include/asm (ruscur) Fix checkpatch checks (ruscur) --- arch/powerpc/include/asm/plpks.h | 58 ++++++++++ arch/powerpc/platforms/pseries/plpks.c | 149 +++++++++++++++++++++++-- 2 files changed, 195 insertions(+), 12 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 6466aadd7145..7c5f51a9af7c 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -96,6 +96,64 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); +/** + * Returns if PKS is available on this LPAR. + */ +bool plpks_is_available(void); + +/** + * Returns version of the Platform KeyStore. + */ +u8 plpks_get_version(void); + +/** + * Returns hypervisor storage overhead per object, not including the size of + * the object or label. Only valid for config version >= 2 + */ +u16 plpks_get_objoverhead(void); + +/** + * Returns maximum password size. Must be >= 32 bytes + */ +u16 plpks_get_maxpwsize(void); + +/** + * Returns maximum object size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectsize(void); + +/** + * Returns maximum object label size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectlabelsize(void); + +/** + * Returns total size of the configured Platform KeyStore. + */ +u32 plpks_get_totalsize(void); + +/** + * Returns used space from the total size of the Platform KeyStore. + */ +u32 plpks_get_usedspace(void); + +/** + * Returns bitmask of policies supported by the hypervisor. + */ +u32 plpks_get_supportedpolicies(void); + +/** + * Returns maximum byte size of a single object supported by the hypervisor. + * Only valid for config version >= 3 + */ +u32 plpks_get_maxlargeobjectsize(void); + +/** + * Returns bitmask of signature algorithms supported for signed updates. + * Only valid for config version >= 3 + */ +u64 plpks_get_signedupdatealgorithms(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 91f3f623a2c7..1189246b03dc 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -24,8 +24,16 @@ static u8 *ospassword; static u16 ospasswordlength; // Retrieved with H_PKS_GET_CONFIG +static u8 version; +static u16 objoverhead; static u16 maxpwsize; static u16 maxobjsize; +static s16 maxobjlabelsize; +static u32 totalsize; +static u32 usedspace; +static u32 supportedpolicies; +static u32 maxlargeobjectsize; +static u64 signedupdatealgorithms; struct plpks_auth { u8 version; @@ -206,32 +214,149 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, static int _plpks_get_config(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - struct { + struct config { u8 version; u8 flags; - __be32 rsvd0; + __be16 rsvd0; + __be16 objoverhead; __be16 maxpwsize; __be16 maxobjlabelsize; __be16 maxobjsize; __be32 totalsize; __be32 usedspace; __be32 supportedpolicies; - __be64 rsvd1; - } __packed config; + __be32 maxlargeobjectsize; + __be64 signedupdatealgorithms; + u8 rsvd1[476]; + } __packed * config; size_t size; - int rc; + int rc = 0; + + size = sizeof(*config); + + // Config struct must not cross a page boundary. So long as the struct + // size is a power of 2, this should be fine as alignment is guaranteed + config = kzalloc(size, GFP_KERNEL); + if (!config) { + rc = -ENOMEM; + goto err; + } + + rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size); + + if (rc != H_SUCCESS) { + rc = pseries_status_to_err(rc); + goto err; + } + + version = config->version; + objoverhead = be16_to_cpu(config->objoverhead); + maxpwsize = be16_to_cpu(config->maxpwsize); + maxobjsize = be16_to_cpu(config->maxobjsize); + maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize); + totalsize = be32_to_cpu(config->totalsize); + usedspace = be32_to_cpu(config->usedspace); + supportedpolicies = be32_to_cpu(config->supportedpolicies); + maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize); + signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms); + + // Validate that the numbers we get back match the requirements of the spec + if (maxpwsize < 32) { + pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize); + rc = -EIO; + goto err; + } + + if (maxobjlabelsize < 255) { + pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n", + maxobjlabelsize); + rc = -EIO; + goto err; + } - size = sizeof(config); + if (totalsize < 4096) { + pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize); + rc = -EIO; + goto err; + } + + if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) { + pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize); + rc = -EIO; + goto err; + } + +err: + kfree(config); + return rc; +} + +u8 plpks_get_version(void) +{ + return version; +} - rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(&config), size); +u16 plpks_get_objoverhead(void) +{ + return objoverhead; +} - if (rc != H_SUCCESS) - return pseries_status_to_err(rc); +u16 plpks_get_maxpwsize(void) +{ + return maxpwsize; +} - maxpwsize = be16_to_cpu(config.maxpwsize); - maxobjsize = be16_to_cpu(config.maxobjsize); +u16 plpks_get_maxobjectsize(void) +{ + return maxobjsize; +} + +u16 plpks_get_maxobjectlabelsize(void) +{ + return maxobjlabelsize; +} + +u32 plpks_get_totalsize(void) +{ + return totalsize; +} + +u32 plpks_get_usedspace(void) +{ + // Unlike other config values, usedspace regularly changes as objects + // are updated, so we need to refresh. + int rc = _plpks_get_config(); + if (rc) { + pr_err("Couldn't get config, rc: %d\n", rc); + return 0; + } + return usedspace; +} + +u32 plpks_get_supportedpolicies(void) +{ + return supportedpolicies; +} + +u32 plpks_get_maxlargeobjectsize(void) +{ + return maxlargeobjectsize; +} + +u64 plpks_get_signedupdatealgorithms(void) +{ + return signedupdatealgorithms; +} + +bool plpks_is_available(void) +{ + int rc; + + rc = _plpks_get_config(); + if (rc) + return false; - return 0; + return true; } static int plpks_confirm_object_flushed(struct label *label, From patchwork Fri Jan 20 07:42:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46195 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65698wrn; Thu, 19 Jan 2023 23:45:16 -0800 (PST) X-Google-Smtp-Source: AMrXdXuK7Z+Pud743VYi0DOjZK4JehDjilF2SMXhgYYq34Ee7hV+jmH1MLsL0ZS2bZJRqZUWC5Q1 X-Received: by 2002:a05:6a20:d68c:b0:b8:65b8:6a4e with SMTP id it12-20020a056a20d68c00b000b865b86a4emr16127084pzb.45.1674200715886; Thu, 19 Jan 2023 23:45:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200715; cv=none; d=google.com; s=arc-20160816; b=esCxZHJFGn4ITttDD2idd4WzeDlJ5OOMVvyrnEkhow2DArSJnbfG61Ska5+23h6IFt QHMW0DqLu6y2oheIVegQpCP2OAHe8Mujl7uU46hHEPfRH3vvBdVRjP+R7U2cOhgnwdTU DWUkMZCpCCpIjErwtfaYpwtV6RxSZgknlUtPrxgCx1UifaKlbKBztlP9K/MrJ3hRpRa9 ESR2uwLZgiLxd7k81FXUHRt77GrCTuG6N/qFob26uMOU8KaL7rFm8GiusUFWdeBRM0PJ LCG7Gqk+cxYHOmuruaWyfN0szHWSRIA9bRfnoDYOFuPJrgTMYhD79pcJKzydHxWX28rC ItLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9prdjajQNkVKI8t/9K1zOS6ovteYwDz+UuInU72mFd4=; b=sFhJkXQnK9UpY4QfYse5vOFg9JVrU2ylL78UkvpsKirIiCsLLAF/1x8kY7G3tHOywY Wk1zrQ8970ZFsCGst52mf8xuKfbNUkaKeW+2ttlrijP1QLrBxkbNh2fhCe8AR4Qh8FPz F/CV7ha11isLt5WpUVTNBmnf1VUDSrwmvNCDKuZww3B5PYC4moEzcGilrokpVgkYlpdI mYQImo1RojBwAyzDOJoXxKTRQAtDFhgAz3MmIJrpeGVXijbaBhwvLQRUBe4rai4OV7Vt PHKHVlM68MhHr9xNfh1OnT/hMsSlyw2n1JB4+z6mmGqKTt4/TAd/kqhnK61QuIJ0h67I sF+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UidKZLfg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e125-20020a621e83000000b005726ac39d2esi4952278pfe.30.2023.01.19.23.45.03; Thu, 19 Jan 2023 23:45:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UidKZLfg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231131AbjATHol (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230223AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF33A7DFAD; Thu, 19 Jan 2023 23:43:49 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K6nVcJ012193; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=9prdjajQNkVKI8t/9K1zOS6ovteYwDz+UuInU72mFd4=; b=UidKZLfgK3K7+4pC1EtdtdVce2E8/or4zBuPDiIwTAGAEs0gxjv4Ovm24kuOA0LKGe7Y QrQuS7aPTndn+/jSEhyG0lFWkGBVhBa1odwb84Csqa8zScMvIGedgdp+QORMTZXoyJHR kP47SzBFgjdwHbQ2Yr8YJEF6c+xlaBu6NxbN//u38oYATOmKM9DM4bXnAdO3kcNWf8w9 4Up/N+RdFVEQ8M2nmVQsilsXh0iYtnpD44u39hwNxDhPhR6zTSyoepfKOOaCQjzwdTsw zCWD4L9Sh4dKYaR3G3FG2JRstYF0wrZC4wilgf4wHzTW+Mw1EJ1VmJNkG4WZgmCM6pmh HQ== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7p1e92gw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30K3Pmve010967; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dk62-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7haFh23986840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:36 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9564C2004E; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A071420043; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:35 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 2DF566097C; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 16/24] powerpc/pseries: Implement signed update for PLPKS objects Date: Fri, 20 Jan 2023 18:42:58 +1100 Message-Id: <20230120074306.1326298-17-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: oiM3uiDz2LqTpUi-PdMzmA06D0C13yWM X-Proofpoint-GUID: oiM3uiDz2LqTpUi-PdMzmA06D0C13yWM X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 mlxscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 priorityscore=1501 impostorscore=0 clxscore=1015 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526690202531762?