From patchwork Tue Jan 31 06:39:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50641 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593187wrn; Mon, 30 Jan 2023 22:42:11 -0800 (PST) X-Google-Smtp-Source: AK7set90PK2hqWzrGXVAaOUsuIIOupZqV6N9zmy/hrdCSBQWhkXQeEUkvJ+WopRRSY0yxjC7myc+ X-Received: by 2002:a17:902:f392:b0:196:6ff8:69b8 with SMTP id f18-20020a170902f39200b001966ff869b8mr7625164ple.27.1675147331134; Mon, 30 Jan 2023 22:42:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147331; cv=none; d=google.com; s=arc-20160816; b=fIYXHZ6PuQC2H4ERIQD1Y4e6yu9kb2nQyxjWx+iXOy3/Bx6oJwhkpO69d3ABvF6Vnn O807J9SfNL8hWBw9hWtVB2vcFhxfA7QrYCOZotJ0DGfOWOQO6BTa0oHx1e54T17EvKT4 H34vgDwyQ/s9nK2G/XUqTjCB0xsoUwCKxuCchhgdPRbkFTGr0VZgC0jJLGVtIR3Yt6Q+ Bv/IWfsQKRk7gzuGBA2iIlySzYlvvL/iCdw9lW+rYQ19TDg9TXrBzsx/IOIpIlbhSlhP xe1Vkqr2BYmcVMTaP+5DZdMK2xrxFkoWSfwwCCY5mtRqyhecK7IL68/uX4EFpRoqPW8F 0PBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7zg1tUagYbEpIMwYaXEmmouyBNZUUmpuXixmXYcdebM=; b=RmOnPTWnLIGk0DYGAdq2F04yz/Hh13ksm/Yk8Pc9AkQi7VXNp5+hyTUnVZtnl0iKjA lI1fUIRv4PTCTQDrhYht4GT1GOBI+Hsd8XnWbMlybCAq5RqrQP3WGmjEEjwAoQUtOniP mPWqbYzvExRBcMzKxgNCxuHl40m67uxBa0prN1A4Ery3oxWspgxTuUETP7IOnB0LKi/o E5iBex25/t1DBhm2mtQ9LetJImJ4VCDM1ralrf17jyb7xbBsiYCQRyCurso7QJLRBr6g f1Rbw7dXcpIw0dY43Qiu6K6bilQWNw5s56FXOxyxXqaLOI1rpYXWba6rT7yks7LSbA+E FhbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Hj/m3V/e"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u5-20020a17090282c500b001949d488c0asi14709916plz.508.2023.01.30.22.41.58; Mon, 30 Jan 2023 22:42:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Hj/m3V/e"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230432AbjAaGkf (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230166AbjAaGkY (ORCPT ); Tue, 31 Jan 2023 01:40:24 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7653F3D08E; Mon, 30 Jan 2023 22:40:22 -0800 (PST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V61vmT020628; Tue, 31 Jan 2023 06:40:13 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=7zg1tUagYbEpIMwYaXEmmouyBNZUUmpuXixmXYcdebM=; b=Hj/m3V/eDiNJ6GAoheF0uw1PKkW2pZUcMaNufLFk2BXfQyTswe9Ft3rNR4h7cw7w3Tew D3NHohzCeMsfkIGXayvZuw5qX3vwj74ywfi2SpPxH0hfDoWyHbXTnj9H0iq5NJhQ3Kva 8f0r43HC9FwjD7mtapWF3XMa1nTqLaUpFNHEGmIcYr0lKpuYQ6e86a0JTzW/09TgXhMC WSq6pk3QbJY/IpyVZfcHouumEbps0pfjqOWb56CkzNFhY94JGBfD51AjVOcUEw8JOEc3 CIGc+NPJfRb+ZOmelJBgIfTSc5LZttZPXJeehSDBe2hsjwMz3eAw4mWEJaotLSqGysy3 bw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rr8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6LWAC024564; Tue, 31 Jan 2023 06:40:12 GMT Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rq6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30ULAuql009758; Tue, 31 Jan 2023 06:40:10 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3ncvt7j7gj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:10 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e6ZO21168558 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:07 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7906C20043; Tue, 31 Jan 2023 06:40:06 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ED13720040; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id CD50960637; Tue, 31 Jan 2023 17:40:03 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 01/25] powerpc/pseries: Fix handling of PLPKS object flushing timeout Date: Tue, 31 Jan 2023 17:39:04 +1100 Message-Id: <20230131063928.388035-2-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: S2wY0vyD_i2FSYgExCoAfbgNmFCWVKLS X-Proofpoint-GUID: jr7wMDhLwNuLCtfdDOuV9dTx4h3gCUCk X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 clxscore=1015 suspectscore=0 bulkscore=0 impostorscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519288076590315?= X-GMAIL-MSGID: =?utf-8?q?1756519288076590315?= plpks_confirm_object_flushed() uses the H_PKS_CONFIRM_OBJECT_FLUSHED hcall to check whether changes to an object in the Platform KeyStore have been flushed to non-volatile storage. The hcall returns two output values, the return code and the flush status. plpks_confirm_object_flushed() polls the hcall until either the flush status has updated, the return code is an error, or a timeout has been exceeded. While we're still polling, the hcall is returning H_SUCCESS (0) as the return code. In the timeout case, this means that upon exiting the polling loop, rc is 0, and therefore 0 is returned to the user. Handle the timeout case separately and return ETIMEDOUT if triggered. Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Reported-by: Benjamin Gray Signed-off-by: Andrew Donnellan Tested-by: Russell Currey Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Neaten how we return at the end of the function (ruscur) v4: Move up in series (npiggin) --- arch/powerpc/platforms/pseries/plpks.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 4edd1585e245..9e85b6d85b0b 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -248,6 +248,7 @@ static int plpks_confirm_object_flushed(struct label *label, struct plpks_auth *auth) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; + bool timed_out = true; u64 timeout = 0; u8 status; int rc; @@ -259,22 +260,26 @@ static int plpks_confirm_object_flushed(struct label *label, status = retbuf[0]; if (rc) { + timed_out = false; if (rc == H_NOT_FOUND && status == 1) rc = 0; break; } - if (!rc && status == 1) + if (!rc && status == 1) { + timed_out = false; break; + } usleep_range(PKS_FLUSH_SLEEP, PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); timeout = timeout + PKS_FLUSH_SLEEP; } while (timeout < PKS_FLUSH_MAX_TIMEOUT); - rc = pseries_status_to_err(rc); + if (timed_out) + return -ETIMEDOUT; - return rc; + return pseries_status_to_err(rc); } int plpks_write_var(struct plpks_var var) From patchwork Tue Jan 31 06:39:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50630 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2592966wrn; Mon, 30 Jan 2023 22:41:32 -0800 (PST) X-Google-Smtp-Source: AK7set/N0c5hTzWjKzvhsCZqYwNVfLE3QiINxHPwk8P6CtozRQiud108p52XdOhnwHGQcurN/yjR X-Received: by 2002:a17:90a:154a:b0:22c:90bd:18a4 with SMTP id y10-20020a17090a154a00b0022c90bd18a4mr8449220pja.22.1675147292550; Mon, 30 Jan 2023 22:41:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147292; cv=none; d=google.com; s=arc-20160816; b=U2wnMHAnUN7WJBRF+NZBiJOe88cRjbYBW+4abKGD8Z2NUBhcWS3RIFYtKmUmlo1f2r MjySbnli7SQBTbhg5fvZGetwu6wMuYuaSb7Ptj12wDDGmr8JViAIYTcbacvDSmZZXqLo 3HX5LsngSflpEL82erKaAqf6+5iTYqL3lv3p4IAlDzd9CxEjGNJvyhQoOuVIOSJWLRiU V+VcTtnKpg7ZTNo5/XEmLiLHiaIWKIXXgBjKNMPtFy2yd9Ipa7BPS3JD15BVWIh6KMBI FSuZ2/O6vFZwiKBN7iLBRXCugT6cfc+PMH1UH2QR2GTFieMKqoOZVp8oJG+iGg9D0EgR 78rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=gCNzsJQMUlM3vuWRxJHuCro4Pi5S2nUUaN3zdk+N8n8=; b=hb6ypBz5Kd5LOOQOXUXthfXARPkRimQgXBVXDAcKMb/gUM+K6ln1f5ndtJ8VMvvLGT XNxxRIdQCY0a4c9ZNMJhE99jb195E58XHb0mzJI92N8Lhu6JPlIeYrwuYziYtJXDBq27 bsIxeuL0WLWPkN7q1qKcKHcGcCjrm3gzgI72IvqRnhVc1poSpHEFlrIdvxLDO5+sx4Yi F7adT/Q/QiycIH+oi7qmCmy/OMEl4ZlUwAuCdCAAXO4E7c6KhHY5C9W09P5uUSDh2sFE edtbnmcB5eo4eEKhqCZfsOiNJ1XIOXcxugsdVWOVy23PVkDTYuuo6UR5NyoquYSa9tOI QxIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ABKdlewA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lb4-20020a17090b4a4400b0022ca174ebc9si6649745pjb.102.2023.01.30.22.41.18; Mon, 30 Jan 2023 22:41:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ABKdlewA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230334AbjAaGkk (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230168AbjAaGkY (ORCPT ); Tue, 31 Jan 2023 01:40:24 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93D623D091; Mon, 30 Jan 2023 22:40:22 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6IWSt004085; Tue, 31 Jan 2023 06:40:12 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=gCNzsJQMUlM3vuWRxJHuCro4Pi5S2nUUaN3zdk+N8n8=; b=ABKdlewAaX96moNhAKpcmuJi8+yAqSDpOUd6SoNuRFyWRrqRnqDTbtjKMClby4EN9VDm pv8ztc1mc757O4ozie5MRFLdjnemS113RL9NPeOIzuk0XFrJ8f6KoWgz/lqKZyPyZits +BH63ECwTHYTyP0nOkH8xUHBY8lcN09rF+UY+7VlROdpDuGdqlLIKr2ECT3yeK+gXpJH lKu+zx/4pImFRMcN7dH7tpTYMM36wSgQg9PAfMCnwL7wOsU0zrGJ9YEOvJyIiMljs4KY h+Cp7UMPkRxDzvTSHcWojunN9Y1Q4nxh2IXzUHtV0oxpSy0XbpYkV+/akLg0eNUlcpuC Zg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3newkwgeww-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6LtFF015430; Tue, 31 Jan 2023 06:40:11 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3newkwgev9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UJvJr2026867; Tue, 31 Jan 2023 06:40:08 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3ncvs7k430-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:08 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e67f44761454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:06 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 776B32004E; Tue, 31 Jan 2023 06:40:06 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EC7842004B; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id E861D60112; Tue, 31 Jan 2023 17:40:03 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 02/25] powerpc/pseries: Fix alignment of PLPKS structures and buffers Date: Tue, 31 Jan 2023 17:39:05 +1100 Message-Id: <20230131063928.388035-3-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: jUUV0RUnKhtKWhJXnsvbVmo5XJCRgqUq X-Proofpoint-ORIG-GUID: Nn4W9Urj6aAHu-tSAR3EMcE51llnDd9c X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 impostorscore=0 mlxscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 bulkscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519247027157977?= X-GMAIL-MSGID: =?utf-8?q?1756519247027157977?= A number of structures and buffers passed to PKS hcalls have alignment requirements, which could on occasion cause problems: - Authorisation structures must be 16-byte aligned and must not cross a page boundary - Label structures must not cross page boundaries - Password output buffers must not cross page boundaries To ensure correct alignment, we adjust the allocation size of each of these structures/buffers to be the closest power of 2 that is at least the size of the structure/buffer (since kmalloc() guarantees that an allocation of a power of 2 size will be aligned to at least that size). Reported-by: Benjamin Gray Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Signed-off-by: Andrew Donnellan Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series v4: Fix typo in commit message Move up in series (npiggin) v5: Reword commit message to better explain alignment guarantee (mpe) --- arch/powerpc/platforms/pseries/plpks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 9e85b6d85b0b..a01cf2ff140a 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -126,7 +126,8 @@ static int plpks_gen_password(void) u8 *password, consumer = PKS_OS_OWNER; int rc; - password = kzalloc(maxpwsize, GFP_KERNEL); + // The password must not cross a page boundary, so we align to the next power of 2 + password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) return -ENOMEM; @@ -162,7 +163,9 @@ static struct plpks_auth *construct_auth(u8 consumer) if (consumer > PKS_OS_OWNER) return ERR_PTR(-EINVAL); - auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); + // The auth structure must not cross a page boundary and must be + // 16 byte aligned. We align to the next largest power of 2 + auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL); if (!auth) return ERR_PTR(-ENOMEM); @@ -196,7 +199,8 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component && slen > sizeof(label->attr.prefix)) return ERR_PTR(-EINVAL); - label = kzalloc(sizeof(*label), GFP_KERNEL); + // The label structure must not cross a page boundary, so we align to the next power of 2 + label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); if (!label) return ERR_PTR(-ENOMEM); From patchwork Tue Jan 31 06:39:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50627 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2592858wrn; Mon, 30 Jan 2023 22:41:18 -0800 (PST) X-Google-Smtp-Source: AK7set+dScRPV27arB3CR26WVhUigUGbRBvdRfcQPlyJ75PRzQnuV86eKi8hLxUgDKzV8sg7sqy5 X-Received: by 2002:a05:6a21:6da8:b0:bc:c456:962b with SMTP id wl40-20020a056a216da800b000bcc456962bmr10752923pzb.14.1675147277921; Mon, 30 Jan 2023 22:41:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147277; cv=none; d=google.com; s=arc-20160816; b=IGy6F0aLC/cJJmQfh0CV/XivFjEJDfO/xwDDuDhvyytNKwt0tNFnanpnPuLhYCmzW6 qLLc0NETzSlzumBd4XM5KLMVGhdD6jH+Jol9zYh+GMxosPMv+qETiP29NiPh27XdfXZs MmnqLmp7e24auxO9rBI9zQUYb4kutJ+TcXSjIU6FF2oIOjk2JLnfCrMNL+Mcez2K4Y5a 5Vy4JvaX0NRDn5zQA3TFPFyZOLOVmlynAvAwGIUYwjEjp8WqlFoypVW0EBz6y7adHNna Jdc5OO3No0z6sesVrMwgXLuiiHb22/zPMNUZRpkjajxLpMLtgEDPEha38SzUOzg/JrJz 7d0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=dEnP/mIUlLWHaGiuzYJnd4UvAkzceD7NMcweM9Pm6b0=; b=hnFBgioDmnKUXBchlOM5MBtPbf9ydmSglh6COjE+nYzMwgN6r68BahVAEuEWMQGU8l XPpCxhKjgKnpwWiKgJB2c8SEqIZhCZIM9ixBGUG7eeWiY66t+0XTR4RfWXOeE8veCJds c1L9kSC+Bay8M+0ehpv5I4D1uB8H4xV4dTuk1H/KAsi2YmPyvu0h97yFZ0RtIVjQEtJQ cqCz/8zEaQi8UvjEnMTYtc2hWqlV3QKI2Nky6Lgt7CFQQmtPyQSyXMHrKnF81NowGUhB 7Gv0evHAfidLWU6NJqUjLiE+F/UXLZuY1BMhJ0hhcNsb252I83/G/9rlxU2+3IqSLOu0 62yA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Ejt/GsLa"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l19-20020a170902f69300b0019481337656si17603862plg.0.2023.01.30.22.41.03; Mon, 30 Jan 2023 22:41:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Ejt/GsLa"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230202AbjAaGkY (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229884AbjAaGkX (ORCPT ); Tue, 31 Jan 2023 01:40:23 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17C143CE31; Mon, 30 Jan 2023 22:40:22 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6EFNG003372; Tue, 31 Jan 2023 06:40:12 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=dEnP/mIUlLWHaGiuzYJnd4UvAkzceD7NMcweM9Pm6b0=; b=Ejt/GsLay3qkjdaX2byPCMv4o//G96lxdNCDJ0SSs5diEHwbpfRkSIgKG/msejDffD5E IBBLxTQwChb8DrurqeX5zOwV+ar+5PNBNf0Ha/cA5OoFO+UdrH5ZvrdEHjfbyVmW6ZBB gUooM8wypJOK+VYYIsBTPg9daPye/pDAfI8p8nAVmO6S40n9Ncp/9wsCWtdOetYNu+Ww QCUzqqIV80nVMOJ+NVITmHTNdXVyV3oT6t6B9OAV6Z1Zv+JOk5PQ8B9VihIJINZfbbwK Be6tOvdU6L/hYCKYxT21hDpfjsNUZggDGsT6GV0R+gj/xdYoYWYSSj7t9fuUosIvAUMQ VQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fq5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6aOSk029059; Tue, 31 Jan 2023 06:40:11 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fp1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UL30kh014675; Tue, 31 Jan 2023 06:40:09 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3ncvttu3ne-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:08 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e6Si43385118 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:06 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7795F2004F; Tue, 31 Jan 2023 06:40:06 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EBF1820043; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 04A2D6063C; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 03/25] powerpc/secvar: Fix incorrect return in secvar_sysfs_load() Date: Tue, 31 Jan 2023 17:39:06 +1100 Message-Id: <20230131063928.388035-4-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: MPODgCbLFFm7ESFDzef4fenXc_5P2lxz X-Proofpoint-GUID: s9pGWRVy13r6jyPglb_1xDOkVV1bldof X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 suspectscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 spamscore=0 priorityscore=1501 mlxscore=0 bulkscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519232499171026?