= X-GMAIL-MSGID: =?utf-8?q?1755526690202531762?= From: Nayna Jain The Platform Keystore provides a signed update interface which can be used to create, replace or append to certain variables in the PKS in a secure fashion, with the hypervisor requiring that the update be signed using the Platform Key. Implement an interface to the H_PKS_SIGNED_UPDATE hcall in the plpks driver to allow signed updates to PKS objects. (The plpks driver doesn't need to do any cryptography or otherwise handle the actual signed variable contents - that will be handled by userspace tooling.) Signed-off-by: Nayna Jain [ajd: split patch, add timeout handling and misc cleanups] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Fix error code handling in plpks_confirm_object_flushed() (ruscur) Pass plpks_var struct to plpks_signed_update_var() by reference (mpe) Consistent constant naming scheme (ruscur) v4: Fix MAX_HCALL_OPCODE rebasing issue (npiggin) --- arch/powerpc/include/asm/hvcall.h | 1 + arch/powerpc/include/asm/plpks.h | 5 ++ arch/powerpc/platforms/pseries/plpks.c | 71 ++++++++++++++++++++++++-- 3 files changed, 72 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index 95fd7f9485d5..c099780385dd 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -335,6 +335,7 @@ #define H_RPT_INVALIDATE 0x448 #define H_SCM_FLUSH 0x44C #define H_GET_ENERGY_SCALE_INFO 0x450 +#define H_PKS_SIGNED_UPDATE 0x454 #define H_WATCHDOG 0x45C #define MAX_HCALL_OPCODE H_WATCHDOG diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 7c5f51a9af7c..e7204e6c0ca4 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -68,6 +68,11 @@ struct plpks_var_name_list { struct plpks_var_name varlist[]; }; +/** + * Updates the authenticated variable. It expects NULL as the component. + */ +int plpks_signed_update_var(struct plpks_var *var, u64 flags); + /** * Writes the specified var and its data to PKS. * Any caller of PKS driver should present a valid component type for diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 1189246b03dc..796ed5544ee5 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -81,6 +81,12 @@ static int pseries_status_to_err(int rc) err = -ENOENT; break; case H_BUSY: + case H_LONG_BUSY_ORDER_1_MSEC: + case H_LONG_BUSY_ORDER_10_MSEC: + case H_LONG_BUSY_ORDER_100_MSEC: + case H_LONG_BUSY_ORDER_1_SEC: + case H_LONG_BUSY_ORDER_10_SEC: + case H_LONG_BUSY_ORDER_100_SEC: err = -EBUSY; break; case H_AUTHORITY: @@ -184,14 +190,17 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, u16 namelen) { struct label *label; - size_t slen; + size_t slen = 0; if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); - slen = strlen(component); - if (component && slen > sizeof(label->attr.prefix)) - return ERR_PTR(-EINVAL); + // Support NULL component for signed updates + if (component) { + slen = strlen(component); + if (slen > sizeof(label->attr.prefix)) + return ERR_PTR(-EINVAL); + } // The label structure must not cross a page boundary, so we align to the next power of 2 label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); @@ -397,6 +406,58 @@ static int plpks_confirm_object_flushed(struct label *label, return pseries_status_to_err(rc); } +int plpks_signed_update_var(struct plpks_var *var, u64 flags) +{ + unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0}; + int rc; + struct label *label; + struct plpks_auth *auth; + u64 continuetoken = 0; + u64 timeout = 0; + + if (!var->data || var->datalen <= 0 || var->namelen > PLPKS_MAX_NAME_SIZE) + return -EINVAL; + + if (!(var->policy & PLPKS_SIGNEDUPDATE)) + return -EINVAL; + + auth = construct_auth(PLPKS_OS_OWNER); + if (IS_ERR(auth)) + return PTR_ERR(auth); + + label = construct_label(var->component, var->os, var->name, var->namelen); + if (IS_ERR(label)) { + rc = PTR_ERR(label); + goto out; + } + + do { + rc = plpar_hcall9(H_PKS_SIGNED_UPDATE, retbuf, + virt_to_phys(auth), virt_to_phys(label), + label->size, var->policy, flags, + virt_to_phys(var->data), var->datalen, + continuetoken); + + continuetoken = retbuf[0]; + if (pseries_status_to_err(rc) == -EBUSY) { + int delay_ms = get_longbusy_msecs(rc); + mdelay(delay_ms); + timeout += delay_ms; + } + rc = pseries_status_to_err(rc); + } while (rc == -EBUSY && timeout < PLPKS_MAX_TIMEOUT); + + if (!rc) + rc = plpks_confirm_object_flushed(label, auth); + + kfree(label); +out: + kfree(auth); + + return rc; +} +EXPORT_SYMBOL(plpks_signed_update_var); + int plpks_write_var(struct plpks_var var) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; @@ -443,7 +504,7 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) + if (vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(PLPKS_OS_OWNER); From patchwork Fri Jan 20 07:42:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46192 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65620wrn; Thu, 19 Jan 2023 23:45:02 -0800 (PST) X-Google-Smtp-Source: AMrXdXs366ct96Hl0GHZ2bIRCrVAn3fkgPYfSWm1Xm0AA82LNC4+l/EMji4dvif3tUoJM1fDxYW/ X-Received: by 2002:a05:6a20:6f62:b0:b2:48e8:e3a9 with SMTP id gu34-20020a056a206f6200b000b248e8e3a9mr12285427pzb.12.1674200702441; Thu, 19 Jan 2023 23:45:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200702; cv=none; d=google.com; s=arc-20160816; b=UPtojvB7w48TF/jbSPkTyxusnbNAfpcdugVybtYsHEWlo8h8jmFx8S1FRIHKf2SDHS plWlmWjtcCCPkx/O6h+uxkYQMOjDXVpUp07hrX2B+r1kdYMkUNOPGcBoeqRNKOwaYUqU tAbizPBxnSyKGCtxCqcyRmXTUodADRtSKzxhAkQagRAEJrnfYm6HvUXTxzZgopbQc3pD e9UC+A16HauTAmwPBMA6rfYcdrCC32EUr2LR5J9CHyhPFH2TL92toO08+6YHROpSh5AH lmbfsDUV06hS/4MI7AfahN/rsnfuTiM7qEPwADA8QiUSL2xEoaZ+Q9GTQef4WWor9MEB lTwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pI3uCdNIdbUl/d/24uN/7o7/82qohxj6n/F3JEnXxcE=; b=rfBM11O1uo4fVgZLPMMsN8uo2nYM4broTpk33QZCriu4RPW9FIhZ9p9EU33iCB9RIK AiYCA3EJqJL/eWfAlhMZjdEW27r5dUno7wC5x6z33W8oyB26Hhu//o//r1441Ivg87Uc eL3q/lWngjNGqrz8J4/o+ZlqTzpoEZoDx37pFzRQaMQu63CfeUZ5Rc7zv8nx2HE+iDXl gPrC6RuL/DIaHMqURwiHciuCZW3aBwlUH4Egz1RNen9GZzeb2MDm5+duO+AvqDsqKtAe TQjUvBrVNdLmrkEsYLwhl+P2Fz/p8UE7EHpHBddGOU0YNqsyFNk59Uuj9bh0xRI4S68a ee6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Y47Npgif; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t10-20020a63224a000000b00478f9831638si39144801pgm.286.2023.01.19.23.44.49; Thu, 19 Jan 2023 23:45:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Y47Npgif; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230495AbjATHob (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230215AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B94E182D5D; Thu, 19 Jan 2023 23:43:49 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7Jg6A027759; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=pI3uCdNIdbUl/d/24uN/7o7/82qohxj6n/F3JEnXxcE=; b=Y47NpgifnlQQHTrcv4FMeqFkQlN6XsjaOKJuxua3EpLU/pcTjtO6wm4goDMtEm2AEcJg 0zCazLZ87ST2ObDNPgmvfeGRIeS4089fZ+eECpm3ZwbuRgYYldUrclwAwDncvriYB51f PwGeHE/F18a+bIob2ZKBK2ngo6eAXGrTc4vrLNVhh5Kj8pNlfNKZh4szOVK9xdA7Ciw7 JWNf+dq7mZNynfPrW9NBxKYZJ5krziwwNpDlAZ31n83ypo5qpuefp1MyOjZqW+ykW+5t BJ15CGW4QPeSij/AvKFRC9QqZPyq+LDEBS0Z9W8soGrDJp/ZMy5VPMC9EiMqZkKmhk+F Aw== Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pfj8cka-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JJerVX023792; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16qp3f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hbix47120850 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:37 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1C1E420049; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 948FB20043; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 3CF906096D; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 17/24] powerpc/pseries: Log hcall return codes for PLPKS debug Date: Fri, 20 Jan 2023 18:42:59 +1100 Message-Id: <20230120074306.1326298-18-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 0kkhtdPqLJuZrYuqIpQ8sXzzYby9r8vR X-Proofpoint-GUID: 0kkhtdPqLJuZrYuqIpQ8sXzzYby9r8vR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 adultscore=0 bulkscore=0 suspectscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526675392714497?= X-GMAIL-MSGID: =?utf-8?q?1755526675392714497?= From: Russell Currey The plpks code converts hypervisor return codes into their Linux equivalents so that users can understand them. Having access to the original return codes is really useful for debugging, so add a pr_debug() so we don't lose information from the conversion. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- arch/powerpc/platforms/pseries/plpks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 796ed5544ee5..96a026a37285 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -117,6 +117,8 @@ static int pseries_status_to_err(int rc) err = -EINVAL; } + pr_debug("Converted hypervisor code %d to Linux %d\n", rc, err); + return err; } From patchwork Fri Jan 20 07:43:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46203 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp72976wrn; Fri, 20 Jan 2023 00:06:35 -0800 (PST) X-Google-Smtp-Source: AMrXdXs7LoBkjyp3vnlaU0erUHyWiQooQCPu32FwyeNps+NgLb62TKHC9jh0eCm1WO9yCt9lBKSy X-Received: by 2002:a17:906:a21a:b0:877:7157:9358 with SMTP id r26-20020a170906a21a00b0087771579358mr5373351ejy.10.1674201995585; Fri, 20 Jan 2023 00:06:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674201995; cv=none; d=google.com; s=arc-20160816; b=uzlHpqHMr1sCs092H6Pp71jkcYzdPjwhYtu+0SeYepywhF1XC90yxEE70xOzeXlxmb Ir3qIF/XHzjAx4tZzZLaEH8ZRLS7LNV8wmethZYrWBySHplZeDWb96dhez6BQmuSi4yc vuHIKq3ewxXy7fnuPMaFgZRbJPxMVgxNteQTHxZUM8mST8qcdC8BqYIgL0J7VT41w9xr mglGd/nDOjR2m2LNzVKs0d3/VxQB5yE1qrJSVnViBwCGYiv808agHK7nk0ty8HdDHx9t Nna8ouwVyTGacqSyfT4FIqRjWseoDXFhJ5YInPf5iyrk5PhmyzJ7QYhKhNRVciBWpkt8 uOVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=tOqrA5VidJRNAvnD59zsGYLxdqrQfaR9ST7oWeBkVOs=; b=CeeUid/BmRE2v0yKPmaXTu9KDm+6nn2HJhXHrtSMlNbF2cZxdzPD5FJD/7kDa9K5TG oK5jYtUXJG7f0zl+eluHdhd6UVaIivCumv+G94B0Y7IFVTcnn2hOCQewrkoRz/0s1T47 o8B+gKLFF7Qx8arJhEJmmkNHD9QLLD58XjUVx8TQhiDb9DKt3X+/DaZcCL+saQ4ev/Q9 yNO7ooJss6A3C1xohYE92nQWsMFpuA61b6nn701GVxc0xCJ9Rq99gAaiioy9I/XOgK7l Ap0kl2Ft6uXWLwrwOSRJEHHkcQuJfKpC5iJ1zmYMDx3K/mMWH3e2cQRFMLXWA1YOzVp0 +5lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=oUStr7GC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sa9-20020a1709076d0900b008776a7302eesi5557124ejc.923.2023.01.20.00.06.11; Fri, 20 Jan 2023 00:06:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=oUStr7GC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231229AbjATHpB (ORCPT + 99 others); Fri, 20 Jan 2023 02:45:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230305AbjATHoD (ORCPT ); Fri, 20 Jan 2023 02:44:03 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD9018728E; Thu, 19 Jan 2023 23:43:54 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7VeZP002519; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=tOqrA5VidJRNAvnD59zsGYLxdqrQfaR9ST7oWeBkVOs=; b=oUStr7GChZRIyQ4bMRo6lXPKv3lK7fIQMG5gApmrAICSGPsF0nXKt2vKapDd8fq+ZzEr lpBd+bnj+m/mrO+6IjY1Hhoqf4VK1nPwwVPNStd+jcOTEkHwvhaqAjsATcnCsVYRAK59 IIpgZEY7cVBaDTvKFBTmg5bI2Vzxo4G2v9f6ym14KZy/tCd2YmteEWP00SdIswUTMc2P GBOuVgnWcoy76dTCJwfyA9mDORL4WICSiZOmhNX/A9b9+ekBtjtoZFpswBbikYN3kDL/ WYv9z8yewfUn6mYKQZtb+/5jAteora9GBrH1c31w9tTBZA4j/l3M7vnxp7FnKIZnprqG 8w== Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pn5074y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:42 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JN76PG006701; Fri, 20 Jan 2023 07:43:40 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3n3m16njxe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hb8L36831672 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:37 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8332D20040; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8D0B620049; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 41B4B609A2; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 18/24] powerpc/pseries: Make caller pass buffer to plpks_read_var() Date: Fri, 20 Jan 2023 18:43:00 +1100 Message-Id: <20230120074306.1326298-19-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: xQagXfniv3MhBxPlqvykTh4A56-LXySU X-Proofpoint-GUID: xQagXfniv3MhBxPlqvykTh4A56-LXySU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 mlxlogscore=999 clxscore=1015 spamscore=0 adultscore=0 phishscore=0 malwarescore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755528031888555080?= X-GMAIL-MSGID: =?utf-8?q?1755528031888555080?= Currently, plpks_read_var() allocates a buffer to pass to the H_PKS_READ_OBJECT hcall, then allocates another buffer, of the caller's preferred size if necessary, into which the data is copied, and returns that buffer to the caller. This is a bit over the top - while we probably still want to allocate a separate buffer to pass to the hypervisor in the hcall, we can let the caller allocate the final buffer and specify the size. Don't allocate var->data in plpks_read_var(), instead expect the caller to allocate it. If the caller needs to discover the size, it can set var->data to NULL and var->datalen will be populated. Update header file to document this. Suggested-by: Michael Ellerman Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch (mpe) --- arch/powerpc/include/asm/plpks.h | 12 ++++++++++++ arch/powerpc/platforms/pseries/plpks.c | 11 ++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index e7204e6c0ca4..0c49969b0864 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -88,16 +88,28 @@ int plpks_remove_var(char *component, u8 varos, /** * Returns the data for the specified os variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_os_var(struct plpks_var *var); /** * Returns the data for the specified firmware variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_fw_var(struct plpks_var *var); /** * Returns the data for the specified bootloader variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_bootloader_var(struct plpks_var *var); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 96a026a37285..5d9c6a3b2014 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -578,17 +578,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_output; } - if (var->datalen == 0 || var->datalen > retbuf[0]) + if (!var->data || var->datalen > retbuf[0]) var->datalen = retbuf[0]; - var->data = kzalloc(var->datalen, GFP_KERNEL); - if (!var->data) { - rc = -ENOMEM; - goto out_free_output; - } var->policy = retbuf[1]; - memcpy(var->data, output, var->datalen); + if (var->data) + memcpy(var->data, output, var->datalen); + rc = 0; out_free_output: From patchwork Fri Jan 20 07:43:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46199 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65946wrn; Thu, 19 Jan 2023 23:46:05 -0800 (PST) X-Google-Smtp-Source: AMrXdXud8sS2+J8AEZqT2lOkOV8A/wSyVoslwjJ1R27j5f4farzH/+tIivGSOyMUJEz0ZCayKwxv X-Received: by 2002:a05:6a00:301b:b0:586:9ba7:530e with SMTP id ay27-20020a056a00301b00b005869ba7530emr15652487pfb.31.1674200765183; Thu, 19 Jan 2023 23:46:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200765; cv=none; d=google.com; s=arc-20160816; b=osPYscpJp+8Xg/Tthr4YijnUwk51wHBWvtME0xpqgK7fB10ViT3AiNXCoATJXBKNlu MywAGODPcLQ4zApJWKylvfmoG/k1rD0RvqESYSDhCtnTJYeNOaKkDbE5/vhOAS0o3N6O EWId2T5K72NAndplpdpOj9iAeaLX2bxA0j8F+WJTmjMIn0zhjTMutZ96k8XoBjgfxQEq FVyN4qFvjzJAWujNLZ5rDvjC3vmG5WlwdEH6EcuFucOMl4olT/TIuylRdK4sT1aLGn5x CW4kJwwNOgeezlr6uWDnZ/qTMZEYoAZijR2UrukTrhQkVCWySh0oSkKHZKEu/pW4dOdl O5WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=E0dq3ETgVtjHnACRGN3zQsVSK1Z5Iyw8g63/v3XZrW4=; b=TcYTFVaXlLqePpaXI9YqlglUyVhwAwPkIPt60VuIAdI9aIN8bvYI71EvQO0mB5uKCU vpsD1ocJYcTHf3f9KbWbSjU8Wnbv4paOrLLJp9EKdz2UrCKO0CpswO6KD5VqGaV+LjgQ ReMlBVRYdwAU/b9vwXiap+Y2qusgRyqiXtUN2kJp18mKcMX4gd4NWtKUYp1MHE6GbiSP D9lFM6orGg1iawqlGW8wS32bDiAFOdGbIDvNmzBmImypg2d5CnE7EG/hmAWUnV7gyTGK vO7ay0se+o7ZdFWl/qIU/PUdpSCoX9Lo7LMBPtiJtT0EeSKWeiiP7gqXRPmfpah6DDc9 XGbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=RPfzjDcH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k133-20020a636f8b000000b004ba3656506csi27179390pgc.559.2023.01.19.23.45.52; Thu, 19 Jan 2023 23:46:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=RPfzjDcH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231214AbjATHo4 (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230250AbjATHnx (ORCPT ); Fri, 20 Jan 2023 02:43:53 