= X-GMAIL-MSGID: =?utf-8?q?1756519232499171026?= From: Russell Currey secvar_ops->get_next() returns -ENOENT when there are no more variables to return, which is expected behaviour. Fix this by returning 0 if get_next() returns -ENOENT. This fixes an issue introduced in commit bd5d9c743d38 ("powerpc: expose secure variables to userspace via sysfs"), but the return code of secvar_sysfs_load() was never checked so this issue never mattered. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v5: New patch --- arch/powerpc/kernel/secvar-sysfs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 1ee4640a2641..7fa5f8ed9542 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -179,8 +179,10 @@ static int secvar_sysfs_load(void) rc = secvar_ops->get_next(name, &namesize, NAME_MAX_SIZE); if (rc) { if (rc != -ENOENT) - pr_err("error getting secvar from firmware %d\n", - rc); + pr_err("error getting secvar from firmware %d\n", rc); + else + rc = 0; + break; } From patchwork Tue Jan 31 06:39:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50637 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593110wrn; Mon, 30 Jan 2023 22:41:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXuNl3SQp5lgAlFMb3zdIKxVVlDn/YRcuyeUFbugAa9VcFhXTwElo5BYipMhg78bIYGkrZCy X-Received: by 2002:a17:902:a405:b0:194:8b10:3bcf with SMTP id p5-20020a170902a40500b001948b103bcfmr45828865plq.49.1675147318024; Mon, 30 Jan 2023 22:41:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147318; cv=none; d=google.com; s=arc-20160816; b=nz21r4+xu+YvKGBPtQkm1qtS7CfFVwSTJX8NEXecVpOOdH1VEs3dUQEgk7A3BHCQlU y9lKTR14u0lRgNqK9WwuZAux4XUt2a6U41A5Hy2xzNbMbnhVp/0PWE7aC5nzlHiZDo0D hNtelDpbSIO/H+dbe5qGsFZsJa7QHa2O1VpfPoB8p1cS99QFWrB/aEUM/BO7y8qAxmbd Hn9DB7tKPVnSNaIn2vfX9pP/CvO8vhd7rb1uuF0LJe/9YddHzLVT7G8QS7LjUjKZYa3V CDAs5AJsUMHCu15gAMJ4xmC6zi+upHaM2R3q0W1YOXJlSrWYkiFLFefy5sr4uy073zNU m04w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xTlYStkg39Zq6lksZloGiyJlSyVApYtqi6JfwV+gBgc=; b=PMgnvxVO4bSuDRwuxLHQ7g6FP/evkMXiqxYoPo3EJ3utpYuhaIeqidPyuqIgy3ABIj VuylJ3Cafa0X0CG3Y4D1Za/GNAC94zmxf1BvDM6dLqQolu+xPqtEDhcmA8PU4QXPwplK d+OQ/EP0wi6rounOsdGyW7HHHnuk40SK6TlPmN1DlVLQz5MsVA6tyghxNBqpXQcX8kI/ Mh9NFCcm0AL8C4qislljyV3OkTENodTpHhlTm5GpKv4U88jjsXx3yxyUhgiRAfnN/uiS r0tseIMaTkg7M5kK8NqtN4wPDv8g5Rgv5hM6vR3xDkIFV6XHPS/7hdrccdtguawNW1w6 n3HQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=dD58UcCc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p16-20020a637f50000000b004e3f0dd60e9si9320181pgn.551.2023.01.30.22.41.44; Mon, 30 Jan 2023 22:41:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=dD58UcCc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231358AbjAaGlM (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230268AbjAaGk0 (ORCPT ); Tue, 31 Jan 2023 01:40:26 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3C823CE3B; Mon, 30 Jan 2023 22:40:24 -0800 (PST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V622CN020706; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=xTlYStkg39Zq6lksZloGiyJlSyVApYtqi6JfwV+gBgc=; b=dD58UcCcy8BHJN8IyuSEG3UYdf8f8tGtS4mmouwl7N4IH4JxHCg4oyHVrqjPPICTwJ4m J3Y0cub8KdcgmQyP1EN3Kn9nCe2AWflJG6RaHEH/eHjvg8R7ef02FkSJZPwgtr9qCLMi s04SiJIPqKHWi1S16QHqbG/D8bAIKkoL5vLgWvGL+L15B5X+q6UeqTwdAfc4NSP3Ne6q /jukFztTgBK6JWl/OjyeWiR8EtvtbSIrQrjDL8b+VUKomBsQoWr1bPmhIL0QkWCziLWq fA767JNVWq21EkBrh8lrGAMQMHPlnloNewvuyQ5YZd+Zi7jIeX0QyNikXXpnS/qWWhPW ug== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rsu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6eEM7003654; Tue, 31 Jan 2023 06:40:14 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rrj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UKGT0g020245; Tue, 31 Jan 2023 06:40:12 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3ndn6u9g25-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9do47448450 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EDCE220040; Tue, 31 Jan 2023 06:40:06 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EECB22004E; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:05 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 14E1860687; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com, Michael Ellerman Subject: [PATCH v5 04/25] powerpc/secvar: Use u64 in secvar_operations Date: Tue, 31 Jan 2023 17:39:07 +1100 Message-Id: <20230131063928.388035-5-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: iKuhbGJKiOoOMfoMoV3fignntOHeeFRX X-Proofpoint-GUID: Tb0QZm_jqZD9qcMKBFQX0wBUUr23CFOT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 clxscore=1015 suspectscore=0 bulkscore=0 impostorscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519274154872165?= X-GMAIL-MSGID: =?utf-8?q?1756519274154872165?= From: Michael Ellerman There's no reason for secvar_operations to use uint64_t vs the more common kernel type u64. The types are compatible, but they require different printk format strings which can lead to confusion. Change all the secvar related routines to use u64. Signed-off-by: Michael Ellerman Reviewed-by: Russell Currey Reviewed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: Include new patch --- arch/powerpc/include/asm/secvar.h | 9 +++------ arch/powerpc/kernel/secvar-sysfs.c | 8 ++++---- arch/powerpc/platforms/powernv/opal-secvar.c | 9 +++------ security/integrity/platform_certs/load_powerpc.c | 4 ++-- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 4cc35b58b986..07ba36f868a7 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -14,12 +14,9 @@ extern const struct secvar_operations *secvar_ops; struct secvar_operations { - int (*get)(const char *key, uint64_t key_len, u8 *data, - uint64_t *data_size); - int (*get_next)(const char *key, uint64_t *key_len, - uint64_t keybufsize); - int (*set)(const char *key, uint64_t key_len, u8 *data, - uint64_t data_size); + int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); + int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); + int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 7fa5f8ed9542..702044edf14d 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -47,7 +47,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - uint64_t dsize; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -64,8 +64,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { - uint64_t dsize; char *data; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -166,9 +166,9 @@ static int update_kobj_size(void) static int secvar_sysfs_load(void) { - char *name; - uint64_t namesize = 0; struct kobject *kobj; + u64 namesize = 0; + char *name; int rc; name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL); diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 14133e120bdd..ef89861569e0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -54,8 +54,7 @@ static int opal_status_to_err(int rc) return err; } -static int opal_get_variable(const char *key, uint64_t ksize, - u8 *data, uint64_t *dsize) +static int opal_get_variable(const char *key, u64 ksize, u8 *data, u64 *dsize) { int rc; @@ -71,8 +70,7 @@ static int opal_get_variable(const char *key, uint64_t ksize, return opal_status_to_err(rc); } -static int opal_get_next_variable(const char *key, uint64_t *keylen, - uint64_t keybufsize) +static int opal_get_next_variable(const char *key, u64 *keylen, u64 keybufsize) { int rc; @@ -88,8 +86,7 @@ static int opal_get_next_variable(const char *key, uint64_t *keylen, return opal_status_to_err(rc); } -static int opal_set_variable(const char *key, uint64_t ksize, u8 *data, - uint64_t dsize) +static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) { int rc; diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index a2900cb85357..1e4f80a4e71c 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -18,7 +18,7 @@ /* * Get a certificate list blob from the named secure variable. */ -static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) +static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { int rc; void *db; @@ -51,7 +51,7 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) static int __init load_powerpc_certs(void) { void *db = NULL, *dbx = NULL; - uint64_t dbsize = 0, dbxsize = 0; + u64 dbsize = 0, dbxsize = 0; int rc = 0; struct device_node *node; From patchwork Tue Jan 31 06:39:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50650 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2595752wrn; Mon, 30 Jan 2023 22:51:23 -0800 (PST) X-Google-Smtp-Source: AMrXdXsx/+RkHgeUmMXKUHM8dANddu2IYl93lXM2u8vruKd8Qd0gDaSxrIzx+cnN7PRPXRhKMJIS X-Received: by 2002:a05:6402:4ce:b0:47f:bc9b:46ec with SMTP id n14-20020a05640204ce00b0047fbc9b46ecmr52023348edw.7.1675147882903; Mon, 30 Jan 2023 22:51:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147882; cv=none; d=google.com; s=arc-20160816; b=sWbu1deTz1hwrq4JRcGCGlS44DOrJTgEKVTMy6PAb+t39fgo2sFyfjkZ4D5hu2bTSW 65fQU/DBUx21Yks+F1EJHvIlDkNVZvdpkZTjCukxfjjv6utL85z6M86y3awIdCoo3mfn +iXn6Z2b9W0wlm7RYEq3kqMwHNYh8rMh/tOM11oZl+NQk5j4Q1sIpJBhHw3EN4AZRmGU e2KM6We2cBjBfo28gDFhYyZIzGUFhPgaxtogGHuP33HxDSnj10GyFiB/LyoUrshgoFD+ iSwyqs1mWEa5zzXOEH/GISoPK4nGzRwYU/vRwodShR8tJF0fobinf4xKa7cZwwnXeKkZ gYRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RPhN9mMQhcfjLV7uTVV3s7wKdYfZjdVljGEnBuExVKA=; b=ebeTuS1ZEJ1p7AF8zE+2L8TNCp9faG1qsVuA/JQD1OLrY3gADtGm7VZpxaAM2Kar4k /GpW4zq+pTSiTy3doogdWR7EPAb9q4yCBg2E1i4rHG1VqrwIN/d+H2hN250QfwqOf+LT hpVKX+0VQDcJNa33ez/MR77gee1kaJV/hX+FirIIIZXtDb78AW0OodNyW788vf/p13C4 9vlMstqpZvaW36IRHOsV/R0xBBfyix/9q7fA7ZawztOQgkvWShbc92i4e0FyLyH5icVj GDQGVKsFJHAQ2zF2MI3Qt/ujSF4E+jy1ioCg9SyGyYhLzhZEjRK7Z+zNYbF2qg99yPDl lXiA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UDp7S1qO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bp10-20020a170907918a00b0087873092de6si16185890ejb.97.2023.01.30.22.50.59; Mon, 30 Jan 2023 22:51:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UDp7S1qO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231504AbjAaGl5 (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231282AbjAaGlC (ORCPT ); Tue, 31 Jan 2023 01:41:02 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BFF8242BC4; Mon, 30 Jan 2023 22:40:38 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5uXgP010224; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=RPhN9mMQhcfjLV7uTVV3s7wKdYfZjdVljGEnBuExVKA=; b=UDp7S1qO0ytb+yN/R/cQYIY1saKzzLesjcwKK6JCIvAKsLkGvw0nh2Jew0NtkJzC0o7S Ft9Wav96QkQtRXOfSFpr1oLBNG9Npn5gsndNhCjJax6MlqfIj1rq5s1Sjithq7ibcU9I TJODS+UzBbNWnDoyG+TZOxJG9+0dNw7fm6cao3gSu7EBMx25H6KsDDiqn273IouBQl0h AMXLAVKXk2jKIbukvc2luWKHB9zZIgm2Lo+RnUuEcEwDOIp/mwxAe9UOZS8n01nEGUeb Lqsh7699cpZNaYtxrfZmJK2txnYKPQg1IYIB2eyY2pmd5WMI34tRMoOjGppeNGRXBlZ/ 9A== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtgg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6TtVx001270; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtf3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UKWpuY013277; Tue, 31 Jan 2023 06:40:12 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3ncvtyb3h6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e8tv40042892 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:10 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DE5522004E; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5E89E2004D; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 27AA9606DB; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 05/25] powerpc/secvar: Warn and error if multiple secvar ops are set Date: Tue, 31 Jan 2023 17:39:08 +1100 Message-Id: <20230131063928.388035-6-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 44KXDBwoiFNa-ARbwx_nZUGdbdp45RCJ X-Proofpoint-GUID: 7DpXq9Zb4Zf0lpX_q4KBBTqZlbbcez3d X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519866458286051?= X-GMAIL-MSGID: =?utf-8?q?1756519866458286051?= From: Russell Currey The secvar code only supports one consumer at a time. Multiple consumers aren't possible at this point in time, but we'd want it to be obvious if it ever could happen. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v4: Return an error and don't actually try to set secvar_operations if the warning is triggered (npiggin) v5: Drop "extern" to fix a checkpatch check (snowpatch) --- arch/powerpc/include/asm/secvar.h | 4 ++-- arch/powerpc/kernel/secvar-ops.c | 8 ++++++-- arch/powerpc/platforms/powernv/opal-secvar.c | 4 +--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 07ba36f868a7..a2b5f2203dc5 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -21,11 +21,11 @@ struct secvar_operations { #ifdef CONFIG_PPC_SECURE_BOOT -extern void set_secvar_ops(const struct secvar_operations *ops); +int set_secvar_ops(const struct secvar_operations *ops); #else -static inline void set_secvar_ops(const struct secvar_operations *ops) { } +static inline int set_secvar_ops(const struct secvar_operations *ops) { return 0; } #endif diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c index 6a29777d6a2d..9c8dd4e7c270 100644 --- a/arch/powerpc/kernel/secvar-ops.c +++ b/arch/powerpc/kernel/secvar-ops.c @@ -8,10 +8,14 @@ #include #include +#include -const struct secvar_operations *secvar_ops __ro_after_init; +const struct secvar_operations *secvar_ops __ro_after_init = NULL; -void set_secvar_ops(const struct secvar_operations *ops) +int set_secvar_ops(const struct secvar_operations *ops) { + if (WARN_ON_ONCE(secvar_ops)) + return -1; secvar_ops = ops; + return 0; } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index ef89861569e0..4c0a3b030fe0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -113,9 +113,7 @@ static int opal_secvar_probe(struct platform_device *pdev) return -ENODEV; } - set_secvar_ops(&opal_secvar_ops); - - return 0; + return set_secvar_ops(&opal_secvar_ops); } static const struct of_device_id opal_secvar_match[] = { From patchwork Tue Jan 31 06:39:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50632 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593004wrn; Mon, 30 Jan 2023 22:41:40 -0800 (PST) X-Google-Smtp-Source: AK7set++CmpcTRmU8FVrwR9O3kqg7P5tbSdBEpPr06IHw2wRc+Xs2vSUSk2go55aDY9GqX6ekCy1 X-Received: by 2002:a05:6a00:1516:b0:593:af5d:7c2f with SMTP id q22-20020a056a00151600b00593af5d7c2fmr10046829pfu.11.1675147299882; Mon, 30 Jan 2023 22:41:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147299; cv=none; d=google.com; s=arc-20160816; b=FakUC3sheL0D02AbmzZPxu0hxErrEoeC0OI3syXw084FHt6P1UE2jp7EqxEKqEUoaz LQSkVaX3SfBpEF/uJO96e5uqoXd2gB6iE3JBnRGL05ergsclmQT57JYcD9xc22NHT2Dq eqt+gI/oYdvUMyVKD2m3Z0NiAXMWv43s14GRr7QSUwacwqySK+KX21Vley2TNP0HkOLD Q0s5lNR2aXSspZWRDs1lbA2xaeEx0PvaErfHO3dNbvBgzT3mXgEjxW+oAXKxnL3zj7bn VGc95/bs9YtXPHxN6nuNwF89lhUt0BUNJIyaa2Se6XRRVxIArk4NYYMdlsyllLaa99RD 3wlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mU3l5gO7IIw2YUOTU0r6w1mv2TStdSV2FkkMkgfpiNs=; b=uq7m9+ZWy2/4zIG10DRAF4nok8HlPrJC8R3/BauvBqRm0sohMRyVeJ9xA1RzA3XCtP gVBaY128L+XVINklUINGE7i3Gh/9q9Id4PIOdL8gsIMVkpZU2XHqTcfurCyYNKY/+raq EBf695myhMHuteLAGIcm1gUKVuZWOf0MKE34mqa8pOSEQU0hsvAPT9N7+s5f7gSlYoTj Y+GcCacv9Z+qMpXJkuJPHDhGJhyJG95coBmmKiMeNeLjBynUVTQTB7qZk5GItXWcu1LA vNgWeNPwdTRFS/v9bGJ1j8cttMp6zArStm+Kwz2wdShJXKgcVqv7/lmXTzkwhu+eoZSE Q6yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=NwhOAhMc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u127-20020a626085000000b00589605fb097si9221553pfb.224.2023.01.30.22.41.27; Mon, 30 Jan 2023 22:41:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=NwhOAhMc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230399AbjAaGkr (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230205AbjAaGkY (ORCPT ); Tue, 31 Jan 2023 01:40:24 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9005E3D925; Mon, 30 Jan 2023 22:40:23 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6Tm5k026293; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=mU3l5gO7IIw2YUOTU0r6w1mv2TStdSV2FkkMkgfpiNs=; b=NwhOAhMcnnBriVjx5f7J5A7kLTZXQ4HCs0D2QQAlxP8jQfvknone7XMXcOCGpPiWzyrx oCFdrSHMWTMn4lDUvrSu2KF42uLdDGQXkKpsrjkOk9ZGTk3S2viXBc0wXlgHS6vSffDJ fnVO16d5rq9wU9Ds8Omrj0TbKc/dgkXfxG0jldf5m6MUQqkWukOn5xsN4saxyNShGH+D Xqlir400rgr3TzSXM4azJ1i+tUm5moZ03De1qya3e+Rw2vA/aKGkW/58o3bXDWvcaZgl T7WwRYfbfY1n1M4gVChG4lpX6GjMfddcGYtGOEg//22cKGAUBDIuVeL86WenXZta5X55 vA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3news607jv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6VmCe001199; Tue, 31 Jan 2023 06:40:14 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3news607hn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UK70WJ032360; Tue, 31 Jan 2023 06:40:11 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3ncvuqt7s1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e81c42336662 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DCE2120043; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D6422004B; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 39378606E6; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 06/25] powerpc/secvar: Use sysfs_emit() instead of sprintf() Date: Tue, 31 Jan 2023 17:39:09 +1100 Message-Id: <20230131063928.388035-7-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: ROpEy-d2mBNc_fk9iriqNEhkdIXrPFEe X-Proofpoint-ORIG-GUID: juM0vAUvM-APcfjEJQ_ggCl4CksqyIH6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 spamscore=0 clxscore=1015 mlxlogscore=891 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519255430063461?= X-GMAIL-MSGID: =?utf-8?q?1756519255430063461?= From: Russell Currey The secvar format string and object size sysfs files are both ASCII text, and should use sysfs_emit(). No functional change. Suggested-by: Greg Kroah-Hartman Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v2: New patch (gregkh) --- arch/powerpc/kernel/secvar-sysfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 702044edf14d..b786d1005027 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -35,7 +35,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, if (rc) goto out; - rc = sprintf(buf, "%s\n", format); + rc = sysfs_emit(buf, "%s\n", format); out: of_node_put(node); @@ -57,7 +57,7 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, return rc; } - return sprintf(buf, "%llu\n", dsize); + return sysfs_emit(buf, "%llu\n", dsize); } static ssize_t data_read(struct file *filep, struct kobject *kobj, From patchwork Tue Jan 31 06:39:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50647 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593395wrn; Mon, 30 Jan 2023 22:42:56 -0800 (PST) X-Google-Smtp-Source: AK7set8jOJz2TFfylgZgxv6kgRExHBrFjbGfoahQiOwFOZuQX/84qG67mgAEBF4YjDQVhbLXysyr X-Received: by 2002:a17:902:ce87:b0:196:341b:ed7 with SMTP id f7-20020a170902ce8700b00196341b0ed7mr26089873plg.15.1675147375922; Mon, 30 Jan 2023 22:42:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147375; cv=none; d=google.com; s=arc-20160816; b=nxhTS2jwj1xExB7oiu5Ften13fx2GSmRqxkccZDGR3Y2H6pBxKEIX9QAPhZRxpuxEM 3IeQB/s+vwtTj2ox1ybnha5P0YnOXbiDlwEsuJGntLgS2OIo2dUpo4fSLQhMyaGF7Bnj qeNCsxZwWLnv8LfHAqgiCh7O6mlgeEKjhVtg+Z+r9kFFEj6k8XAgwTCngFeD+wcZTqwr lluyqIIq587Hi06HaTRtbl0SKFxwYG9+qQxRwF9j0sjfR/ceYIUJ7siKgApKnxQ0S18E zbZnyXoq6/GoO4cnVau5ImVeeKWSTuf2tAHyabqwqtJy00EUSYatdXreza7l4pUpkrZY NhfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ogpD+RkK2qd8CbdDGI6iw+EP52wvlvcxRVcdkrjH6rI=; b=g3nc1ECf6vRl//GasEx9hUT1Zsw5RifAJ5xEEpQF5wE34xAqTDb9JDT3Ouf820/m5L TwWUmGXExIvpkUwCbgkrLmfy3Dk3z7Bc1g8pihnChRhUwUjJldtZdZz4kwRQOaOshI0y cQ56KRNjGYXlkTeXdGVkc5uSDUZpIIULHO7wGCZ0kVIspVG2NMGnW5ta7E5BEQaelb+X 4Zxz/E7kdtWGEN+N1gD8YNcufNKDs/Th8rgnkmnmH4LuBd7bo4jDmrYPBlvF/lZzxcBQ xekvZZ/MWsSf+sYL5Pk2wmbESg58NHZ34hPjjvdKEnqfiyKmaDXTTsUQWDssD1yqRO7q B34Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=GxFeRTJr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a17090332c200b001945ff85d7asi17909401plr.357.2023.01.30.22.42.43; Mon, 30 Jan 2023 22:42:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=GxFeRTJr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229740AbjAaGl3 (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230481AbjAaGki (ORCPT ); Tue, 31 Jan 2023 01:40:38 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3BAE3E62D; Mon, 30 Jan 2023 22:40:30 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5ueTL010365; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ogpD+RkK2qd8CbdDGI6iw+EP52wvlvcxRVcdkrjH6rI=; b=GxFeRTJrXl2mSzqbYStaMVT8KM2MF+eMbHWvW5gBkRSo1mCeLGPaLtu+sshtb9XFYq8+ N1om3CYr/l1NqGaF2t5SrnZevuLe5PBTX2VLkW+6yIzlH8PE3JNhplb+43OaDt0RSV3x AWZnfVfzosOqC++B+0DLvQDHET6cpOdvx7Albz9SAXjmVsV+Uijsoetl9M4agd7BLAy7 y20TJdQlHk1LBzHZAaMbedf5EptTD9EZO+QySzAXlWW4YLta0n2MI0KvPgElJI2TubXP IU5+0goMpyF1TkxqIpVVOxrfpL5J2iq0g0uebUUjEETWaTIY+odnmGxodDmDTTCIPUrb oQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtgq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6MQVX016442; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtfk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UDFPM3026081; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3ndn6u9g27-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9Eq47055128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:10 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5B37B20043; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D14F20040; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 49B4B6064A; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 07/25] powerpc/secvar: Handle format string in the consumer Date: Tue, 31 Jan 2023 17:39:10 +1100 Message-Id: <20230131063928.388035-8-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: fJJMBCRWiqsmCmmS-35ra-bFfTedBaVN X-Proofpoint-GUID: 2eLs684WUFEVe8x9-mD2C41lWpA26fll X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519334548327644?= X-GMAIL-MSGID: =?utf-8?q?1756519334548327644?= From: Russell Currey The code that handles the format string in secvar-sysfs.c is entirely OPAL specific, so create a new "format" op in secvar_operations to make the secvar code more generic. No functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v2: Use sysfs_emit() instead of sprintf() (gregkh) v3: Enforce format string size limit (ruscur) v4: Pass the buffer size as an argument, not using a macro (stefanb, npiggin) Fix error reporting (npiggin) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 27 +++++++------------- arch/powerpc/platforms/powernv/opal-secvar.c | 25 ++++++++++++++++++ 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index a2b5f2203dc5..1a2c696a48ad 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -17,6 +17,7 @@ struct secvar_operations { int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); + ssize_t (*format)(char *buf, size_t bufsize); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index b786d1005027..e4661559c855 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -21,26 +21,17 @@ static struct kset *secvar_kset; static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - ssize_t rc = 0; - struct device_node *node; - const char *format; - - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } + char tmp[32]; + ssize_t len = secvar_ops->format(tmp, sizeof(tmp)); - rc = of_property_read_string(node, "format", &format); - if (rc) - goto out; + if (len > 0) + return sysfs_emit(buf, "%s\n", tmp); + else if (len < 0) + pr_err("Error %zd reading format string\n", len); + else + pr_err("Got empty format string from backend\n"); - rc = sysfs_emit(buf, "%s\n", format); - -out: - of_node_put(node); - - return rc; + return -EIO; } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 4c0a3b030fe0..e33bb703ecbc 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -98,10 +98,35 @@ static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) return opal_status_to_err(rc); } +static ssize_t opal_secvar_format(char *buf, size_t bufsize) +{ + ssize_t rc = 0; + struct device_node *node; + const char *format; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_string(node, "format", &format); + if (rc) + goto out; + + rc = snprintf(buf, bufsize, "%s", format); + +out: + of_node_put(node); + + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, + .format = opal_secvar_format, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Tue Jan 31 06:39:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50649 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2595377wrn; Mon, 30 Jan 2023 22:50:08 -0800 (PST) X-Google-Smtp-Source: AK7set+VgrkubtepD0qhpoHN57HdBYJR37KjxT4/R1ch8O2uJ46W6ipHn7RJL5TZ8WbnvrkyrOah X-Received: by 2002:a17:907:724b:b0:87c:5da3:73f4 with SMTP id ds11-20020a170907724b00b0087c5da373f4mr2551706ejc.77.1675147808141; Mon, 30 Jan 2023 22:50:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147808; cv=none; d=google.com; s=arc-20160816; b=lJobjKXlW8lHJ+GrO/jA46P0lKho2ILRlbTFfLjONgFJZeiWHaaHJHlYLiEfEWzEif 98pgO4636Y6RfcS3Fecpalkl2x5llOnm9FCXetjzRxoxD5cg7UPQmqs8OIl7LSB2tbER T+8zd3XEOf2QzQSHICqG4/MkH3oVyOf5HDyo0sx7Xn9F8UZLPjbM1EkjbaRLeHfCZcYQ YCj/Ioerq1goVOB7UWWtS7BIYj2zd6JDyK9j3qkRDVDc04cHzJUvuyVMRxF6+u5WbEiy hqqefRolYLid7qeu8Sn8tXvyJeDaLipyLDEWqgZrkkBmRJAvWzB/PBrYwU6WllMKw6Qb zngQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9XaEG+5Qxrl2SKaw5cJmy8oz+6EqB3Iddfdum6q6vfM=; b=Rvl+pLAxS0Gm8gkIcwTKO+AEi7fVtdrf0I2cwajP55I166++dKsuFALAmoXLI2d6e8 b3ku8ECYv3EmDxuhe1+XyP9KzJPyDMv9PCLz16+HnnCLdYAyVcIsFA6D93MMNLLUKjwT 9xFvQVUSoF4/uR9UTlXF5XreBXtarOm9BfkHPCYUCdJ5cxiWhMOpQgZ6bzeBEdN10X7Z n831xjvviqrOrFcFTKYBoEr1qx4QyTafJ77sGLANxV5yS39mbznrMzXi3QivBJFvpP4z s7H3kKEG9LGX1QRnbGNFhLjGzpO0MgVmXOgAsxPEdwxsIf4iuoLTXruYl1IBbkuO9dtc dp5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=EzbYDpEP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 17-20020a170906025100b00871a4e8d7bfsi18341847ejl.230.2023.01.30.22.49.44; Mon, 30 Jan 2023 22:50:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=EzbYDpEP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231478AbjAaGlf (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230249AbjAaGk7 (ORCPT ); Tue, 31 Jan 2023 01:40:59 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0DEA410BD; Mon, 30 Jan 2023 22:40:37 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6Tkmi026212; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=9XaEG+5Qxrl2SKaw5cJmy8oz+6EqB3Iddfdum6q6vfM=; b=EzbYDpEPbbAXvn+5GbPyR0WRdZPMTzoaq7I1Uk9eNTgL1g6UwVaDZV7Iq6shxidIDB7U F1Ao5EtT1HYsh55MhcGtbSHom8B+2mZNExTX1ejupnRMvdrZ64t6WzRMypfgpkJsdbYJ j0bn4Nuljs4VUBQCqRuz+Kh4JQSTAbTXkGOtKQ5+xgF/LPcjpJcptXiOMk/4qFeCJ+RZ 3/6HeBaKFiFHpFkE2eKbsrUIDwul3elN1iiEwpNJ7k2Qv2CQkpiDs6jOzcmiTeujOguO 8Ly/CBT0VaZ7NPLISBldJKVPZ4xn5wXx9lRi54riZmOestTgocz0LvK696gQ/YulgzWG aw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3news607jw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6c4SW021281; Tue, 31 Jan 2023 06:40:14 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3news607hp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UKfjbC014730; Tue, 31 Jan 2023 06:40:11 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3ncvttu3nf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9Xm31850874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5B2E820040; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D9EB2004D; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 5B4BD606E8; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 08/25] powerpc/secvar: Handle max object size in the consumer Date: Tue, 31 Jan 2023 17:39:11 +1100 Message-Id: <20230131063928.388035-9-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 28Zz4O1ZmEU2m4HPM31L4z8-QUWHznAE X-Proofpoint-ORIG-GUID: DjMWCsrkoczBSpn7QxbrkLhzQsXFUVue X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 spamscore=0 clxscore=1015 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519788005319858?= X-GMAIL-MSGID: =?utf-8?q?1756519788005319858?