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC85A87291; Thu, 19 Jan 2023 23:43:52 -0800 (PST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K5nbVk025103; Fri, 20 Jan 2023 07:43:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=E0dq3ETgVtjHnACRGN3zQsVSK1Z5Iyw8g63/v3XZrW4=; b=RPfzjDcH4boOZKrdwrVNms+7rDp81wcxe1b+C87zikOwp4KVysemig+GINqnUpAB+3MO RB9WoepQkSxwXbjvAoj4TTF0klKBTEgqM2P9rCkuVMGH6vghtTzXrJpZDcd/FXFJsLIg CTKKrj0OUC/m1xpcY2vNa3aHlW3Aq2zUW/QaqLFftA7zbs9PD0TVR368pNgWxy3tQu8d u2Nxk+KSXVZdeXk3Z2XpuEExek2VnYnPoXaZoQpKYoB6l9CyCqmBJd4L3nCtVLG1+gOh XyRWHjf1v8nLOVjchH4t7aSkea8b5SibPJENRClIQRKALaI+0fGlsjyhYj84Vn2Qzh0U VA== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7n5b23s2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JH5NIr006282; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3n3knfqpam-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:38 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7haaj22545106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:36 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8E6F02004D; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1460920040; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 46B00609BC; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 19/24] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Date: Fri, 20 Jan 2023 18:43:01 +1100 Message-Id: <20230120074306.1326298-20-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: VQTAVo_UNEWs_W_3PmJ9Eq9LSd5YwJ9R X-Proofpoint-ORIG-GUID: VQTAVo_UNEWs_W_3PmJ9Eq9LSd5YwJ9R X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 clxscore=1015 spamscore=0 adultscore=0 priorityscore=1501 bulkscore=0 mlxlogscore=784 impostorscore=0 suspectscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526741776063700?= X-GMAIL-MSGID: =?utf-8?q?1755526741776063700?= It seems a bit unnecessary for the PLPKS code to have a user-visible config option when it doesn't do anything on its own, and there's existing options for enabling Secure Boot-related features. It should be enabled by PPC_SECURE_BOOT, which will eventually be what uses PLPKS to populate keyrings. However, we can't get of the separate option completely, because it will also be used for SED Opal purposes. Change PSERIES_PLPKS into a hidden option, which is selected by PPC_SECURE_BOOT. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v3: New patch --- arch/powerpc/Kconfig | 1 + arch/powerpc/platforms/pseries/Kconfig | 11 +---------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b8c4ac56bddc..d4ed46101bec 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -1029,6 +1029,7 @@ config PPC_SECURE_BOOT depends on PPC_POWERNV || PPC_PSERIES depends on IMA_ARCH_POLICY imply IMA_SECURE_AND_OR_TRUSTED_BOOT + select PSERIES_PLPKS if PPC_PSERIES help Systems with firmware secure boot enabled need to define security policies to extend secure boot to the OS. This config allows a user diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index a3b4d99567cb..82b6f993be0f 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -151,16 +151,7 @@ config IBMEBUS config PSERIES_PLPKS depends on PPC_PSERIES - bool "Support for the Platform Key Storage" - help - PowerVM provides an isolated Platform Keystore(PKS) storage - allocation for each LPAR with individually managed access - controls to store sensitive information securely. It can be - used to store asymmetric public keys or secrets as required - by different usecases. Select this config to enable - operating system interface to hypervisor to access this space. - - If unsure, select N. + bool config PAPR_SCM depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM From patchwork Fri Jan 20 07:43:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46191 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65609wrn; Thu, 19 Jan 2023 23:45:01 -0800 (PST) X-Google-Smtp-Source: AMrXdXtMbjivOVr0XS2fWUC2bRa8laDphRl2F8aUoggEu/03nNv7Ou8cDE3hOEnrovcn/pAIMxAs X-Received: by 2002:a17:90b:3445:b0:228:d1d5:5468 with SMTP id lj5-20020a17090b344500b00228d1d55468mr14452273pjb.25.1674200701627; Thu, 19 Jan 2023 23:45:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200701; cv=none; d=google.com; s=arc-20160816; b=GpAYy1I10q91aFI2kkSaNyueQrpEuDs+B9srt45IBC5+JdJ9dpNq57I97pQAlqPD7z Ar2q2kCT7A67ZoUu6nBVG6WfhGEE4dSp7G/zQGDfsgNeH1pZSMqScIrmPgIBOWGImEwk fG//DqNXu+zRxK0V6qoNIPA6QgVwtFBXMREYfo+LMjWkfQQzgyI1p98Gy5Z9gU2N/Rg/ KuRo68Lk3+j5gIkqECfNWfLwhdynngpUeFmoS/E2rzzddPmTlIRbLjpO05/+mrmyclKA qg2xRt2u311vLPz8s5hSQ/1fwf0E69q04gWUto+b26Sf2RHwCs2fuupFixl+yNLS2Rz0 f2mQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NbAGOkJyKTdzGBUpPMnKfY++xIugD/a7G/Z7957aSpQ=; b=lftRSQn8rlgaoL5FT4fUURlA0xJpzyKA6Xk6cwSqH73eOoXHgvgUvOosa5bcp0RzgY CtBDIRoHV1+TXS6AIm8FhXuWTwk8/apnIuz0v6x3976R9BnbEsJc2vXAKHI7Pcf3lrg2 YzZVyRiLUS6IJu2ETJagiyEDUZsuVoe0c5QCs8owabInVkNRxtLNqsizUvTRjpOxvqKo j8jthnTB35/ex6oIjjM3AaF3i5pJD7XnLFkvXfheXVyHPfF5QMXvg3ft8+4bY4rqcnR5 T4uTtVUmPuZC7/+FzzQsoEEndeceMUUKwbwm4TQUE4xSOZRgBA5B2cLPH5LwnLWRiVNo Iplw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=TWnkXVIP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bb19-20020a17090b009300b00228e80888c9si1880773pjb.14.2023.01.19.23.44.49; Thu, 19 Jan 2023 23:45:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=TWnkXVIP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230484AbjATHo2 (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230208AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD13C819B9; Thu, 19 Jan 2023 23:43:48 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7cbDT012878; Fri, 20 Jan 2023 07:43:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=NbAGOkJyKTdzGBUpPMnKfY++xIugD/a7G/Z7957aSpQ=; b=TWnkXVIPabRootvpTUqpKly+LpldIwRJlXPCw0Arkurdtj3+CabtxDtm1A3n0mw+dskt v2RENRC7ln44bF6qmXFO7xyMPKVUhebSuhKEZk1ZKgUxHIQUifLAgFxtplPP/Flx9Q41 nfvi9JJaGRamij4ICAGPeSjJMTxRKYqblw4Qbk7OKbSfLp7rDXZk1uEKPGZZPyC+r31j 4HW+4nlLoDYLGYsFTz4AS82q8UUn6abWAgNH7g1Aqvh4/dQUPPZwzu+SNsKmgpM4+1rn +8aEXDKCUCmzihyDIdSSqTlHrzGPRzFqpMJlmon5zoQvsC+3FXBf09lNPWpBus/XJyf9 FQ== Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7kvx3gvu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JM88kN001386; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3n3m16qnpq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:38 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7haE715991540 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:36 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 94CB12004B; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 19D1F20043; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 4C3B060996; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 20/24] powerpc/pseries: Add helpers to get PLPKS password Date: Fri, 20 Jan 2023 18:43:02 +1100 Message-Id: <20230120074306.1326298-21-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ojaWay5otVj4GZ229EavEN_0T4rm5W8y X-Proofpoint-GUID: ojaWay5otVj4GZ229EavEN_0T4rm5W8y X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 mlxscore=0 suspectscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 phishscore=0 spamscore=0 mlxlogscore=783 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526675145208394?= X-GMAIL-MSGID: =?utf-8?q?1755526675145208394?= From: Russell Currey Add helper functions to get the PLPKS password. This will be used in a later patch to support passing the password between kernels over kexec. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- arch/powerpc/include/asm/plpks.h | 11 +++++++++++ arch/powerpc/platforms/pseries/plpks.c | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 0c49969b0864..08355c89f5fd 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -171,6 +171,17 @@ u32 plpks_get_maxlargeobjectsize(void); */ u64 plpks_get_signedupdatealgorithms(void); +/** + * Returns the PLPKS password generated by the hypervisor. + * Should only be used to prepare a different OS to use the PLPKS, i.e. kexec. + */ +u8 *plpks_get_password(void); + +/** + * Returns the length of the PLPKS password in bytes. + */ +u16 plpks_get_passwordlen(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 5d9c6a3b2014..b3c7410a4f13 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -359,6 +359,16 @@ u64 plpks_get_signedupdatealgorithms(void) return signedupdatealgorithms; } +u8 *plpks_get_password(void) +{ + return ospassword; +} + +u16 plpks_get_passwordlen(void) +{ + return ospasswordlength; +} + bool plpks_is_available(void) { int rc; From patchwork Fri Jan 20 07:43:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46197 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65791wrn; Thu, 19 Jan 2023 23:45:32 -0800 (PST) X-Google-Smtp-Source: AMrXdXvllujZWswJs+qnkOKDuuK4OdxzBygp1lDeNkl/wbkBCmr9y0Z4b/qJQUQ+NGWNR0rJpnO9 X-Received: by 2002:a17:90b:3eca:b0:22b:b25a:d0be with SMTP id rm10-20020a17090b3eca00b0022bb25ad0bemr593320pjb.49.1674200732622; Thu, 19 Jan 2023 23:45:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200732; cv=none; d=google.com; s=arc-20160816; b=00lnyK6Y0ijn2xZfgpyIbu83ESvB7DJ4D6FaFnUOZPq1LXprilWSFMv/B1pg0UWHRK +a05uRdN2RnzRGcKqYUZ5X2tiKP8DMDsbRAfA0afn+PzncgbguUSRoqpNbGk0UUWLluT M8G0ibprgcLRVzEyBLg8IbAX5AnfXfMnIIjGv4vq0cOfepO6XI2JIRrHKtpgD1KOVRmo yHjJY0k3U9HS8hW4YEbpu5La2BgjODXeM0Hh0SEEurwWRvRwjHrnz+5uy7M4SRMltduL mDgtsD1q0BBXQRBJNDkWUn3HIt9MDiNGchyUjLmkgx+fbn4+8RNT715SEiETF+t1Pngc IuRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8c18rBNboK0RzdDZn2KmS5/NWvIPHXsZKyiDvxnuutI=; b=E6746Id10FnQmuOGMqYPtLy6ukl1gt9DwYxaSDlcJpbCZceUd29kfI58vmSUloZ4hY EHe0EPUzhyPwevfuT7+nhN90mfDorureZaAN2IftBd/pCam2U3jvzvIN8nhFtl1zsEJj SHbjMXAie9MmAftXKxtntc+fmnNLyXIN4lMmNIegJitcC8jpCp8dGf8/V+Wkrt/0ZqE5 Nk0ItpZlCkcAjQCSMqMTA6yJ8lEcD+6z1Rhd98QviNqq40AbgL51XueUsPTVdlRRaCId QIDZS4y2KN6AXF16q6wlUs2kAT/keuOUOvxW2G5rR/HdEF7L347011GI4gO8AjEUMQyn glQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=IwA9pu6C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n15-20020a17090a2bcf00b00226812679e2si1682961pje.105.2023.01.19.23.45.19; Thu, 19 Jan 2023 23:45:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=IwA9pu6C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231184AbjATHos (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230230AbjATHnw (ORCPT ); Fri, 20 Jan 2023 02:43:52 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B8FF8534C; Thu, 19 Jan 2023 23:43:50 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7FTbe019105; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=8c18rBNboK0RzdDZn2KmS5/NWvIPHXsZKyiDvxnuutI=; b=IwA9pu6CZ1aetF6b0S/VMUNDcHiFk+TB8/+Yjpe819rWW7MPX0hPiPvchJlKzA7wQtRz irjh9GhNF85GyJAh0WtV1CncKnHgbYUVwccKN6TWp7TKNDqY6itvxHY84I6mmcBrHCf+ r4TQ3cXAf//6kbwmbTJlxaP3SRWqzNvMGvh09k4bqoF7ksFE+ez9bTvIElaL7v6XoKbX hmjdh/rJY52sAtdtjcxQck5SpzNqm/PRKTn+/AxhS275438pPIWP+cx+TfNYS6pjsGAz Nh79t5fn4jsyMfwlPdKtWAl5HQobxGiMzQj9qhgp0+IndEVmcPRf9Gx9Yi0KSZLfkVD4 Tg== Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pdkrhvf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JAbaj5027150; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3n3m16njj8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hbKH38535522 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:37 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0DBEC20040; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 19FEE20043; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 51805609BE; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 21/24] powerpc/pseries: Pass PLPKS password on kexec Date: Fri, 20 Jan 2023 18:43:03 +1100 Message-Id: <20230120074306.1326298-22-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: PjT3UfYuD2T8befh4Twt5muUIJwugXSO X-Proofpoint-ORIG-GUID: PjT3UfYuD2T8befh4Twt5muUIJwugXSO X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=855 bulkscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526707404065501?= X-GMAIL-MSGID: =?utf-8?q?1755526707404065501?= From: Russell Currey Before interacting with the PLPKS, we ask the hypervisor to generate a password for the current boot, which is then required for most further PLPKS operations. If we kexec into a new kernel, the new kernel will try and fail to generate a new password, as the password has already been set. Pass the password through to the new kernel via the device tree, in /chosen/plpks-pw. Check for the presence of this property before trying to generate a new password - if it exists, use the existing password and remove it from the device tree. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch) Fix error handling on fdt_path_offset() call (ruscur) --- arch/powerpc/kexec/file_load_64.c | 18 ++++++++++++++++++ arch/powerpc/platforms/pseries/plpks.c | 18 +++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c index af8854f9eae3..0c9130af60cc 100644 --- a/arch/powerpc/kexec/file_load_64.c +++ b/arch/powerpc/kexec/file_load_64.c @@ -27,6 +27,7 @@ #include #include #include +#include struct umem_info { u64 *buf; /* data buffer for usable-memory property */ @@ -1156,6 +1157,9 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt, { struct crash_mem *umem = NULL, *rmem = NULL; int i, nr_ranges, ret; +#ifdef CONFIG_PSERIES_PLPKS + int chosen_offset; +#endif /* * Restrict memory usage for kdump kernel by setting up @@ -1230,6 +1234,20 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt, } } +#ifdef CONFIG_PSERIES_PLPKS + // If we have PLPKS active, we need to provide the password + if (plpks_is_available()) { + chosen_offset = fdt_path_offset(fdt, "/chosen"); + if (chosen_offset < 0) { + pr_err("Can't find chosen node: %s\n", + fdt_strerror(chosen_offset)); + goto out; + } + ret = fdt_setprop(fdt, chosen_offset, "ibm,plpks-pw", + plpks_get_password(), plpks_get_passwordlen()); + } +#endif // CONFIG_PSERIES_PLPKS + out: kfree(rmem); kfree(umem); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index b3c7410a4f13..0350f10e1755 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -126,7 +127,22 @@ static int plpks_gen_password(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; u8 *password, consumer = PLPKS_OS_OWNER; - int rc; + struct property *prop; + int rc, len; + + // Before we generate the password, we may have been booted by kexec and + // provided with a previous password. Check for that first. + prop = of_find_property(of_chosen, "ibm,plpks-pw", &len); + if (prop) { + ospasswordlength = (u16)len; + ospassword = kzalloc(ospasswordlength, GFP_KERNEL); + if (!ospassword) { + of_remove_property(of_chosen, prop); + return -ENOMEM; + } + memcpy(ospassword, prop->value, len); + return of_remove_property(of_chosen, prop); + } // The password must not cross a page boundary, so we align to the next power of 2 password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); From patchwork Fri Jan 20 07:43:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46198 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65796wrn; Thu, 19 Jan 2023 23:45:34 -0800 (PST) X-Google-Smtp-Source: AMrXdXv3N8o5v4P2Vbq/mVXaANyDFRuVKJ/F6jDPg98K+DsWUgJKlP7hb47X4o9ZsyQfGa8VJFsP X-Received: by 2002:a05:6a20:4f08:b0:b8:36a7:c5b0 with SMTP id gi8-20020a056a204f0800b000b836a7c5b0mr14387989pzb.13.1674200733943; Thu, 19 Jan 2023 23:45:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200733; cv=none; d=google.com; s=arc-20160816; b=K9NZoCRtuAOIEwzW1Zb0WcxWhpcvbNgYQMvFqf1pPHPt5ah2w+C2yNvI1PKo3VE63n yaJt88Pe9VtsLZ2GeA3yYFPCfqK4Pk+STNHRJQydyBQLYFhcmfkK8qSukkHJvhmu/Dpq VLNk3iyIqEq2nuYIE6I7sd8kMMtRwfulreLglSR57zRYA+2WQX7wUf51YiyZA6sejEUq 9/2mJOvhGtB1I9Do/Y8EGdXdWNEPyPuiAwE+9VQNswdyyKMwgm+0DUP6zjG9kthxCaBL OIpXvgdz8ujYPbeWyE0LBkUWBcroXwQniV9o35dtM2msP3AdqJpSvfPdfV4d1t539qnW q+Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jJOy/7tQV1m0DgeJCWs4P1bsY6Qg2QsqZSnPtFJjpUQ=; b=No0b4e1TKUUGiWYFymemQQnTB7bY3FWYMP6P5KUA23Fk4BP2r1qyRc/zcGCIYsRQT0 GS/39O6eQoHjy7/ryFXh/QEzvPOv/MUNMmki0wF8BQxltwL1GrVUYpMG3ajCRnzZgLro M+S6BjLt8rEO0iytVdo1vFdD0TFibIZzLDmK0zCX+F+lnllYgEJvEqIIeUtOJns6Ue2u wOAEEsKg12I2dI5j00y6/z4cbYk9s0rm1F1uuy2kDfvg89bSKrHi2aoc5DS9Dz8BkzTb ZbAxvvRcob6JM6wVV6we2bYJfjLjF/3pjGR61W4OrxzG/SWWv1u/3/SduDcy23AGYBjp 129w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=eKLA5XjS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 195-20020a6305cc000000b004d32dbf4df9si1771673pgf.612.2023.01.19.23.45.21; Thu, 19 Jan 2023 23:45:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=eKLA5XjS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230398AbjATHou (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230239AbjATHnw (ORCPT ); Fri, 20 Jan 2023 02:43:52 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EFB4F82D60; Thu, 19 Jan 2023 23:43:49 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7cWfF012420; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=jJOy/7tQV1m0DgeJCWs4P1bsY6Qg2QsqZSnPtFJjpUQ=; b=eKLA5XjSyVdHEFGe7DIfoFF3LEA+L6rX1wq2VeLx9Tp6KUuqF+3KEOy0fru7/ageS4NJ V77pgvaonBh+vj8210fXaF9ug/TLcrEKyCL65fk7UsDGY7yukH/5cdgKsWqMkL/hfepZ gOJrsPPztfXxTRd+UoT/ojBStvZ0US5XCvhIgtQ+szEsUZVujqx7gD+3cyoNJTVJCUdQ DWghJ1kjp6+xMNwoz7MiYqDDl4UvMw1K1Ft2sT97u4hJxNwRQhMvnB2h78Z4UvzD88iD kPkAdeftJzZtMaTyYWUU95w2EisGa5LHFiJsDgvOGSwLcQClW6HIM269jT8Yu3LcIUeq /g== Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7kvx3gvw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JHxPWK011883; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dk63-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hbnQ51577218 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:37 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0E3992004D; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1ABE52004B; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 57A10609C1; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 22/24] powerpc/pseries: Implement secvars for dynamic secure boot Date: Fri, 20 Jan 2023 18:43:04 +1100 Message-Id: <20230120074306.1326298-23-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: -OmzusCpEP4oqTsifwKKHPx1X1tNI0EP X-Proofpoint-GUID: -OmzusCpEP4oqTsifwKKHPx1X1tNI0EP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 adultscore=0 mlxscore=0 suspectscore=0 priorityscore=1501 malwarescore=0 clxscore=1015 phishscore=0 spamscore=0 mlxlogscore=999 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526708948906959?= X-GMAIL-MSGID: =?utf-8?q?1755526708948906959?= From: Russell Currey The pseries platform can support dynamic secure boot (i.e. secure boot using user-defined keys) using variables contained with the PowerVM LPAR Platform KeyStore (PLPKS). Using the powerpc secvar API, expose the relevant variables for pseries dynamic secure boot through the existing secvar filesystem layout. The relevant variables for dynamic secure boot are signed in the keystore, and can only be modified using the H_PKS_SIGNED_UPDATE hcall. Object labels in the keystore are encoded using ucs2 format. With our fixed variable names we don't have to care about encoding outside of the necessary byte padding. When a user writes to a variable, the first 8 bytes of data must contain the signed update flags as defined by the hypervisor. When a user reads a variable, the first 4 bytes of data contain the policies defined for the object. Limitations exist due to the underlying implementation of sysfs binary attributes, as is the case for the OPAL secvar implementation - partial writes are unsupported and writes cannot be larger than PAGE_SIZE. (Even when using bin_attributes, which can be larger than a single page, sysfs only gives us one page's worth of write buffer at a time, and the hypervisor does not expose an interface for partial writes.) Co-developed-by: Nayna Jain Signed-off-by: Nayna Jain Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v2: Remove unnecessary config vars from sysfs and document the others, thanks to review from Greg. If we end up needing to expose more, we can add them later and update the docs. Use sysfs_emit() instead of sprintf(), thanks to Greg. Change the size of the sysfs binary attributes to include the 8-byte flags header, preventing truncation of large writes. v3: plpks_set_variable(): pass var to plpks_signed_update_var() as a pointer (mpe) Update copyright date (ajd) Consistent comment style (ajd) Change device_initcall() to machine_arch_initcall(pseries...) so we don't try to load on powernv and kill the machine (mpe) Add config attributes into plpks_secvar_ops (mpe) Get rid of PLPKS_SECVAR_COUNT macro (mpe) Reworded descriptions in ABI documentation (mpe) Switch to using secvar_ops->var_names rather than secvar_ops->get_next() (ajd/mpe) Optimise allocation/copying of buffers (mpe) Elaborate the comment documenting the "format" string (mpe) Return -EIO on errors in the read case (mpe) Add "grubdbx" variable (Sudhakar Kuppusamy) Use utf8s_to_utf16s() rather than our own "UCS-2" conversion code (mpe) Change uint64_t to u64 (mpe) Fix SB_VERSION data length (ruscur) Stop prepending policy data on read (ruscur) Enforce max format length on format string (not strictly needed, but makes the length limit clear) (ajd) Update include of plpks.h to reflect new path (ruscur) Consistent constant naming scheme (ruscur) v4: Return set_secvar_ops() return code Pass buffer size to plpks_secvar_format() (stefanb, npiggin) Add missing null check (stefanb) Add comment to commit message explaining PAGE_SIZE write limit (joel) --- Documentation/ABI/testing/sysfs-secvar | 75 +++++- arch/powerpc/platforms/pseries/Makefile | 4 +- arch/powerpc/platforms/pseries/plpks-secvar.c | 215 ++++++++++++++++++ 3 files changed, 291 insertions(+), 3 deletions(-) create mode 100644 arch/powerpc/platforms/pseries/plpks-secvar.c diff --git a/Documentation/ABI/testing/sysfs-secvar b/Documentation/ABI/testing/sysfs-secvar index feebb8c57294..a19f4d5fcec6 100644 --- a/Documentation/ABI/testing/sysfs-secvar +++ b/Documentation/ABI/testing/sysfs-secvar @@ -18,6 +18,14 @@ Description: A string indicating which backend is in use by the firmware. This determines the format of the variable and the accepted format of variable updates. + On powernv/OPAL, this value is provided by the OPAL firmware + and is expected to be "ibm,edk2-compat-v1". + + On pseries/PLPKS, this is generated by the kernel based on the + version number in the SB_VERSION variable in the keystore, and + has the form "ibm,plpks-sb-v", or + "ibm,plpks-sb-unknown" if there is no SB_VERSION variable. + What: /sys/firmware/secvar/vars/ Date: August 2019 Contact: Nayna Jain @@ -34,7 +42,7 @@ Description: An integer representation of the size of the content of the What: /sys/firmware/secvar/vars//data Date: August 2019 -Contact: Nayna Jain h +Contact: Nayna Jain Description: A read-only file containing the value of the variable. The size of the file represents the maximum size of the variable data. @@ -44,3 +52,68 @@ Contact: Nayna Jain Description: A write-only file that is used to submit the new value for the variable. The size of the file represents the maximum size of the variable data that can be written. + +What: /sys/firmware/secvar/config +Date: December 2022 +Contact: Nayna Jain +Description: This optional directory contains read-only config attributes as + defined by the secure variable implementation. All data is in + ASCII format. The directory is only created if the backing + implementation provides variables to populate it, which at + present is only PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/version +Date: December 2022 +Contact: Nayna Jain +Description: Config version as reported by the hypervisor in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/max_object_size +Date: December 2022 +Contact: Nayna Jain +Description: Maximum allowed size of objects in the keystore in bytes, + represented in ASCII decimal format. + + This is not necessarily the same as the max size that can be + written to an update file as writes can contain more than + object data, you should use the size of the update file for + that purpose. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/total_size +Date: December 2022 +Contact: Nayna Jain +Description: Total size of the PLPKS in bytes, represented in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/used_space +Date: December 2022 +Contact: Nayna Jain +Description: Current space consumed by the key store, in bytes, represented + in ASCII decimal format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/supported_policies +Date: December 2022 +Contact: Nayna Jain +Description: Bitmask of supported policy flags by the hypervisor, + represented as an 8 byte hexadecimal ASCII string. Consult the + hypervisor documentation for what these flags are. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/signed_update_algorithms +Date: December 2022 +Contact: Nayna Jain +Description: Bitmask of flags indicating which algorithms the hypervisor + supports for signed update of objects, represented as a 16 byte + hexadecimal ASCII string. Consult the hypervisor documentation + for what these flags mean. + + Currently only provided by PLPKS on the pseries platform. diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 92310202bdd7..d52b7ec1a678 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -27,8 +27,8 @@ obj-$(CONFIG_PAPR_SCM) += papr_scm.o obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o -obj-$(CONFIG_PSERIES_PLPKS) += plpks.o - +obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PPC_SECVAR_SYSFS) += plpks-secvar.