= From: Russell Currey Currently the max object size is handled in the core secvar code with an entirely OPAL-specific implementation, so create a new max_size() op and move the existing implementation into the powernv platform. Should be no functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: Change uint64_t type to u64 (mpe) v4: Return immediately if node is NULL (gjoyce) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 17 +++------------ arch/powerpc/platforms/powernv/opal-secvar.c | 22 ++++++++++++++++++++ 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 1a2c696a48ad..bf396215903d 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -18,6 +18,7 @@ struct secvar_operations { int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf, size_t bufsize); + int (*max_size)(u64 *max_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index e4661559c855..0966806f28c7 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -132,27 +132,16 @@ static struct kobj_type secvar_ktype = { static int update_kobj_size(void) { - struct device_node *node; u64 varsize; - int rc = 0; + int rc = secvar_ops->max_size(&varsize); - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } - - rc = of_property_read_u64(node, "max-var-size", &varsize); if (rc) - goto out; + return rc; data_attr.size = varsize; update_attr.size = varsize; -out: - of_node_put(node); - - return rc; + return 0; } static int secvar_sysfs_load(void) diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index e33bb703ecbc..a8436bf35e2f 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -122,11 +122,33 @@ static ssize_t opal_secvar_format(char *buf, size_t bufsize) return rc; } +static int opal_secvar_max_size(u64 *max_size) +{ + int rc; + struct device_node *node; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!node) + return -ENODEV; + + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_u64(node, "max-var-size", max_size); + +out: + of_node_put(node); + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, .format = opal_secvar_format, + .max_size = opal_secvar_max_size, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Tue Jan 31 06:39:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50628 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2592900wrn; Mon, 30 Jan 2023 22:41:23 -0800 (PST) X-Google-Smtp-Source: AMrXdXuvkee5RowJelvURpYVcaFCuPfcg07LeHX/mHhI5Up2aoyYzj7R851YG7gWPxaBK8pC7MKe X-Received: by 2002:a17:902:8498:b0:194:4724:806d with SMTP id c24-20020a170902849800b001944724806dmr48462495plo.33.1675147283035; Mon, 30 Jan 2023 22:41:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147283; cv=none; d=google.com; s=arc-20160816; b=EJDq7zt5gsKaYwEky7SDo+kLeNIO9faStEWSB89KDsNEXVSoJfqNSgimswZ7wUXFgg ltWs1GhqrhqZBGKj7DvHFT7X/9VK4dsaR2T9l1b+7LQICGOFDM/oyRx4lAV1Q8wudabj Zmuzk1t0fCcHVAyGMutA+hMAhvKnIymGrfV6ZXH+7L0T89nI44MXKFc0bGqVkenG9Jgt z4tB1N7RGPBltWwqO+3F9tDz7/mjB0121BComRZODfd4F/F8w7TWVxMFjf5IDwVNLa2g ZIyuLGsxkCNURv43itV07CQdhXriakj6gZv3xDpoSQeUbSYPBM28T5PNd86Ja9Urjwjy gnLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=v7DDCYQBQbsPquSXn556Y6fam/jtnfHZrD2Y/zC3WEw=; b=FhZnto6UBa9z1fCm3rTDrA+fy8kU+fozRiqQ21J0AGXAICJIZYGeum6A55RqJ0sMYy TvBOLcriyI+MLct2Dg9PSpohFw4Xk/xO70gTsby6R08D9IoaQ8Eq10Wwcr+dLce2hSvN djXhi303rvyjUHACvjsfECkWKCUb3NpvArrGpfIVZLEYBj/gFQhju3fwWAsoeCEeCVOz MzKyTFT2mjhFb1Wgc84Hhl+bUsFNhcDN3o0+t4KxwJHGKDgjzi4FicYjWQfvLLrUQN9F 7F1M2NuQMBKu1wFqXmCyiyJ4/A1NuLqlayIzQFZlyaE3NndF3yNYgz0WfPagLjEgnIgw xy4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=WhM8wYOk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a9-20020a170902ecc900b001962d33e09bsi17693739plh.537.2023.01.30.22.41.08; Mon, 30 Jan 2023 22:41:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=WhM8wYOk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229495AbjAaGkb (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230185AbjAaGkY (ORCPT ); Tue, 31 Jan 2023 01:40:24 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F41ED3D0AA; Mon, 30 Jan 2023 22:40:22 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5Wxdl007566; Tue, 31 Jan 2023 06:40:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=v7DDCYQBQbsPquSXn556Y6fam/jtnfHZrD2Y/zC3WEw=; b=WhM8wYOkRdcEDw19hQVSISu7s1uW7q57WJYIS8emVk0BRy4ysies0zNMKw2yh5GPe911 egox08eMVuZ4W5yI05JyOX8vbSnFXBeNjFO7ywFW82Am7JRVBbNSbA6faq58anJD0iDJ 6nO1Xyu71WK+gZ/kl0yu7YgxiH+yFPzy+yTPPrwCB/9qR7CjtdbqjIhHu+T0a/vh8kig WpXR1j1gIhXNAYqp1zff6mjyOxp1ELBfletYTgoFGZNnjPGcqmQJukKxeuQGvjElZ+Ye TpDdIjaCHAN5kemaQKhMpSVOnHonpVKqsse2I0ZLeVQnxpFd3EqlE9PMIaKkRe1Rrd9w Mg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3neusy2wys-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6bfms021088; Tue, 31 Jan 2023 06:40:13 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3neusy2wxh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UK8qNV026916; Tue, 31 Jan 2023 06:40:11 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3ncvs7k432-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e89N45875550 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DEAE220049; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F12220043; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 6DE79606E9; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 09/25] powerpc/secvar: Clean up init error messages Date: Tue, 31 Jan 2023 17:39:12 +1100 Message-Id: <20230131063928.388035-10-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: CY9Fb3P_JkLgSpqqhkuGSm0AO2gdLOEA X-Proofpoint-ORIG-GUID: jvZXzxIGoFw_uH83BsJcEnRWgwxpscAF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=891 mlxscore=0 bulkscore=0 adultscore=0 phishscore=0 clxscore=1015 spamscore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519237568026743?= X-GMAIL-MSGID: =?utf-8?q?1756519237568026743?= Remove unnecessary prefixes from error messages in secvar_sysfs_init() (the file defines pr_fmt, so putting "secvar:" in every message is unnecessary). Make capitalisation and punctuation more consistent. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 0966806f28c7..8f3deff94009 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -196,13 +196,13 @@ static int secvar_sysfs_init(void) int rc; if (!secvar_ops) { - pr_warn("secvar: failed to retrieve secvar operations.\n"); + pr_warn("Failed to retrieve secvar operations\n"); return -ENODEV; } secvar_kobj = kobject_create_and_add("secvar", firmware_kobj); if (!secvar_kobj) { - pr_err("secvar: Failed to create firmware kobj\n"); + pr_err("Failed to create firmware kobj\n"); return -ENOMEM; } @@ -214,7 +214,7 @@ static int secvar_sysfs_init(void) secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { - pr_err("secvar: sysfs kobject registration failed.\n"); + pr_err("sysfs kobject registration failed\n"); kobject_put(secvar_kobj); return -ENOMEM; } From patchwork Tue Jan 31 06:39:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50629 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2592932wrn; Mon, 30 Jan 2023 22:41:27 -0800 (PST) X-Google-Smtp-Source: AK7set9UNF79CqAd2p6rb8/Us49pBS5UT98r6L5IAakBgN2KkJhIhPQyeqGVTglFxhsu/YssDEr+ X-Received: by 2002:a17:902:f54d:b0:196:843c:cfb4 with SMTP id h13-20020a170902f54d00b00196843ccfb4mr8060562plf.50.1675147287285; Mon, 30 Jan 2023 22:41:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147287; cv=none; d=google.com; s=arc-20160816; b=pBI8U7swqoxfz5I1Y/xkR/NtLI2I/F5afMwefxCmZyQzbzIbhsbh4rSuS3wKCQtaab pg5Mlz0R2gxvGNQMV3YvEuO0onygd87cnK96KdlMyTPl0dGOrYLOZ1hK+QDZx/19XzSv IHqh8Cc82FP6Qf/p7YGyAbP9nw8g0Qr/RHcUwblT+dFN7fCsus2FOK8EBS2SGGoQpULj gblAhyNijs9D+NNzJPmqBEOhGBACNnfwoityCYJZLWGlmjwBH2lk2XwUaRty1GU2rzEb IB3tXLInfUank3gxTsdtjCCx4SZeMl6MhopBk0YR5CrOlJx/9m39Rj9MfA16Zlxy+tPC 61Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4oWH3qpstXeHr4acsnSVSUeHlbaqgZ1m/OrhmxK/Oo4=; b=zp3ePO0fjGYFzgRVCcTKjjgW2k3GSQ09VkPgG1TZH03OHVU8SLV3dIjExtQTl6fDro 3QRGTV9JwRrHADlaCXt7aO9ngvkiLSZ3h5fd6F5/zMItp06Uqzln+YQx/QLoAqJ82WWG v55bND7vij3zRKaVjof6ocEfpjqPWTaEy1XYpv0rsPmTV6fSArsZHbWV+xXOQH4QvTQU CDL1cQUS8Okbi0S71Wd2HVIT7AjQVypX8YRZpIVx2wrRoPHr8ZVun3hOnQ9suei/PBEM IiV4wsAy1ADKVUSjQkyFZGtGV0itz/krpC45k0uZer9cd+096WMPlbjgYFHDYMHNSYU1 REmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VbdhO3w0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v15-20020a63bf0f000000b004b2317cd02fsi15167243pgf.582.2023.01.30.22.41.14; Mon, 30 Jan 2023 22:41:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VbdhO3w0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230461AbjAaGkh (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230215AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B20153D926; Mon, 30 Jan 2023 22:40:23 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6EWoP004518; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=4oWH3qpstXeHr4acsnSVSUeHlbaqgZ1m/OrhmxK/Oo4=; b=VbdhO3w02fHG82RvcBXjkqVCbCPNRIFpZD21lw9Ls1fe6V0LGu4fN5zhkF1pz5deEErb aKrv4/C6gzMBoSnbTCAkb44tNHkXRVaiC93PLkrf9mylvgpotavupCvPrLFB5eAAURu7 ZDAs0vHyvQQRylFlofuZJKw1VywzL6GooYxiynJ1fQRDCZvYlf366AHtSlnEXNBPa2E7 33YHYwSEloFM5+j3Ybr6L6lzUkQvL2kpOYldimKvJ2FcZMJq2r0XaYjzWdQ5BLZVh/Qn +jHCx4oVL3Eek5Tvj3u/ML6mG0CDJWnObbOdpRkFjvzwDeMGvOZxsvnzMj5kARJhKrWI Ew== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0frj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6eE2d019555; Tue, 31 Jan 2023 06:40:14 GMT Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fqj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30ULAuqm009758; Tue, 31 Jan 2023 06:40:12 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3ncvt7j7gm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9ci26476822 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5E0F720040; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6042120043; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 7D026606E7; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 10/25] powerpc/secvar: Extend sysfs to include config vars Date: Tue, 31 Jan 2023 17:39:13 +1100 Message-Id: <20230131063928.388035-11-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ILZRmJR5aEbgic7mJ0Vugi7o9xu_KbvC X-Proofpoint-GUID: AAgWl_93T7sh_q0ZeQLHAOqkrIpX23Yy X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 suspectscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 spamscore=0 priorityscore=1501 mlxscore=0 bulkscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519241949433791?= X-GMAIL-MSGID: =?utf-8?q?1756519241949433791?= From: Russell Currey The forthcoming pseries consumer of the secvar API wants to expose a number of config variables. Allowing secvar implementations to provide their own sysfs attributes makes it easy for consumers to expose what they need to. This is not being used by the OPAL secvar implementation at present, and the config directory will not be created if no attributes are set. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: Remove unnecessary "secvar:" prefix from error messages (ajd) Merge config attributes into secvar_operations (mpe) --- arch/powerpc/include/asm/secvar.h | 2 ++ arch/powerpc/kernel/secvar-sysfs.c | 33 +++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index bf396215903d..011a53a8076c 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -10,6 +10,7 @@ #include #include +#include extern const struct secvar_operations *secvar_ops; @@ -19,6 +20,7 @@ struct secvar_operations { int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf, size_t bufsize); int (*max_size)(u64 *max_size); + const struct attribute **config_attrs; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 8f3deff94009..7df32be86507 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -144,6 +144,19 @@ static int update_kobj_size(void) return 0; } +static int secvar_sysfs_config(struct kobject *kobj) +{ + struct attribute_group config_group = { + .name = "config", + .attrs = (struct attribute **)secvar_ops->config_attrs, + }; + + if (secvar_ops->config_attrs) + return sysfs_create_group(kobj, &config_group); + + return 0; +} + static int secvar_sysfs_load(void) { struct kobject *kobj; @@ -208,26 +221,36 @@ static int secvar_sysfs_init(void) rc = sysfs_create_file(secvar_kobj, &format_attr.attr); if (rc) { - kobject_put(secvar_kobj); - return -ENOMEM; + pr_err("Failed to create format object\n"); + rc = -ENOMEM; + goto err; } secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { pr_err("sysfs kobject registration failed\n"); - kobject_put(secvar_kobj); - return -ENOMEM; + rc = -ENOMEM; + goto err; } rc = update_kobj_size(); if (rc) { pr_err("Cannot read the size of the attribute\n"); - return rc; + goto err; + } + + rc = secvar_sysfs_config(secvar_kobj); + if (rc) { + pr_err("Failed to create config directory\n"); + goto err; } secvar_sysfs_load(); return 0; +err: + kobject_put(secvar_kobj); + return rc; } late_initcall(secvar_sysfs_init); From patchwork Tue Jan 31 06:39:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50642 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593215wrn; Mon, 30 Jan 2023 22:42:16 -0800 (PST) X-Google-Smtp-Source: AK7set/u0wKx3JPKIAiYGGsqpJvS/N3OW8rQDvH7E6M7/mamOojwBSg+wdogAlpd/gMSVqlvagYn X-Received: by 2002:a17:902:d1d1:b0:196:780a:ada8 with SMTP id g17-20020a170902d1d100b00196780aada8mr6872978plb.6.1675147336138; Mon, 30 Jan 2023 22:42:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147336; cv=none; d=google.com; s=arc-20160816; b=X1uykP2vkkUzfNttsN19RMHm1ugpINv9RMEslTm1yUahCOD4ZTRaRk3teGaCz6Z/pZ I8VixXn1z9Ms/zbjdaFEG/rpDY/GCebAOsIgXSx58ywQxGz1FS1x3uaTauj3JT2PgHrf IKaY78m4jgAXSocPNrqqRh+xNFpdXph7rw0j6fHV9hAt7mNwnmTJimauULOkwilE5c15 lrYQ7tSEPxkwIhQ3RUYYDGQfF1b+ksqOeyToJ7HC8PLpW7qrVAMIPGyEQK38O26At84b HZ52QlgncK8sCDWe1l7Phn0XowyTeE4qwuGW8Ubs2YkrUp2fuhU1db1dgnvCxPa5HKjY nzDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=N2R3GvZB0FDC5VCJfoPIgMLQTlamhuK00RoCluA8iqA=; b=R0y0YqpPI1piWUx7zXyVTPQLwGKMTRVxWJ/KCzTbqzu5HfbR1ICyPjTS/j4AvQ4hPN OX/m9M8ougRpAkQ7hh5/v3VDr6cCau7pHnJmIgL3hRx+8rDiyxdyKWEYo0Vrxxr6ribA tmBHKlt4rbGc4Mjjub10ONir8hRbJeC5ifvjLWhrjqNkmeBaWuGaXEAogDGtZqXKi5b5 u0rfmMK3exvX+G8pODDfl4quAv7dX5ft2gez04T4BQLXTpuRjzPIL3kfc3XVoQcmMnPS /MFbOjE0c54z9a2LZ6kmJt/vqzV6F+KVMMAXE/RcTNP/kkcQdD/7+J0iVlm6ps8l51Da Biig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=lha88JHR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p17-20020a170902e75100b001968b36d142si4407734plf.420.2023.01.30.22.42.03; Mon, 30 Jan 2023 22:42:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=lha88JHR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231429AbjAaGlZ (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230377AbjAaGkc (ORCPT ); Tue, 31 Jan 2023 01:40:32 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55DE73D08E; Mon, 30 Jan 2023 22:40:30 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5uasq010286; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=N2R3GvZB0FDC5VCJfoPIgMLQTlamhuK00RoCluA8iqA=; b=lha88JHRU3hXl9nGPcNZ7KIFu99hVn3loeJewD6UR8UEazBSmRc7fKda4diMH8l9Qs7O g2D5DvppWXrUihXSKakI4mI0ETC8kk3RfM1jpJFAi5mlrGJnjOWkkttJO00hDW8kOzOj NMIYVBQ+ppd6q17UI3FKYD0AVH7B2IBSqdoiMrd+ROOmgt8wtJ34PMerJIqozFhDFF7s 8rpWJ5Kjrh5FfkeAXR9U95WEeIXXgp9h5NHuHQRHZNfK1+BcNlS5Y5kHeqVP64P1O588 8DKIvTxu9QB77Nuj/lzM9I2YeseDKhGiWjp1IP9sNOsyybUrMvxNDG5vM5CRZVR5w/xg hw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtgc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6TtVv001270; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30V3LI8D025083; Tue, 31 Jan 2023 06:40:12 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3ncvv6a7dr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9ph46006688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:10 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D073F20043; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D2B3E2004D; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 8EB0060953; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 11/25] powerpc/secvar: Allow backend to populate static list of variable names Date: Tue, 31 Jan 2023 17:39:14 +1100 Message-Id: <20230131063928.388035-12-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: lwq7PiogdUrvPFkOtxejUs08LyAT8Ocb X-Proofpoint-GUID: e7nCQbyZgrdtXeiTDEX2zWKdoPjuGwQS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519293069692249?