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c b/arch/powerpc/platforms/pseries/plpks-secvar.c new file mode 100644 index 000000000000..a80d9f9469f9 --- /dev/null +++ b/arch/powerpc/platforms/pseries/plpks-secvar.c @@ -0,0 +1,215 @@ +// SPDX-License-Identifier: GPL-2.0-only + +// Secure variable implementation using the PowerVM LPAR Platform KeyStore (PLPKS) +// +// Copyright 2022, 2023 IBM Corporation +// Authors: Russell Currey +// Andrew Donnellan +// Nayna Jain + +#define pr_fmt(fmt) "secvar: "fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// Config attributes for sysfs +#define PLPKS_CONFIG_ATTR(name, fmt, func) \ + static ssize_t name##_show(struct kobject *kobj, \ + struct kobj_attribute *attr, \ + char *buf) \ + { \ + return sysfs_emit(buf, fmt, func()); \ + } \ + static struct kobj_attribute attr_##name = __ATTR_RO(name) + +PLPKS_CONFIG_ATTR(version, "%u\n", plpks_get_version); +PLPKS_CONFIG_ATTR(max_object_size, "%u\n", plpks_get_maxobjectsize); +PLPKS_CONFIG_ATTR(total_size, "%u\n", plpks_get_totalsize); +PLPKS_CONFIG_ATTR(used_space, "%u\n", plpks_get_usedspace); +PLPKS_CONFIG_ATTR(supported_policies, "%08x\n", plpks_get_supportedpolicies); +PLPKS_CONFIG_ATTR(signed_update_algorithms, "%016llx\n", plpks_get_signedupdatealgorithms); + +static const struct attribute *config_attrs[] = { + &attr_version.attr, + &attr_max_object_size.attr, + &attr_total_size.attr, + &attr_used_space.attr, + &attr_supported_policies.attr, + &attr_signed_update_algorithms.attr, + NULL, +}; + +static u32 get_policy(const char *name) +{ + if ((strcmp(name, "db") == 0) || + (strcmp(name, "dbx") == 0) || + (strcmp(name, "grubdb") == 0) || + (strcmp(name, "grubdbx") == 0) || + (strcmp(name, "sbat") == 0)) + return (PLPKS_WORLDREADABLE | PLPKS_SIGNEDUPDATE); + else + return PLPKS_SIGNEDUPDATE; +} + +static const char * const plpks_var_names[] = { + "PK", + "KEK", + "db", + "dbx", + "grubdb", + "grubdbx", + "sbat", + "moduledb", + "trustedcadb", + NULL, +}; + +static int plpks_get_variable(const char *key, u64 key_len, u8 *data, + u64 *data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + var.os = PLPKS_VAR_LINUX; + if (data) { + var.data = data; + var.datalen = *data_size; + } + rc = plpks_read_os_var(&var); + + if (rc) + goto err; + + *data_size = var.datalen; + +err: + kfree(var.name); + if (rc && rc != -ENOENT) { + pr_err("Failed to read variable '%s': %d\n", key, rc); + // Return -EIO since userspace probably doesn't care about the + // specific error + rc = -EIO; + } + return rc; +} + +static int plpks_set_variable(const char *key, u64 key_len, u8 *data, + u64 data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + u64 flags; + + // Secure variables need to be prefixed with 8 bytes of flags. + // We only want to perform the write if we have at least one byte of data. + if (data_size <= sizeof(flags)) + return -EINVAL; + + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + memcpy(&flags, data, sizeof(flags)); + + var.datalen = data_size - sizeof(flags); + var.data = data + sizeof(flags); + var.os = PLPKS_VAR_LINUX; + var.policy = get_policy(key); + + // Unlike in the read case, the plpks error code can be useful to + // userspace on write, so we return it rather than just -EIO + rc = plpks_signed_update_var(&var, flags); + +err: + kfree(var.name); + return rc; +} + +// PLPKS dynamic secure boot doesn't give us a format string in the same way OPAL does. +// Instead, report the format using the SB_VERSION variable in the keystore. +static ssize_t plpks_secvar_format(char *buf, size_t bufsize) +{ + struct plpks_var var = {0}; + ssize_t ret; + + var.component = NULL; + // Only the signed variables have null bytes in their names, this one doesn't + var.name = "SB_VERSION"; + var.namelen = 10; + var.datalen = 1; + var.data = kzalloc(1, GFP_KERNEL); + if (!var.data) + return -ENOMEM; + + // Unlike the other vars, SB_VERSION is owned by firmware instead of the OS + ret = plpks_read_fw_var(&var); + if (ret) { + if (ret == -ENOENT) { + ret = snprintf(buf, bufsize, "ibm,plpks-sb-unknown"); + } else { + pr_err("Error %ld reading SB_VERSION from firmware\n", ret); + ret = -EIO; + } + goto err; + } + + // This string is made up by us - the hypervisor doesn't provide us + // with a format string in the way that OPAL firmware does. Hypervisor + // defines SB_VERSION as a "1 byte unsigned integer value". + ret = snprintf(buf, bufsize, "ibm,plpks-sb-v%hhu", var.data[0]); + +err: + kfree(var.data); + return ret; +} + +static int plpks_max_size(u64 *max_size) +{ + // The max object size reported by the hypervisor is accurate for the + // object itself, but we use the first 8 bytes of data on write as the + // signed update flags, so the max size a user can write is larger. + *max_size = (u64)plpks_get_maxobjectsize() + 8; + + return 0; +} + + +static const struct secvar_operations plpks_secvar_ops = { + .get = plpks_get_variable, + .set = plpks_set_variable, + .format = plpks_secvar_format, + .max_size = plpks_max_size, + .config_attrs = config_attrs, + .var_names = plpks_var_names, +}; + +static int plpks_secvar_init(void) +{ + if (!plpks_is_available()) + return -ENODEV; + + return set_secvar_ops(&plpks_secvar_ops); +} +machine_device_initcall(pseries, plpks_secvar_init); From patchwork Fri Jan 20 07:43:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46200 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65947wrn; Thu, 19 Jan 2023 23:46:06 -0800 (PST) X-Google-Smtp-Source: AMrXdXv8QxkkaVjf70rLNdDHo3fkpUsLe0IuSzVSmg838oH6FFn2S/iO94sTkmQ2KhlmPjqwjEjY X-Received: by 2002:aa7:874c:0:b0:58d:a1e9:36d with SMTP id g12-20020aa7874c000000b0058da1e9036dmr14368382pfo.31.1674200766016; Thu, 19 Jan 2023 23:46:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200765; cv=none; d=google.com; s=arc-20160816; b=ZvfDBZ4Fh/U8T3xaxPAedLpLRvfUZFbff/ChDv+0jvc6uf9kRIenwgvBn7d9a+WW+b jPno6UkPIKSLKABIy34FxeFybK7fA83Hnjdm0DUkJ/MD8KOCCuCPu0d94HkSTmsRCXvJ 5UgyH923THzOhfE9it+2Tq1dwBsOqXoMkSrAJo3i9fEzJ70Z6kNhX/gMvmc8CCs2KIj5 OOr47nqydQV1x1fChGGNLzwHB8d1PvGKGYRsZD4GUDGWWEk7OP2sKnkEaXpPOB0u+/mB WxMzPiDZJoymHmj3nl0tFKKK7xWKn0YCLD2Gm3cWZ4sUphkuFLDeboXO2FqeP/Q0/DpG quhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zTIV6PRVUVjhP5LqIHw2BlDGgUnAlkowALzDmGJNn38=; b=C18rv6clBQYLAc5Fh/pTDX447nRS5Vys3Ob+5N2zRfFryHYpwS+RiS8q+th7TFHLAl SJ5xShY3xmtqRyFWI5eTyC76zj6TlNvBFNTnmUagdI2R8/7rEZxG4AbrSvD6FlJRkpV/ /dfrVzBdGC3QHTPW9gxSmPcba/zuiqKRW6ASfcho45qIf/89Cj/eZp4+gvp7aOvLuknp o6ItVwu993g6kS2DoxNC5RX1eGodx3/NSLGDwoeaHHbs22v9iT9rOy8Urh/PEvtLdkj1 K9mSjXObmk1ChdQos2YV0PQXPJDytP9znZXvApdx66E8bbOeg+gaor+ZH2weu08CI/8i ebmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Tp4E4kQV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t24-20020a62d158000000b0058baf82d78fsi23971846pfl.74.2023.01.19.23.45.53; Thu, 19 Jan 2023 23:46:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Tp4E4kQV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231221AbjATHo6 (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230300AbjATHoC (ORCPT ); Fri, 20 Jan 2023 02:44:02 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9935B8534A; Thu, 19 Jan 2023 23:43:53 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7Vhh6002607; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=zTIV6PRVUVjhP5LqIHw2BlDGgUnAlkowALzDmGJNn38=; b=Tp4E4kQVfeBFEhoaXq4TFX1JjbZOpEGiyXOdQRy9gs+wLVPFE9/4YPd40OXLJDyClIVU st/Pi9xuOlNyLBiQ/Znu4aMf7CnU2SAfK8YztwzN0/pMKoyxF8GAlKISQNf3F0PEF+AD x/jAG8IgZFxqtHE2rWUYnEs/d+8izP98GyGw06RRGXiF4pTH3RkQkxMtredT0ezymqVb ElpMDd2THqSGoALx96yx/XmT3jdDytaEYLQ0Iub+cTZ+36wo6zMney7GFLx9oC2od9Lz H6vR7/qUjJqZAFKyMRAVRCRWwh4UOGbcYrkoJC7rb5mSd7XKUoikO5FMpLzsz3fq1BRe 6Q== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pn5074w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JI6nne017303; Fri, 20 Jan 2023 07:43:40 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dkh0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:40 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7hbEn51577222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:37 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8B55420043; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F30920040; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:37 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 5EC47609BD; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 23/24] integrity/powerpc: Improve error handling & reporting when loading certs Date: Fri, 20 Jan 2023 18:43:05 +1100 Message-Id: <20230120074306.1326298-24-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: bRAPPKGDQav7vgoJpIt36L050mtPuogk X-Proofpoint-GUID: bRAPPKGDQav7vgoJpIt36L050mtPuogk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 mlxlogscore=999 clxscore=1015 spamscore=0 adultscore=0 phishscore=0 malwarescore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526742596963600?