= X-GMAIL-MSGID: =?utf-8?q?1756519293069692249?= Currently, the list of variables is populated by calling secvar_ops->get_next() repeatedly, which is explicitly modelled on the OPAL API (including the keylen parameter). For the upcoming PLPKS backend, we have a static list of variable names. It is messy to fit that into get_next(), so instead, let the backend put a NULL-terminated array of variable names into secvar_ops->var_names, which will be used if get_next() is undefined. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (ajd/mpe) --- arch/powerpc/include/asm/secvar.h | 4 ++ arch/powerpc/kernel/secvar-sysfs.c | 67 ++++++++++++++++++++---------- 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 011a53a8076c..4828e0ab7e3c 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -21,6 +21,10 @@ struct secvar_operations { ssize_t (*format)(char *buf, size_t bufsize); int (*max_size)(u64 *max_size); const struct attribute **config_attrs; + + // NULL-terminated array of fixed variable names + // Only used if get_next() isn't provided + const char * const *var_names; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 7df32be86507..2cbc60b37e4e 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -157,9 +157,31 @@ static int secvar_sysfs_config(struct kobject *kobj) return 0; } -static int secvar_sysfs_load(void) +static int add_var(const char *name) { struct kobject *kobj; + int rc; + + kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); + if (!kobj) + return -ENOMEM; + + kobject_init(kobj, &secvar_ktype); + + rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); + if (rc) { + pr_warn("kobject_add error %d for attribute: %s\n", rc, + name); + kobject_put(kobj); + return rc; + } + + kobject_uevent(kobj, KOBJ_ADD); + return 0; +} + +static int secvar_sysfs_load(void) +{ u64 namesize = 0; char *name; int rc; @@ -179,31 +201,26 @@ static int secvar_sysfs_load(void) break; } - kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); - if (!kobj) { - rc = -ENOMEM; - break; - } - - kobject_init(kobj, &secvar_ktype); - - rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); - if (rc) { - pr_warn("kobject_add error %d for attribute: %s\n", rc, - name); - kobject_put(kobj); - kobj = NULL; - } - - if (kobj) - kobject_uevent(kobj, KOBJ_ADD); - + rc = add_var(name); } while (!rc); kfree(name); return rc; } +static int secvar_sysfs_load_static(void) +{ + const char * const *name_ptr = secvar_ops->var_names; + int rc; + while (*name_ptr) { + rc = add_var(*name_ptr); + if (rc) + return rc; + name_ptr++; + } + return 0; +} + static int secvar_sysfs_init(void) { int rc; @@ -245,7 +262,15 @@ static int secvar_sysfs_init(void) goto err; } - secvar_sysfs_load(); + if (secvar_ops->get_next) + rc = secvar_sysfs_load(); + else + rc = secvar_sysfs_load_static(); + + if (rc) { + pr_err("Failed to create variable attributes\n"); + goto err; + } return 0; err: From patchwork Tue Jan 31 06:39:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50651 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2597128wrn; Mon, 30 Jan 2023 22:55:56 -0800 (PST) X-Google-Smtp-Source: AK7set+k0e6YHvYKK/JvsfXRQMK0iw9x1aIbvwPtYrMvhbtwecmushsHfN6+vZs2iq8G/0ALaUua X-Received: by 2002:a17:906:3557:b0:87b:db40:b9fc with SMTP id s23-20020a170906355700b0087bdb40b9fcmr2126229eja.5.1675148156755; Mon, 30 Jan 2023 22:55:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675148156; cv=none; d=google.com; s=arc-20160816; b=OoPH62yDtF4rqvij2e1n2w6o8gH+jDqLoCpv4WATPdLfCz7/63fCAsVDzCS4je36RL 1tTvwgWslCYNHvlyJVhBPBIim4KMjq367roIfE7drvpaf8VyrhrFYLxqPmLvjM/GecF4 S4Ib9OfRB1FIl0/rb8n6SZ9ng/gvP0KeCmFKs6w16kst/tMUoPb8+JAyVurgLwMaBJDG hRe9+HbaNfVtx28F2SL1FiJy6wd0xcyLeKqtRzTwt6QSWYn0m8Q2j0LFzAzxGl305ukG P7fofiijbJfnBxTI6FTm2s3sFCpcrpxpZR6jsLH0clAVTZ3C5RF+GNjjv5h019kkO7iX WyfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OKYCet4LC7BkmGcDUTWUnA90ClYagYq003us9eIYL+I=; b=EYqJZHetDaxpoMiZtPjhNXD8QkvM95zdqyD0NDiIB/YaDIwSWn2stCm7eP0fqjNIGT paXMRAtZfqbbv97fLGJPCP/efgFn9iaVOxJBfNBv2igNkUqEuTkgV+GRhNHiiOF/iwT6 SAQVT1UKiqLUXJ9eJBJnjzcu8MpIHeB1FAJIZS+nsARQtSGJas4on/8NXSeIVkI+1FRJ 80M0/SLlYt3inn7q93TZfquGIdYqQL+M9DPObb2UPlcI0AeZ+WEPP5aEkziO0kJiff5W BBHC6HNQs8MQbyjSeL4Ecz+GjfWd5a1ltVvJtbHpUECR+ihKr8lGzqqLQq+s649a7xsZ X54g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=TfGuR3k1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ev2-20020a17090729c200b00879d5f8afbfsi14742111ejc.794.2023.01.30.22.55.33; Mon, 30 Jan 2023 22:55:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=TfGuR3k1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231485AbjAaGlj (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230344AbjAaGk7 (ORCPT ); Tue, 31 Jan 2023 01:40:59 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB3F33EFC0; Mon, 30 Jan 2023 22:40:37 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6NqsB020197; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=OKYCet4LC7BkmGcDUTWUnA90ClYagYq003us9eIYL+I=; b=TfGuR3k1XZtapMLgYAn2gNjsMn+Ppx4rx0KlCs/GjeBoRM8xGyNnTjGf02kOO2UxXOv0 N3fi9ZyplJdR7Y3Dt2fqXP8DPg95H6Kwl3YiEApVWMTShXIaRXsQ2SswU+NbGtdMIUnS wGvBM24Z43EvaX0uApEGc9EaUGtNtnKTiGDZslH8nwTGJbg0u2T9XmRu0xH4+FcsPjEM +50w5M+MtQy1KY1KCr6+iQOWe37zSiQFaw96dgQEeTBriArsTbhaDABCy82AwW3KG2MI z8zl4ATILov04ngpo3tYdqWsE2P+gO/mRMguyOefmRT903GnC02lbEk40FNCVlmL0Zu7 Fg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newpbragk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6Rirf003106; Tue, 31 Jan 2023 06:40:14 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newpbrafc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UFGOVw007789; Tue, 31 Jan 2023 06:40:11 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3ncvuqt7s2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9rK43188502 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5EB5D2004D; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D375A2004B; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id A073F60954; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 12/25] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Date: Tue, 31 Jan 2023 17:39:15 +1100 Message-Id: <20230131063928.388035-13-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: odGE_OFs1Hap-a4HpxqJNjPSXH0BVfHL X-Proofpoint-ORIG-GUID: X8yzOP1AsMk63NgP9O6M2t2__ZhP0Ggl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 malwarescore=0 suspectscore=0 phishscore=0 impostorscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756520153539141916?= X-GMAIL-MSGID: =?utf-8?q?1756520153539141916?= Due to sysfs constraints, when writing to a variable, we can only handle writes of up to PAGE_SIZE. It's possible that the maximum object size is larger than PAGE_SIZE, in which case, print a warning on boot so that the user is aware. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 2cbc60b37e4e..9b6be63b7b36 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -223,6 +223,7 @@ static int secvar_sysfs_load_static(void) static int secvar_sysfs_init(void) { + u64 max_size; int rc; if (!secvar_ops) { @@ -272,6 +273,14 @@ static int secvar_sysfs_init(void) goto err; } + // Due to sysfs limitations, we will only ever get a write buffer of + // up to 1 page in size. Print a warning if this is potentially going + // to cause problems, so that the user is aware. + secvar_ops->max_size(&max_size); + if (max_size > PAGE_SIZE) + pr_warn_ratelimited("PAGE_SIZE (%lu) is smaller than maximum object size (%llu), writes are limited to PAGE_SIZE\n", + PAGE_SIZE, max_size); + return 0; err: kobject_put(secvar_kobj); From patchwork Tue Jan 31 06:39:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50631 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2592987wrn; Mon, 30 Jan 2023 22:41:36 -0800 (PST) X-Google-Smtp-Source: AK7set/7D07nOkd/ld8sNeoNd9QIByytdN4PHO+BWcm1/8XYIEm9A5C2Pd2luGB9oKaJbuaYqzMX X-Received: by 2002:a05:6a20:2d99:b0:be:e7c9:c31d with SMTP id bf25-20020a056a202d9900b000bee7c9c31dmr828910pzb.49.1675147296251; Mon, 30 Jan 2023 22:41:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147296; cv=none; d=google.com; s=arc-20160816; b=NOGwxo8aLBaEOs1nPUE0m1MRQ6zoze3aShJMUv8BP0GFDIzEDTBdfrfJAHtTEgqYP9 R4bXhMi49GGBSGB/5qz8CH0zaRyavSCupaSATa0O7UD2TzspIASg84MGWx5FH5GnSWoh L8uuxgR0WLrPMYof83JZACOvxsHIkrVry60u/U42tvfyxfUvxpXiv9B3Emz9pVjwdXhB YTzsUYC+BVyrf0b2Qx1At5cym7XDojMe/WZfoTsp0RuJPfEDf1Y8Q5/89Sx7XdKA+o4G 60o7fEwlE3zIIKGpzrdGly/dRX4e9aEa9HYG6ROr4k52915+IyWgIh1U59/PEaMczDLt 45IQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=otnGpFY9MquFvFsvYoPp4smm+BqfHTn69RwFg0TJv9M=; b=KQYz7RqGAUt88vmlxqPLKeVp1EEs/wl9PCBxFvbMjxTSlBzPsz0sbCbn86SGGYr5lx gIC33kvk6b1zKqyoYc+pqtwxJttlqI9ePVTA3/Ha2Lbl2serrX35A0kUK/N4xlrWLTs+ MLjOW9A5gTXLXllMCykDFD/1AdchVF9nfiOJy4zBaqgQkgSQ2+dhA+AbIQghSPMTVfSF zf89zGKZPEC37tvRsasNb3bAo1PlIAdsH7og690Lpv0B3tcB0+BFQWpqdg6qgliDF9Zl oiroGilLVSXc0mu2lPLr6KGxuz/uZGXwvOzBAQQEWbsOy/ac3w914YQGfnFvQmFML/in /dXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=rJeUaFCq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m10-20020a656a0a000000b004da5a1315a4si17140654pgu.137.2023.01.30.22.41.23; Mon, 30 Jan 2023 22:41:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=rJeUaFCq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230514AbjAaGkn (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229634AbjAaGkY (ORCPT ); Tue, 31 Jan 2023 01:40:24 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A55E3D903; Mon, 30 Jan 2023 22:40:22 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6IWSw004085; Tue, 31 Jan 2023 06:40:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=otnGpFY9MquFvFsvYoPp4smm+BqfHTn69RwFg0TJv9M=; b=rJeUaFCqRJZ7d/6p+4WTGzyMuw9lWoRFfIlcalmOnFR0NU63G4l/cUFxaA1stPjupk5p mKkFGfDjAdfaPBCIg4fX9uBElgIW66YY8lIBuJ/lxtdndE/IetjGDq7OskxAMOAGKtAG 7RQdFzoj0tf/NdOOLdLLPgQjHbqxsvQtQxRNhWpA+3pbfakwlVGAN/rJjUBQNSh6f4a9 cl+dATIPJ6dM8UP95kWdBeK0fINiBY2UuXlzS+IrbdC17rvg9GOxlJiBtZnk9wyA/BGm 2uJktio0S8oUAFW+P2NIpR0vdwQDqdeo/BBO6uAKJRODYXKVCz5CKT4LDN3zI2ut5nj0 DA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3newkwgeyq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6WNWx023597; Tue, 31 Jan 2023 06:40:13 GMT Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3newkwgexf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UKWZE2012859; Tue, 31 Jan 2023 06:40:11 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3ncvtyb3h5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:11 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e95F44695846 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5BFD32004B; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D226320043; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id B134860805; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 13/25] powerpc/secvar: Don't print error on ENOENT when reading variables Date: Tue, 31 Jan 2023 17:39:16 +1100 Message-Id: <20230131063928.388035-14-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: _Uq7U4V3th2Ym66k5JrpOUsHjKelhk2u X-Proofpoint-ORIG-GUID: 30oN84RXlwGEBlmnl2Y7s0wEKyk879zP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 impostorscore=0 mlxscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 bulkscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519251006297495?= X-GMAIL-MSGID: =?utf-8?q?1756519251006297495?= If attempting to read the size or data attributes of a non-existent variable (which will be possible after a later patch to expose the PLPKS via the secvar interface), don't spam the kernel log with error messages. Only print errors for return codes that aren't ENOENT. Reported-by: Sudhakar Kuppusamy Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch --- arch/powerpc/kernel/secvar-sysfs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 9b6be63b7b36..ca3df3f7156c 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -43,8 +43,8 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error retrieving %s variable size %d\n", kobj->name, - rc); + if (rc != -ENOENT) + pr_err("Error retrieving %s variable size %d\n", kobj->name, rc); return rc; } @@ -61,7 +61,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error getting %s variable size %d\n", kobj->name, rc); + if (rc != -ENOENT) + pr_err("Error getting %s variable size %d\n", kobj->name, rc); return rc; } pr_debug("dsize is %llu\n", dsize); From patchwork Tue Jan 31 06:39:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50635 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593031wrn; Mon, 30 Jan 2023 22:41:44 -0800 (PST) X-Google-Smtp-Source: AK7set+Xqy7ix4Z6a27hYQ/evIo3+jvj5Rcr4wT+ta9RXrHZll5HenaZxSorVnOg9sHr5jaYXO8M X-Received: by 2002:a17:90a:306:b0:22c:56c6:3b64 with SMTP id 6-20020a17090a030600b0022c56c63b64mr14021463pje.43.1675147304539; Mon, 30 Jan 2023 22:41:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147304; cv=none; d=google.com; s=arc-20160816; b=Oks7ygRhSJbDdCUKaAlG2oxEp4IyNO96n0GNJs+JxbzZU9zTm83lPIAcxbGdbE5Kw7 jOy+s5LFBQ57GjhmVC0I6RqKWtZa5WaYl5qiqGXcF0TUGgjKHYm5sdrEkVDr4qkvY4He Q3zvtGmSWTzQ6b0J7QKDPJ60EL+xruhE2YcgyjoJoFLDyl0NftDGbLEE9Jw8ggXqr2bz anSQSADnIVSoBqxcXFbSrFtJlAoQxJX9nDUdQmmmsUrXuDJ1a8t5e22pOFiTLRc1eGru BqfnpGTdXrCYfUSVf/sw105/pxKNay106wNGEgt1J9pEj9aZ//zcv2pRgQ8rcF81Urrj mUwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IrDWb+LIqMomXyWioGCHO1JQjb7qQVYa+i8eUlWM6+U=; b=t1mfHN4ry+Uj8UxGg+0h1ErrNkiqdk+P/AwJUv3P05pK/UV7vkwYG9ykeSbe5A283T iYeOPR+9Zelza+NYIHs9zDH/5jtoCbEoJAEc3GdjXWX/tBZgJH3djDFzuxjgF3rGuWWZ 1KoYQPYiUsW6vBsoHYaskAIAQAZLRFpp6yx5ZFvcUNw751MHSksFtfS/fS7875T/Ngex oN6DrmCmaPFzTX8s+BWO+RhpgOFAxLYCkJFwql7rltor1gMF8cQd0OmSU95YP6zWo2KN F8nrJCnRcE8iLJd59QL+/vBjSZCqkbgSGi/2gX33jmCnNJmvCrHyz4nF9UQ5HTKsPQYB gk3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=oU1dfIiW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n27-20020a63721b000000b0047798cc3bffsi15598731pgc.246.2023.01.30.22.41.31; Mon, 30 Jan 2023 22:41:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=oU1dfIiW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229572AbjAaGky (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230223AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBF593CE31; Mon, 30 Jan 2023 22:40:23 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6TmM9026278; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=IrDWb+LIqMomXyWioGCHO1JQjb7qQVYa+i8eUlWM6+U=; b=oU1dfIiW2+TXrYR53i4wA4qhANkOBQpnAgf1r87ngTvIfWRjh8vWQIkNlOpajV0o5fjt uDR4sTS6wpIvBArNtnnvYTQg+7HJ73SDmjxSL9J7jJ9Mh3z3tgZu6B81Fahp+ILOnWKK o12bPZVo7HZhJZEWwTgD+WzCF85w8UcU0m4Cisy6WNQUh8TJrOhIsOlVjeb8lrppxoMC I3szjA1ZzGEfjuNPX9sP4v55g6GVrjn3QgU3N4BNU+evU78XsFjNybV/VuKFReCvEgSM eWimcxGfObOvQytRUfIKw17TX6QxGKcHMPXGMJubFQ6vNLdiGqlMVaP+yy0cxQwb+kBy TA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3news607k6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6Tp4Q026425; Tue, 31 Jan 2023 06:40:14 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3news607j0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UKDNUk014744; Tue, 31 Jan 2023 06:40:12 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3ncvttu3ng-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:12 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6e9K446006686 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:09 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 61D222004F; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D69802004E; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:08 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id C10DF6096E; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 14/25] powerpc/pseries: Move plpks.h to include directory Date: Tue, 31 Jan 2023 17:39:17 +1100 Message-Id: <20230131063928.388035-15-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: tGib7l7rAjlwFPLUn6r548fuqcjLNEGt X-Proofpoint-ORIG-GUID: VzDQkcglbmXZfueq8a7iJwpXLo6tL5by X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 mlxscore=0 suspectscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 spamscore=0 clxscore=1015 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519260056741799?= X-GMAIL-MSGID: =?utf-8?q?1756519260056741799?= From: Russell Currey Move plpks.h from platforms/pseries/ to include/asm/. This is necessary for later patches to make use of the PLPKS from code in other subsystems. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch --- .../powerpc/{platforms/pseries => include/asm}/plpks.h | 10 +++++++--- arch/powerpc/platforms/pseries/plpks.c | 3 +-- 2 files changed, 8 insertions(+), 5 deletions(-) rename arch/powerpc/{platforms/pseries => include/asm}/plpks.h (89%) diff --git a/arch/powerpc/platforms/pseries/plpks.h b/arch/powerpc/include/asm/plpks.h similarity index 89% rename from arch/powerpc/platforms/pseries/plpks.h rename to arch/powerpc/include/asm/plpks.h index 275ccd86bfb5..8295502ee93b 100644 --- a/arch/powerpc/platforms/pseries/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -6,8 +6,10 @@ * Platform keystore for pseries LPAR(PLPKS). */ -#ifndef _PSERIES_PLPKS_H -#define _PSERIES_PLPKS_H +#ifndef _ASM_POWERPC_PLPKS_H +#define _ASM_POWERPC_PLPKS_H + +#ifdef CONFIG_PSERIES_PLPKS #include #include @@ -68,4 +70,6 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); -#endif +#endif // CONFIG_PSERIES_PLPKS + +#endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index a01cf2ff140a..13e6daadb179 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -18,8 +18,7 @@ #include #include #include - -#include "plpks.h" +#include #define PKS_FW_OWNER 0x1 #define PKS_BOOTLOADER_OWNER 0x2 From patchwork Tue Jan 31 06:39:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50639 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593127wrn; Mon, 30 Jan 2023 22:42:01 -0800 (PST) X-Google-Smtp-Source: AMrXdXtdeemmtmH34QhPF4dZ3COEj32o8R4eJHrTSCsbKzlgC8Ct2MqMBUwTf/ZY7Y6stafpvWtq X-Received: by 2002:a05:6a20:5495:b0:b8:381d:6491 with SMTP id i21-20020a056a20549500b000b8381d6491mr71676569pzk.31.1675147320763; Mon, 30 Jan 2023 22:42:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147320; cv=none; d=google.com; s=arc-20160816; b=uqlWRSMibILpM6r6376ZGeKHiN7XfJQuLSXqMqxqOwmTWbmSNp6BGovDCj4ugLhwCD Hx/2Oa7Rknh4pLbF41yDB+QQe8IMrtdlR4aObrx+UxVzgufxwkejiQpsbsxi2LIhzQxU xs6wwKBsl0KF3KPf2/8D8Rp7HyAaO+RNS2Xg8GLR489c/VzxppISaPFc+mPjyC8VdPlV YZulCnd1NOXBzGW3uZxsrQliXbJsVQMaW+kUdAiMUQ+j38bqrkb5GFT7nF4zX5wKCJzH 8NiZpxpf/eJOxNsFGeMTPKQjGq6rePfMGb1GdHowM6U/yu5DGIx3EfBXeDl3x+u4Gi19 Dr5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=A4MRGxgSNvDwuO+paXanoN5761KD6CUUnT3CG/QStJQ=; b=ZHSzrCIhLUaen1Mdd1Lbaz8lrgZWe2C7cbKbnehIsKNQRjdTEb1SND1vi2eS41tnNb kZHqFsiJ5syjcAaVa4YDz+8O8kmKm2x5Bszlv42+/xvFW1NTB7+yG4WkJcjdodPJh1MT WFFKLsbhihzX2il564QZkloJn2D7gFDuM7skB7Z0e61MJLRMd18j4OtQerZY3MDVFNNX TjkNA0T/TB8JmSTxXwrOc0dQZD0dpJHnUTfN+VTz5qHFIpnf7ztKcONoLenJKzuikBdw XAKUCZUIqw3EuSrqrNmL/fSE8vFNukpNrscjb7mDo8BU5u9Ik1so04/JwkxbohYsdSjt jvMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qrIe0FEx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o25-20020a637e59000000b004de6f2e7fefsi14958649pgn.438.2023.01.30.22.41.47; Mon, 30 Jan 2023 22:42:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qrIe0FEx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231404AbjAaGlS (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230286AbjAaGk1 (ORCPT ); Tue, 31 Jan 2023 01:40:27 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF9AF3D927; Mon, 30 Jan 2023 22:40:25 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5jj8H014465; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=A4MRGxgSNvDwuO+paXanoN5761KD6CUUnT3CG/QStJQ=; b=qrIe0FExQ563ZXB8UtdVAs8KWXfT+9f/jcCN/ihIcjJLijcqc7t4FiiUS01BtkpqcYT3 VKVaKJzU0g5p9qr1iS6fImSs4tJha5bBr8NTTh1ZIiCWw8MhDOSKIjfp3wLGsnss49tU V1wC1QhJ1n3XsGJCBTeuY0QTWHxwhgME6fq5BgXwlkfgS3A2ugFVKY5c4NDNuZZMe+Bw EVQ0hjA0bvqKXbA5Gr1lFWRu8YnXhhemu4dGQHRrcTExmeeB3gz4QWoT6NTLfAgWBEJX 2IoeMRyl2/4s0Rftwmt7bJSypr965KWefyOHn1rysseB4qDspTVlK6b4FXVnWiv9EHJ0 /A== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new4cs0n8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V60jWb000824; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new4cs0m5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UCtaYF012460; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3ncvs7k434-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eA3x43188512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CD4662004F; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CFCC02004B; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id D0BD860972; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 15/25] powerpc/pseries: Move PLPKS constants to header file Date: Tue, 31 Jan 2023 17:39:18 +1100 Message-Id: <20230131063928.388035-16-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: kvCtj_Ou-ByOhphZ8amb5x85Wy_VJJY8 X-Proofpoint-ORIG-GUID: h9_ChuqlIcKiQCMXxoLqlW8aA5qNCSjU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 bulkscore=0 adultscore=0 clxscore=1015 suspectscore=0 phishscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519277000717243?= X-GMAIL-MSGID: =?utf-8?q?1756519277000717243?= From: Russell Currey Move the constants defined in plpks.c to plpks.h, and standardise their naming, so that PLPKS consumers can make use of them later on. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch --- arch/powerpc/include/asm/plpks.h | 36 +++++++++++++--- arch/powerpc/platforms/pseries/plpks.c | 57 ++++++++++---------------- 2 files changed, 53 insertions(+), 40 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 8295502ee93b..6466aadd7145 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -14,14 +14,40 @@ #include #include -#define OSSECBOOTAUDIT 0x40000000 -#define OSSECBOOTENFORCE 0x20000000 -#define WORLDREADABLE 0x08000000 -#define SIGNEDUPDATE 0x01000000 +// Object policy flags from supported_policies +#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce +#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce +#define PLPKS_PWSET PPC_BIT32(3) // No access without password set +#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication +#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed +#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot +#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates +#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object -#define PLPKS_VAR_LINUX 0x02 +// Signature algorithm flags from signed_update_algorithms +#define PLPKS_ALG_RSA2048 PPC_BIT(0) +#define PLPKS_ALG_RSA4096 PPC_BIT(1) + +// Object label OS metadata flags +#define PLPKS_VAR_LINUX 0x02 #define PLPKS_VAR_COMMON 0x04 +// Flags for which consumer owns an object is owned by +#define PLPKS_FW_OWNER 0x1 +#define PLPKS_BOOTLOADER_OWNER 0x2 +#define PLPKS_OS_OWNER 0x3 + +// Flags for label metadata fields +#define PLPKS_LABEL_VERSION 0 +#define PLPKS_MAX_LABEL_ATTR_SIZE 16 +#define PLPKS_MAX_NAME_SIZE 239 +#define PLPKS_MAX_DATA_SIZE 4000 + +// Timeouts for PLPKS operations +#define PLPKS_MAX_TIMEOUT 5000 // msec +#define PLPKS_FLUSH_SLEEP 10 // msec +#define PLPKS_FLUSH_SLEEP_RANGE 400 + struct plpks_var { char *component; u8 *name; diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 13e6daadb179..91f3f623a2c7 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -20,19 +20,6 @@ #include #include -#define PKS_FW_OWNER 0x1 -#define PKS_BOOTLOADER_OWNER 0x2 -#define PKS_OS_OWNER 0x3 - -#define LABEL_VERSION 0 -#define MAX_LABEL_ATTR_SIZE 16 -#define MAX_NAME_SIZE 239 -#define MAX_DATA_SIZE 4000 - -#define PKS_FLUSH_MAX_TIMEOUT 5000 //msec -#define PKS_FLUSH_SLEEP 10 //msec -#define PKS_FLUSH_SLEEP_RANGE 400 - static u8 *ospassword; static u16 ospasswordlength; @@ -59,7 +46,7 @@ struct label_attr { struct label { struct label_attr attr; - u8 name[MAX_NAME_SIZE]; + u8 name[PLPKS_MAX_NAME_SIZE]; size_t size; }; @@ -122,7 +109,7 @@ static int pseries_status_to_err(int rc) static int plpks_gen_password(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - u8 *password, consumer = PKS_OS_OWNER; + u8 *password, consumer = PLPKS_OS_OWNER; int rc; // The password must not cross a page boundary, so we align to the next power of 2 @@ -159,7 +146,7 @@ static struct plpks_auth *construct_auth(u8 consumer) { struct plpks_auth *auth; - if (consumer > PKS_OS_OWNER) + if (consumer > PLPKS_OS_OWNER) return ERR_PTR(-EINVAL); // The auth structure must not cross a page boundary and must be @@ -171,7 +158,7 @@ static struct plpks_auth *construct_auth(u8 consumer) auth->version = 1; auth->consumer = consumer; - if (consumer == PKS_FW_OWNER || consumer == PKS_BOOTLOADER_OWNER) + if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER) return auth; memcpy(auth->password, ospassword, ospasswordlength); @@ -191,7 +178,7 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, struct label *label; size_t slen; - if (!name || namelen > MAX_NAME_SIZE) + if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); slen = strlen(component); @@ -206,9 +193,9 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component) memcpy(&label->attr.prefix, component, slen); - label->attr.version = LABEL_VERSION; + label->attr.version = PLPKS_LABEL_VERSION; label->attr.os = varos; - label->attr.length = MAX_LABEL_ATTR_SIZE; + label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE; memcpy(&label->name, name, namelen); label->size = sizeof(struct label_attr) + namelen; @@ -274,10 +261,10 @@ static int plpks_confirm_object_flushed(struct label *label, break; } - usleep_range(PKS_FLUSH_SLEEP, - PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); - timeout = timeout + PKS_FLUSH_SLEEP; - } while (timeout < PKS_FLUSH_MAX_TIMEOUT); + usleep_range(PLPKS_FLUSH_SLEEP, + PLPKS_FLUSH_SLEEP + PLPKS_FLUSH_SLEEP_RANGE); + timeout = timeout + PLPKS_FLUSH_SLEEP; + } while (timeout < PLPKS_MAX_TIMEOUT); if (timed_out) return -ETIMEDOUT; @@ -293,13 +280,13 @@ int plpks_write_var(struct plpks_var var) int rc; if (!var.component || !var.data || var.datalen <= 0 || - var.namelen > MAX_NAME_SIZE || var.datalen > MAX_DATA_SIZE) + var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen > PLPKS_MAX_DATA_SIZE) return -EINVAL; - if (var.policy & SIGNEDUPDATE) + if (var.policy & PLPKS_SIGNEDUPDATE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -331,10 +318,10 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > MAX_NAME_SIZE) + if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -366,14 +353,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) u8 *output; int rc; - if (var->namelen > MAX_NAME_SIZE) + if (var->namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(consumer); if (IS_ERR(auth)) return PTR_ERR(auth); - if (consumer == PKS_OS_OWNER) { + if (consumer == PLPKS_OS_OWNER) { label = construct_label(var->component, var->os, var->name, var->namelen); if (IS_ERR(label)) { @@ -388,7 +375,7 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_label; } - if (consumer == PKS_OS_OWNER) + if (consumer == PLPKS_OS_OWNER) rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth), virt_to_phys(label), label->size, virt_to_phys(output), maxobjsize); @@ -428,17 +415,17 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) int plpks_read_os_var(struct plpks_var *var) { - return plpks_read_var(PKS_OS_OWNER, var); + return plpks_read_var(PLPKS_OS_OWNER, var); } int plpks_read_fw_var(struct plpks_var *var) { - return plpks_read_var(PKS_FW_OWNER, var); + return plpks_read_var(PLPKS_FW_OWNER, var); } int plpks_read_bootloader_var(struct plpks_var *var) { - return plpks_read_var(PKS_BOOTLOADER_OWNER, var); + return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var); } static __init int pseries_plpks_init(void) From patchwork Tue Jan 31 06:39:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50636 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593041wrn; Mon, 30 Jan 2023 22:41:47 -0800 (PST) X-Google-Smtp-Source: AK7set8Jgrdi4G/oIgwFksjayyFJ4/uSwCRKUsBfBIn/wo+D6FChn8oE9OOcOvtSPebFiCAJcXJ7 X-Received: by 2002:a05:6a20:7d8b:b0:ad:2abb:5a5e with SMTP id v11-20020a056a207d8b00b000ad2abb5a5emr15236794pzj.61.1675147307124; Mon, 30 Jan 2023 22:41:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147307; cv=none; d=google.com; s=arc-20160816; b=GGAEXeDrTKw5abPqh1NACfrV/95BbTJ/I41FI84mG42hC85qa+uR0KCkYJvc4hPOx4 WXpQmkHCux+o6CGdL07+thN1IzA6+6y4EChYlogM9aP9mTi0t5RcaX3m1mqEThz61V+C j7WEucQfYH3jprpy7+Uy4MTRevUhdQHc7X5rRf2r2XYcETlKRuOz1A0JC6aMnPOfL90E WBxxz4bp+Xd/33FCqBYfcl+NPUp20/fjEe5TI2iURLrtrcwu1wU5oo1+2soSQ6G4NNH/ IJ4MS8lLycZ1odH0uL6S4J7eYdzosuyEk/TTK9F90yMtCW5WBDzHm0eHGJfiBwIwDX5x XXeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=J2pUG+IhSHhZzS1ZSyaqd4gSwGprqqmdsJ/svMEv0c4=; b=JixxFlIaGioGh4JzNCFjONjHpXeZde8dqOg+sxDZ9FK2Q4iz/jNrjwsgHGyit9Z3Dy 9w/AxpfNeuakcueP6YjZBZuI2AG9FaGW700UsGGBHBAzkJjioiCl30JmX7EfhLTZCcxg oWTzuyjpq/AcPT/eHC71BGu8WfW3SB0w0GAPrd0yQZVQO367u0P0Sggj9gk2yeYyFd4S 6+pC2YiDHII+ifmvzdup6aMv47NnHLpWqWTl6ZhTG+xErjb6v9MuBlKGNNIzvv9EfMVX gXyozDtWrDCWeBRSer77+VtFKBtyrou7M6gtqV0/U+WcT5t47v3fJfsKwsHugjvfosjp UQqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=S7DZywQt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i198-20020a636dcf000000b004da13f2c14esi15186803pgc.710.2023.01.30.22.41.34; Mon, 30 Jan 2023 22:41:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=S7DZywQt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230510AbjAaGk7 (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230259AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 123863D937; Mon, 30 Jan 2023 22:40:24 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V4F8aW008019; Tue, 31 Jan 2023 06:40:15 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=J2pUG+IhSHhZzS1ZSyaqd4gSwGprqqmdsJ/svMEv0c4=; b=S7DZywQtniSAFnExKSLczfLfnH8lEXpMUc0vnOLuKOCZYzwuwyOfKsQR5T5pKsruaADg eFnu6qW6ps8HepfottvIBDnssQdoZOhBnakzE3PXAo7y2F3ZHpIorc81VeOs8ZobbgzU FdPcO61YQhGAGd5HQZGURypaYrIoadTkul4P3tJ/3qfmPYK9HRlqWEC4TotWB1rc4oI7 +YCAL6Bp9F02N3xdiBMx8hHuzBQh68GXiR1USulJbfAa8HG5DpI6NBOqLMGtt5Xnx4nL XZxhcb0NWM6DUjIBRYU06xwFbJx8YwvlIxh0sN4M8iwMXp2BogWolhviPQmB+y1TwPEG 7Q== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3neusy2x0v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6TfVt033379; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3neusy2wyt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UL4BKl013445; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3ncvtyb3h8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eAJ224379886 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CF3EB20043; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D146D2004B; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id DF2766097C; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 16/25] powerpc/pseries: Expose PLPKS config values, support additional fields Date: Tue, 31 Jan 2023 17:39:19 +1100 Message-Id: <20230131063928.388035-17-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: yi4Ad2PZ3CBFO_dpta2K_tnLBiO7qSHl X-Proofpoint-ORIG-GUID: vrIECsqlWchGFP2alDhGgXn4639nzjwc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 mlxscore=0 bulkscore=0 adultscore=0 phishscore=0 clxscore=1015 spamscore=0 lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519262993730540?