= X-GMAIL-MSGID: =?utf-8?q?1755526742596963600?= From: Russell Currey A few improvements to load_powerpc.c: - include integrity.h for the pr_fmt() - move all error reporting out of get_cert_list() - use ERR_PTR() to better preserve error detail - don't use pr_err() for missing keys Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Mimi Zohar --- v3: New patch --- .../integrity/platform_certs/load_powerpc.c | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index 1e4f80a4e71c..dee51606d5f4 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -14,9 +14,15 @@ #include #include #include "keyring_handler.h" +#include "../integrity.h" /* * Get a certificate list blob from the named secure variable. + * + * Returns: + * - a pointer to a kmalloc'd buffer containing the cert list on success + * - NULL if the key does not exist + * - an ERR_PTR on error */ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { @@ -25,19 +31,19 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) rc = secvar_ops->get(key, keylen, NULL, size); if (rc) { - pr_err("Couldn't get size: %d\n", rc); - return NULL; + if (rc == -ENOENT) + return NULL; + return ERR_PTR(rc); } db = kmalloc(*size, GFP_KERNEL); if (!db) - return NULL; + return ERR_PTR(-ENOMEM); rc = secvar_ops->get(key, keylen, db, size); if (rc) { kfree(db); - pr_err("Error reading %s var: %d\n", key, rc); - return NULL; + return ERR_PTR(rc); } return db; @@ -69,7 +75,11 @@ static int __init load_powerpc_certs(void) */ db = get_cert_list("db", 3, &dbsize); if (!db) { - pr_err("Couldn't get db list from firmware\n"); + pr_info("Couldn't get db list from firmware\n"); + } else if (IS_ERR(db)) { + rc = PTR_ERR(db); + pr_err("Error reading db from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:db", db, dbsize, get_handler_for_db); @@ -81,6 +91,10 @@ static int __init load_powerpc_certs(void) dbx = get_cert_list("dbx", 4, &dbxsize); if (!dbx) { pr_info("Couldn't get dbx list from firmware\n"); + } else if (IS_ERR(dbx)) { + rc = PTR_ERR(dbx); + pr_err("Error reading dbx from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:dbx", dbx, dbxsize, get_handler_for_dbx); From patchwork Fri Jan 20 07:43:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 46194 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp65673wrn; Thu, 19 Jan 2023 23:45:12 -0800 (PST) X-Google-Smtp-Source: AMrXdXvRJ5f/VWkJZlV3Vux/tKhjJtv+fhpuy5ScCp/SlVgEF/EEjBdUv+KFa92HXaSeyRS8kBV2 X-Received: by 2002:a17:90a:c298:b0:229:b5e:2e03 with SMTP id f24-20020a17090ac29800b002290b5e2e03mr13503220pjt.32.1674200711958; Thu, 19 Jan 2023 23:45:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674200711; cv=none; d=google.com; s=arc-20160816; b=iNkxsrZcwuS0qqVt62SZp1niNAv5nlQzjlCGe8LaG96IpFc42mlRwsknKzh80DaqEB +DtV3DzhcSymmCcaynSuXFSqBByZ0rvE+komrOV4pEMhs3SkBzkkCqO+CnDN1bbKuO0U 7GL0p7zGk5Lw/yvwmW8/frTndCYGwtrpJKp8pgF96uZ6HvrUbGn2I8LwI/9v9LsXp4XF NzF9j2kF60FWMEEQhCcFCAva3j2N7IULEKqOCVHa9N1j0oW9iYgKWK9NTuZTM0dBWQ+3 iVKygEZglZmbsrlxyfWztgCMDFlMMDyWYg4/dNdegbH2XsUGj0rDap+f+O2szi0j0uy/ 8nYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DkjetBvNyupAHj8KhGylZIP4X9T8JCN3PLJ/4RRN4zc=; b=FyaFhqwolVyzVySsLtoGXZaNBFDWSmdaiRMaZZ288A3DwF8f2ZAIumr2u3RAJgK7pp WWvnXShx0D7sFjDl0nexH6WXw2TlBTYQhGN+dQ+KsRPXAtrI/gV+vJ21L8AXHCEosXuU zOiG+m6Pcb8miwnUSPzZPes3IfN9FKgVBU1ipdnpWA+QCJJnLBFBHuny1hX/dKeRfsNu 1Zy1wEpbNB7bpd1AgyYXuKtbqvs73S1uWmRtroTRUdkiSC9HdBJdnwk2A5vE7yPHY9v5 5ykX3VA7cFCN5XSRDIq4lEU0vaVYA0iOVzvJTwTBsH+MrmHKLXe7KCV1glbzLNP3/F/e A9ZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QKTuzhB3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 140-20020a630092000000b004ad157c46bbsi41769029pga.649.2023.01.19.23.44.58; Thu, 19 Jan 2023 23:45:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QKTuzhB3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230522AbjATHoi (ORCPT + 99 others); Fri, 20 Jan 2023 02:44:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230219AbjATHnv (ORCPT ); Fri, 20 Jan 2023 02:43:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DB997DFAA; Thu, 19 Jan 2023 23:43:49 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30K7JfAb027594; Fri, 20 Jan 2023 07:43:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=DkjetBvNyupAHj8KhGylZIP4X9T8JCN3PLJ/4RRN4zc=; b=QKTuzhB3tbIEqykyYDxEhB+WKJyo4pe3wNzAql1+/BIQ3eh/ETnFLc0sCrSg2kSGefe7 i1QZ8zvqpFZjH+m59d2BoUsnubCC5RlI43+AF34jLWN6fDyV/JQ9XqLdyfpOJ5pAOR19 /kMktxPpSQd8Ku5rcgYe5torIGdoaziBA4d0BwyhlSIJebCKj/drov0jy2ly3ju5H1nv 85Z7LflXYWgAftRFE46FfncRnAf5Vkm0c0Zw67o0NsLRTizSYxoicXVEV1SHesTc+vSK d9GRyrplcRbjrFaRT3E7gtjtDPpJoD0vfIsnjMg4Omjslb8MKxBo26S+A2kv4kZDE/hb DQ== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3n7pfj8ck8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:41 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30JLDIIN025743; Fri, 20 Jan 2023 07:43:39 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3n3m16dkgy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Jan 2023 07:43:39 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30K7haXP23855480 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Jan 2023 07:43:36 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 988E520043; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1D9A220040; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 20 Jan 2023 07:43:36 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 6F235609C3; Fri, 20 Jan 2023 18:43:30 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: gregkh@linuxfoundation.org, gcwilson@linux.ibm.com, linux-kernel@vger.kernel.org, nayna@linux.ibm.com, ruscur@russell.cc, zohar@linux.ibm.com, mpe@ellerman.id.au, gjoyce@linux.ibm.com, sudhakar@linux.ibm.com, bgray@linux.ibm.com, erichte@linux.ibm.com, joel@jms.id.au Subject: [PATCH v4 24/24] integrity/powerpc: Support loading keys from pseries secvar Date: Fri, 20 Jan 2023 18:43:06 +1100 Message-Id: <20230120074306.1326298-25-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120074306.1326298-1-ajd@linux.ibm.com> References: <20230120074306.1326298-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Qm1zgF_EukHmA95Zx8ly3KCZV9BOTRcV X-Proofpoint-GUID: Qm1zgF_EukHmA95Zx8ly3KCZV9BOTRcV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-20_04,2023-01-19_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 impostorscore=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 malwarescore=0 spamscore=0 adultscore=0 bulkscore=0 suspectscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301200070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755526685823860129?= X-GMAIL-MSGID: =?utf-8?q?1755526685823860129?= From: Russell Currey The secvar object format is only in the device tree under powernv. We now have an API call to retrieve it in a generic way, so we should use that instead of having to handle the DT here. Add support for pseries secvar, with the "ibm,plpks-sb-v1" format. The object format is expected to be the same, so there shouldn't be any functional differences between objects retrieved from powernv and pseries. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch v4: Pass format buffer size (stefanb, npiggin) --- .../integrity/platform_certs/load_powerpc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index dee51606d5f4..d4ce91bf3fec 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include "keyring_handler.h" @@ -59,16 +58,22 @@ static int __init load_powerpc_certs(void) void *db = NULL, *dbx = NULL; u64 dbsize = 0, dbxsize = 0; int rc = 0; - struct device_node *node; + ssize_t len; + char buf[32]; if (!secvar_ops) return -ENODEV; - /* The following only applies for the edk2-compat backend. */ - node = of_find_compatible_node(NULL, NULL, "ibm,edk2-compat-v1"); - if (!node) + len = secvar_ops->format(buf, 32); + if (len <= 0) return -ENODEV; + // Check for known secure boot implementations from OPAL or PLPKS + if (strcmp("ibm,edk2-compat-v1", buf) && strcmp("ibm,plpks-sb-v1", buf)) { + pr_err("Unsupported secvar implementation \"%s\", not loading certs\n", buf); + return -ENODEV; + } + /* * Get db, and dbx. They might not exist, so it isn't an error if we * can't get them. @@ -103,8 +108,6 @@ static int __init load_powerpc_certs(void) kfree(dbx); } - of_node_put(node); - return rc; } late_initcall(load_powerpc_certs);