= X-GMAIL-MSGID: =?utf-8?q?1756519262993730540?= From: Nayna Jain The plpks driver uses the H_PKS_GET_CONFIG hcall to retrieve configuration and status information about the PKS from the hypervisor. Update _plpks_get_config() to handle some additional fields. Add getter functions to allow the PKS configuration information to be accessed from other files. Validate that the values we're getting comply with the spec. While we're here, move the config struct in _plpks_get_config() off the stack - it's getting large and we also need to make sure it doesn't cross a page boundary. Signed-off-by: Nayna Jain [ajd: split patch, extend to support additional v3 API fields, minor fixes] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: Merge plpks fixes and signed update series with secvar series Refresh config values in plpks_get_usedspace() (ajd) Validate the config values being returned comply with spec (ruscur) Return maxobjlabelsize as is (ruscur) Move plpks.h to include/asm (ruscur) Fix checkpatch checks (ruscur) --- arch/powerpc/include/asm/plpks.h | 58 ++++++++++ arch/powerpc/platforms/pseries/plpks.c | 149 +++++++++++++++++++++++-- 2 files changed, 195 insertions(+), 12 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 6466aadd7145..7c5f51a9af7c 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -96,6 +96,64 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); +/** + * Returns if PKS is available on this LPAR. + */ +bool plpks_is_available(void); + +/** + * Returns version of the Platform KeyStore. + */ +u8 plpks_get_version(void); + +/** + * Returns hypervisor storage overhead per object, not including the size of + * the object or label. Only valid for config version >= 2 + */ +u16 plpks_get_objoverhead(void); + +/** + * Returns maximum password size. Must be >= 32 bytes + */ +u16 plpks_get_maxpwsize(void); + +/** + * Returns maximum object size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectsize(void); + +/** + * Returns maximum object label size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectlabelsize(void); + +/** + * Returns total size of the configured Platform KeyStore. + */ +u32 plpks_get_totalsize(void); + +/** + * Returns used space from the total size of the Platform KeyStore. + */ +u32 plpks_get_usedspace(void); + +/** + * Returns bitmask of policies supported by the hypervisor. + */ +u32 plpks_get_supportedpolicies(void); + +/** + * Returns maximum byte size of a single object supported by the hypervisor. + * Only valid for config version >= 3 + */ +u32 plpks_get_maxlargeobjectsize(void); + +/** + * Returns bitmask of signature algorithms supported for signed updates. + * Only valid for config version >= 3 + */ +u64 plpks_get_signedupdatealgorithms(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 91f3f623a2c7..1189246b03dc 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -24,8 +24,16 @@ static u8 *ospassword; static u16 ospasswordlength; // Retrieved with H_PKS_GET_CONFIG +static u8 version; +static u16 objoverhead; static u16 maxpwsize; static u16 maxobjsize; +static s16 maxobjlabelsize; +static u32 totalsize; +static u32 usedspace; +static u32 supportedpolicies; +static u32 maxlargeobjectsize; +static u64 signedupdatealgorithms; struct plpks_auth { u8 version; @@ -206,32 +214,149 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, static int _plpks_get_config(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - struct { + struct config { u8 version; u8 flags; - __be32 rsvd0; + __be16 rsvd0; + __be16 objoverhead; __be16 maxpwsize; __be16 maxobjlabelsize; __be16 maxobjsize; __be32 totalsize; __be32 usedspace; __be32 supportedpolicies; - __be64 rsvd1; - } __packed config; + __be32 maxlargeobjectsize; + __be64 signedupdatealgorithms; + u8 rsvd1[476]; + } __packed * config; size_t size; - int rc; + int rc = 0; + + size = sizeof(*config); + + // Config struct must not cross a page boundary. So long as the struct + // size is a power of 2, this should be fine as alignment is guaranteed + config = kzalloc(size, GFP_KERNEL); + if (!config) { + rc = -ENOMEM; + goto err; + } + + rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size); + + if (rc != H_SUCCESS) { + rc = pseries_status_to_err(rc); + goto err; + } + + version = config->version; + objoverhead = be16_to_cpu(config->objoverhead); + maxpwsize = be16_to_cpu(config->maxpwsize); + maxobjsize = be16_to_cpu(config->maxobjsize); + maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize); + totalsize = be32_to_cpu(config->totalsize); + usedspace = be32_to_cpu(config->usedspace); + supportedpolicies = be32_to_cpu(config->supportedpolicies); + maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize); + signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms); + + // Validate that the numbers we get back match the requirements of the spec + if (maxpwsize < 32) { + pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize); + rc = -EIO; + goto err; + } + + if (maxobjlabelsize < 255) { + pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n", + maxobjlabelsize); + rc = -EIO; + goto err; + } - size = sizeof(config); + if (totalsize < 4096) { + pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize); + rc = -EIO; + goto err; + } + + if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) { + pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize); + rc = -EIO; + goto err; + } + +err: + kfree(config); + return rc; +} + +u8 plpks_get_version(void) +{ + return version; +} - rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(&config), size); +u16 plpks_get_objoverhead(void) +{ + return objoverhead; +} - if (rc != H_SUCCESS) - return pseries_status_to_err(rc); +u16 plpks_get_maxpwsize(void) +{ + return maxpwsize; +} - maxpwsize = be16_to_cpu(config.maxpwsize); - maxobjsize = be16_to_cpu(config.maxobjsize); +u16 plpks_get_maxobjectsize(void) +{ + return maxobjsize; +} + +u16 plpks_get_maxobjectlabelsize(void) +{ + return maxobjlabelsize; +} + +u32 plpks_get_totalsize(void) +{ + return totalsize; +} + +u32 plpks_get_usedspace(void) +{ + // Unlike other config values, usedspace regularly changes as objects + // are updated, so we need to refresh. + int rc = _plpks_get_config(); + if (rc) { + pr_err("Couldn't get config, rc: %d\n", rc); + return 0; + } + return usedspace; +} + +u32 plpks_get_supportedpolicies(void) +{ + return supportedpolicies; +} + +u32 plpks_get_maxlargeobjectsize(void) +{ + return maxlargeobjectsize; +} + +u64 plpks_get_signedupdatealgorithms(void) +{ + return signedupdatealgorithms; +} + +bool plpks_is_available(void) +{ + int rc; + + rc = _plpks_get_config(); + if (rc) + return false; - return 0; + return true; } static int plpks_confirm_object_flushed(struct label *label, From patchwork Tue Jan 31 06:39:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50646 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593350wrn; Mon, 30 Jan 2023 22:42:48 -0800 (PST) X-Google-Smtp-Source: AK7set/pFvRcdankUP469hzsIdrnEgPH0NA1/LHzN57hdZNc3/uYNSZUpGUfQx4JJeZ7zHpR68WK X-Received: by 2002:a17:903:11d2:b0:196:8b52:9c94 with SMTP id q18-20020a17090311d200b001968b529c94mr5528417plh.60.1675147368267; Mon, 30 Jan 2023 22:42:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147368; cv=none; d=google.com; s=arc-20160816; b=eGx1iHYhzTllPuzK1ppLBZFCuJRHTsV0ts/ya7Hhxm/61AyVa7rkTwYhHT5ozlQdls 1C5DuDNNP59l8YE25S6lCjlhmYBE5p2omqWOKdiLVyvusMHay5jBAiwsDA2hIcbAzlcx uvc4LDtYx/SKfHMknMZI74rL8JerrgoS/ZaZxrTcZoc8zroLJtjcukfiFgBOWnrFDqAI I+QwsPe6C4ZWoseTwGR4Y1TDIEzVImcchoPbNaSRbxTwXs6hTgf7Vrt5VV6eNviilx3T LY+//efa/ZOOGGGrscDil6zBWGdQZkYiO2vcwXqAFW75QRIc2ReVX+Qvk2jKYU94IG+N 50Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=u8OlthnPsqzt0JEQei/63XF3osGywMw3vLUsU4ZZ3D8=; b=n8gyZE63iikk/v2uTNKrWaxev3dPo79p2xdWCpcdSvzFaEeRTCGaX2A3slwMHan8IZ Q4iJ2PPG74tdmGFjSfA/KtK14EIXny0/XYKaXDFCTXACJqqyljRDD1T0i4yGJsi79VYT mS3WV1CjNEEBvwz8O4As2+ogszaHOPZyi+40AyefIa2pXRfIlVxPOk5utRupcVqav9pk OxsujHzl3R8H5ZwZGOl/OPsuBehH2DqIEWb76Rj8UIYsVtJXHIX/JapKAPF7BoMeUtb1 fVyPt4CZ0jjrc9UsKEwcsMWQVraNNSYR3EtXTn3QyJZxcOmjCitjV9UUSjKfPztirSm6 EIsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=HuhuJw0F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x4-20020a170902ea8400b00194dd7c5498si14846367plb.489.2023.01.30.22.42.36; Mon, 30 Jan 2023 22:42:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=HuhuJw0F; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230261AbjAaGlV (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230328AbjAaGk2 (ORCPT ); Tue, 31 Jan 2023 01:40:28 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D11253EFC9; Mon, 30 Jan 2023 22:40:27 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6NkoG019640; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=u8OlthnPsqzt0JEQei/63XF3osGywMw3vLUsU4ZZ3D8=; b=HuhuJw0FRkv355DAuZZdbZ0ZpV7AGvgIZNCCWzamzDeaXjx8wG+RnG4CHNCZRcedxoRr 8r8aNwYWk0/e584FNJ56NvfnpDy47rwKGJkN7rSA/yQ05DOZkloALOItVcVwdD9FYeuC Z4q9xN18/eh+b8gBbX9j+XcWmvnZ8/v/sbYznHl4L1ExS9dq/yHykRwl6FgDv5rCUmol 7RXz06h+rZIkHvsedHFaX47Ks2j6nvpscNaZdCKGFVlaEPuq0LZfmc4E3rC3vUzAg7XU Em81EzcVJKEqPwqnSx+H8eN8wTQVLgLaIRCdx/j+e8INWBnLK9VvthZo2KlTVsNu7xbf mg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newpbrah4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6P34K022508; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newpbrag4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UKk0OR027019; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3ncvs7k435-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eACY25428268 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CDD542004F; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D09142004D; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:09 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id EE4776096D; Tue, 31 Jan 2023 17:40:04 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 17/25] powerpc/pseries: Implement signed update for PLPKS objects Date: Tue, 31 Jan 2023 17:39:20 +1100 Message-Id: <20230131063928.388035-18-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: n6RkkurCjFfQqYr-9kLwuxjX247SDrOy X-Proofpoint-ORIG-GUID: P8-lgLwUBr3UIrBW_i_kAsr4clsdillN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 malwarescore=0 suspectscore=0 phishscore=0 impostorscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519326623065769?= X-GMAIL-MSGID: =?utf-8?q?1756519326623065769?= From: Nayna Jain The Platform Keystore provides a signed update interface which can be used to create, replace or append to certain variables in the PKS in a secure fashion, with the hypervisor requiring that the update be signed using the Platform Key. Implement an interface to the H_PKS_SIGNED_UPDATE hcall in the plpks driver to allow signed updates to PKS objects. (The plpks driver doesn't need to do any cryptography or otherwise handle the actual signed variable contents - that will be handled by userspace tooling.) Signed-off-by: Nayna Jain [ajd: split patch, add timeout handling and misc cleanups] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: Merge plpks fixes and signed update series with secvar series Fix error code handling in plpks_confirm_object_flushed() (ruscur) Pass plpks_var struct to plpks_signed_update_var() by reference (mpe) Consistent constant naming scheme (ruscur) v4: Fix MAX_HCALL_OPCODE rebasing issue (npiggin) v5: Drop the EXPORT_SYMBOL since we don't need it (npiggin) Return an error if plpks_signed_update_var() is called with non-NULL component (npiggin) --- arch/powerpc/include/asm/hvcall.h | 1 + arch/powerpc/include/asm/plpks.h | 5 ++ arch/powerpc/platforms/pseries/plpks.c | 74 ++++++++++++++++++++++++-- 3 files changed, 75 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index 95fd7f9485d5..c099780385dd 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -335,6 +335,7 @@ #define H_RPT_INVALIDATE 0x448 #define H_SCM_FLUSH 0x44C #define H_GET_ENERGY_SCALE_INFO 0x450 +#define H_PKS_SIGNED_UPDATE 0x454 #define H_WATCHDOG 0x45C #define MAX_HCALL_OPCODE H_WATCHDOG diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 7c5f51a9af7c..e7204e6c0ca4 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -68,6 +68,11 @@ struct plpks_var_name_list { struct plpks_var_name varlist[]; }; +/** + * Updates the authenticated variable. It expects NULL as the component. + */ +int plpks_signed_update_var(struct plpks_var *var, u64 flags); + /** * Writes the specified var and its data to PKS. * Any caller of PKS driver should present a valid component type for diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 1189246b03dc..cee06fb9a370 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -81,6 +81,12 @@ static int pseries_status_to_err(int rc) err = -ENOENT; break; case H_BUSY: + case H_LONG_BUSY_ORDER_1_MSEC: + case H_LONG_BUSY_ORDER_10_MSEC: + case H_LONG_BUSY_ORDER_100_MSEC: + case H_LONG_BUSY_ORDER_1_SEC: + case H_LONG_BUSY_ORDER_10_SEC: + case H_LONG_BUSY_ORDER_100_SEC: err = -EBUSY; break; case H_AUTHORITY: @@ -184,14 +190,17 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, u16 namelen) { struct label *label; - size_t slen; + size_t slen = 0; if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); - slen = strlen(component); - if (component && slen > sizeof(label->attr.prefix)) - return ERR_PTR(-EINVAL); + // Support NULL component for signed updates + if (component) { + slen = strlen(component); + if (slen > sizeof(label->attr.prefix)) + return ERR_PTR(-EINVAL); + } // The label structure must not cross a page boundary, so we align to the next power of 2 label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); @@ -397,6 +406,61 @@ static int plpks_confirm_object_flushed(struct label *label, return pseries_status_to_err(rc); } +int plpks_signed_update_var(struct plpks_var *var, u64 flags) +{ + unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0}; + int rc; + struct label *label; + struct plpks_auth *auth; + u64 continuetoken = 0; + u64 timeout = 0; + + if (!var->data || var->datalen <= 0 || var->namelen > PLPKS_MAX_NAME_SIZE) + return -EINVAL; + + if (!(var->policy & PLPKS_SIGNEDUPDATE)) + return -EINVAL; + + // Signed updates need the component to be NULL. + if (var->component) + return -EINVAL; + + auth = construct_auth(PLPKS_OS_OWNER); + if (IS_ERR(auth)) + return PTR_ERR(auth); + + label = construct_label(var->component, var->os, var->name, var->namelen); + if (IS_ERR(label)) { + rc = PTR_ERR(label); + goto out; + } + + do { + rc = plpar_hcall9(H_PKS_SIGNED_UPDATE, retbuf, + virt_to_phys(auth), virt_to_phys(label), + label->size, var->policy, flags, + virt_to_phys(var->data), var->datalen, + continuetoken); + + continuetoken = retbuf[0]; + if (pseries_status_to_err(rc) == -EBUSY) { + int delay_ms = get_longbusy_msecs(rc); + mdelay(delay_ms); + timeout += delay_ms; + } + rc = pseries_status_to_err(rc); + } while (rc == -EBUSY && timeout < PLPKS_MAX_TIMEOUT); + + if (!rc) + rc = plpks_confirm_object_flushed(label, auth); + + kfree(label); +out: + kfree(auth); + + return rc; +} + int plpks_write_var(struct plpks_var var) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; @@ -443,7 +507,7 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) + if (vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(PLPKS_OS_OWNER); From patchwork Tue Jan 31 06:39:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50644 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593306wrn; Mon, 30 Jan 2023 22:42:37 -0800 (PST) X-Google-Smtp-Source: AMrXdXto8pVwEn1f8cAkUQze3QONHu66auW1l7L19hRW1El48L1ycvTb4iIw1ApyFT1X/uHUmQG/ X-Received: by 2002:a17:902:ccc1:b0:189:81dd:6b8b with SMTP id z1-20020a170902ccc100b0018981dd6b8bmr56771855ple.63.1675147357174; Mon, 30 Jan 2023 22:42:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147357; cv=none; d=google.com; s=arc-20160816; b=RjFZ4SHzRiZH5M+C/3gwFJxuzcJddwM3XOIRx0ByZI6suJSMzI5/2rFvEc4G0hdXvr hoTRYpVN4YA8cmctrzbGZHBvfl3p6OYrdd6Y4gC2EmX6rB1BZh2Pta2fbp1U7W4QAMxH dVkdiMYI9meSRLlULpG+O8UJ3jJ//SnGdqouLabub+yrWIMI28htT3DDUh40BcU03U9t raBx1DqpJ4T6+APXpcl5hy986sYlBKqdFwLfxLgJB7wO0WyGx1/haxSE6tQXKXWfA7IJ vMB2logcSyY3Y2jr4/WmG3YUicZtPhwr6RSmh+JvLb79nm8OGQPRzc6c0l8F7eY3ZEf0 56PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uVjeMGLn0b5IrhfpN+US1cb9pIkivNtC1aWwljagIto=; b=XVKZXIzl68XcTiXcxWYDhVjWPZcgkmsxD1gY+Cqj1mGEITal+Jh8xUHoDh6zydti4P CmpefvOnGwiebN3Op4Oln1FgltVg2qXMzz1B/nc0ut+LxleFKqZNfhit8asifsefJCiv tTvutrlogI9RBVjCIxjMQ4ZDfSF6YqrkYvIKXjFTFI+XFfTFs1FtZOolRiDGV0Y2WEQl VOjvq6Vg7nr3UvQjzEC4metozQdAqpHJTOSU5VBlJchokG/b8qPhXG16OLX6ImGFu3cb ZRbP2THvVh2fFvnlOlqdYGXtfOVeMyi9NT4RLCOuTDifhrYj+M4yZ0cTZftu+UhggeJ1 RKQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QZ2YFJui; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t21-20020a170902e1d500b00194c90ca32esi13858604pla.340.2023.01.30.22.42.23; Mon, 30 Jan 2023 22:42:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=QZ2YFJui; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230112AbjAaGk4 (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230249AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A003B3E099; Mon, 30 Jan 2023 22:40:24 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6E42w002617; Tue, 31 Jan 2023 06:40:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=uVjeMGLn0b5IrhfpN+US1cb9pIkivNtC1aWwljagIto=; b=QZ2YFJuiA5oJknmxfq7P0V4LVRnU+F7Fw8uisoWZ5fuuobltzx3vOjQoOngQ/xydBFkW 7AzoJpk5OHmjieCFVyjxb+6/53sYv+SZTC5atNGR4AHAufUbN+AmqzPDQIEw/yrkPyYM hWps87nb4MRVgKAgSej/rgtvdASvfYFM97qAfh2OnbOKT2nKlZHIySo3iHhbn1Cx5X4I lFMTU7y9J6PFmTA1ZK4Lr3RYQUjkVg+9aHN+eVzoSH9t+uXSgascbAuGP+kzHXoaZSRq WHQKQyImMgermmWGyuZE8HjqlOm4rxq1bPRBPfpHDVGivQJBFwW53yZ4eYscWLy4QXHY ag== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fsc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6eGp1020162; Tue, 31 Jan 2023 06:40:16 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fra-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30U8KN9C028153; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3ncvuqt7s3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eBut20120094 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4F40F2004B; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C384520049; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 09D69609A2; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 18/25] powerpc/pseries: Log hcall return codes for PLPKS debug Date: Tue, 31 Jan 2023 17:39:21 +1100 Message-Id: <20230131063928.388035-19-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: HINWp2MroNOKwaN20BJBebTYJCCV1l9q X-Proofpoint-GUID: JqF-vbGnod3KAEQKS-4m_q48Qwxb_FwW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 suspectscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 spamscore=0 priorityscore=1501 mlxscore=0 bulkscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519314851808814?= X-GMAIL-MSGID: =?utf-8?q?1756519314851808814?= From: Russell Currey The plpks code converts hypervisor return codes into their Linux equivalents so that users can understand them. Having access to the original return codes is really useful for debugging, so add a pr_debug() so we don't lose information from the conversion. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- arch/powerpc/platforms/pseries/plpks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index cee06fb9a370..e5755443d4a4 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -117,6 +117,8 @@ static int pseries_status_to_err(int rc) err = -EINVAL; } + pr_debug("Converted hypervisor code %d to Linux %d\n", rc, err); + return err; } From patchwork Tue Jan 31 06:39:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50648 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2595316wrn; Mon, 30 Jan 2023 22:49:56 -0800 (PST) X-Google-Smtp-Source: AK7set8D3XcfbFB+iWruUuCVAZYC5yWfzF32q+JCp12Yzfq/kpoY5x/QevGGqANhTvrUZHkQWfqr X-Received: by 2002:a05:6402:2927:b0:4a2:6d1c:fb38 with SMTP id ee39-20020a056402292700b004a26d1cfb38mr585855edb.10.1675147796042; Mon, 30 Jan 2023 22:49:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147796; cv=none; d=google.com; s=arc-20160816; b=qtGndwyofU9xfIlu2NdQjPWcJwNiOr/XkQdUeJo0SDSJ9hK5Pnx1JZSbll8ioX86Zh P0vjIcFCdykbRfwKPmw3IjFsAKTFpw8y8Y9KmYYxH2vnLAFdhI1yHURT7wrYnxs1IkDj ZInLpVBX+3Y+1f3Ml1KvdZbw6YG1eR3sjJuYawhvQ1dK7XoG3blikRnkfaWfNMhY/QUy qtq5pVExJnlZ31MRH2CEmVcQjKHDAimojoUREJ92v2GgDwiC+jahxrweOXXnqOrucSdp MIkcwaZ/zkFA5zprfoZDHSG48SfeScw40p28AMO2NlIaH+JFyVYXEXn5KtVqRrSUtq0l ytLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+3kvWVz6aOeabVr4AOc40oYztb0yqrcFdrGQzMhlefo=; b=kTX+olYdsX7H4VhgVD9Av4I3PXsSurppywuAKWhsc7LcvGo9NpRE/81mVwpO1w6nuc sG9+m3JDRZOyyXzJxwM4XuxhlPlVX4eH9HMzN+zhZkSKeDXsoTJhMNeVUoG/5XiLnBhI 1dP4wB+Blq+vPDw/Pbtur9/GiVkYr4yGJzZN3CkaVVRFvEfFYesXi729gsnJCWTXJ0Df ZhqeFOdvwGBYiywa7iQ1kycdFQJdplnP1wWBWsQWikpq4k+4iJuFpE7QK9fBDnpALzMa hHerYs7amgRpGerLsYmu+qmNHWFTKZQPKeL+8YfGJ1nGr84eR3sirW4Y/fCK1kmUIBhB a0XQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Rh4ovVcx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r5-20020a50aac5000000b004a0ae55db1asi16784588edc.114.2023.01.30.22.49.31; Mon, 30 Jan 2023 22:49:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Rh4ovVcx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231468AbjAaGld (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230494AbjAaGki (ORCPT ); Tue, 31 Jan 2023 01:40:38 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 646733F2A3; Mon, 30 Jan 2023 22:40:32 -0800 (PST) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5uewn010357; Tue, 31 Jan 2023 06:40:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=+3kvWVz6aOeabVr4AOc40oYztb0yqrcFdrGQzMhlefo=; b=Rh4ovVcxlVWV6HkrcSR8MRjNrjeDC06HlS7EKIl846NulxC63RBDZjA7TQppoKWwd75A 46Ut36qMHdJbDiQHoVWvL5Qx4IVwlQgSJysvBIW2zbFt6KFLRo/TztHbUBVO7eZZl1vO xyzKDSZrdMf6LLhJgh7n+MjrX3Duafn+uN9ebCQ9TJieacp/kN/PqgJMSzPQ5Pdpm3Af CHGcW6KcXgnyforFtDI4xBvMfByPzXS2QTwi4vEQQcWvRjxClkxTOvC9DfHx5OcK1S9W 3XcDpCadyahLAOIOyr61ZWm4BsndWB2JnNYvHFIf3DGZ+JbCM5S6JeKEQOkbNh+ydn3X Tw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgthu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:17 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6M3ww015061; Tue, 31 Jan 2023 06:40:17 GMT Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3new9kgtg4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30V29aOC004065; Tue, 31 Jan 2023 06:40:14 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3ncvv6a7dt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eBrd20971946 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C223F20040; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C52ED2004B; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 1760960996; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com, Michael Ellerman Subject: [PATCH v5 19/25] powerpc/pseries: Make caller pass buffer to plpks_read_var() Date: Tue, 31 Jan 2023 17:39:22 +1100 Message-Id: <20230131063928.388035-20-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: n6uKZ1xReVlR6XUhAPHPDure0p3EYFUh X-Proofpoint-GUID: WDtjhlGM16apAXAnkmWek1knZRRTw946 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 malwarescore=0 adultscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519775535097577?= X-GMAIL-MSGID: =?utf-8?q?1756519775535097577?= Currently, plpks_read_var() allocates a buffer to pass to the H_PKS_READ_OBJECT hcall, then allocates another buffer, of the caller's preferred size if necessary, into which the data is copied, and returns that buffer to the caller. This is a bit over the top - while we probably still want to allocate a separate buffer to pass to the hypervisor in the hcall, we can let the caller allocate the final buffer and specify the size. Don't allocate var->data in plpks_read_var(), instead expect the caller to allocate it. If the caller needs to discover the size, it can set var->data to NULL and var->datalen will be populated. Update header file to document this. Suggested-by: Michael Ellerman Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (mpe) --- arch/powerpc/include/asm/plpks.h | 12 ++++++++++++ arch/powerpc/platforms/pseries/plpks.c | 11 ++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index e7204e6c0ca4..0c49969b0864 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -88,16 +88,28 @@ int plpks_remove_var(char *component, u8 varos, /** * Returns the data for the specified os variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_os_var(struct plpks_var *var); /** * Returns the data for the specified firmware variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_fw_var(struct plpks_var *var); /** * Returns the data for the specified bootloader variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_bootloader_var(struct plpks_var *var); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index e5755443d4a4..926b6a927326 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -581,17 +581,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_output; } - if (var->datalen == 0 || var->datalen > retbuf[0]) + if (!var->data || var->datalen > retbuf[0]) var->datalen = retbuf[0]; - var->data = kzalloc(var->datalen, GFP_KERNEL); - if (!var->data) { - rc = -ENOMEM; - goto out_free_output; - } var->policy = retbuf[1]; - memcpy(var->data, output, var->datalen); + if (var->data) + memcpy(var->data, output, var->datalen); + rc = 0; out_free_output: From patchwork Tue Jan 31 06:39:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50634 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593019wrn; Mon, 30 Jan 2023 22:41:42 -0800 (PST) X-Google-Smtp-Source: AK7set/Izu+tU7gvjRseRZiBf5j1WnYfypgaBQTh8bQ3FM8rbaCzEYteG/xRa5G6DFnPkKRW7iXs X-Received: by 2002:a05:6a20:8e1a:b0:bc:a96b:c7f7 with SMTP id y26-20020a056a208e1a00b000bca96bc7f7mr12741809pzj.9.1675147302128; Mon, 30 Jan 2023 22:41:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147302; cv=none; d=google.com; s=arc-20160816; b=E22RqDvK0kWzJdLmUjvpn0t1IntZdNhFiyCnUlg+gt/aOlvBvCov9/PYuvqzFLHY9Q B0ZXPL//7vobS6Nowcrjls3H4pND/3D7G3JqDDci33/PfXghRu1b0+gpx906LISsO8xZ 6GU0NZAPJh3t/6Q5pwYIJRe+TRrhhmbpE0d4tla45q5qEYBXa/xs40DBqWTHdqZNzmI1 x1EClHlkUOhJuhnmAXeHP4eqZZ7x1gZTMUuPPV4eQZcb+4OMUJ+xZh/tsiyphQxXTsDe sS2hMavw1r01NeNfmfDPrKkL6diC1mNwv4mByOirBWswmIglL+R4Xnse5M0EXADZ+CtP odSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=n6+EpYurlDSJF9uQ8AOPjqaREtyx5u5vW36NTargbZE=; b=uxc1+xAAT2kHKJAj0XGqk7byBnVzV7sE4UOk10dZLxyJNy/Y835T9C+AYVVXsp7mr3 InIo0LRuSXfDNWuMygdwPkBH/QaIbgSg8jFE4KkEx0ZlvHQyLEYWzqMFCnR9d5YfhXdO siUuY3q5DCNUx3sI/HyL38sIelEQZRUUfkDAdqPgnEEQq4q7a+kIdPhM+rt6WM6oCTD4 PTu+ok4jMcXjvpyOr3SJK2p7Xqh13gxN8Ayxtnb2zasShCCXasNE6w6jU6W3tybwCdFt zar00YNINm/Ax2Zv/G48BFsJdIy3m/4IsAn+uMAK/xjRcHvFaAuUhjWHfKPr1NQ0T/aF DTrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Dq0z19nz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w1-20020a63a741000000b004dc3a90b3b7si14415377pgo.756.2023.01.30.22.41.29; Mon, 30 Jan 2023 22:41:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Dq0z19nz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230110AbjAaGkv (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230241AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42B3F3CE2F; Mon, 30 Jan 2023 22:40:24 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5PW6k028985; Tue, 31 Jan 2023 06:40:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=n6+EpYurlDSJF9uQ8AOPjqaREtyx5u5vW36NTargbZE=; b=Dq0z19nz16n+/+QCFm73jl3/Dnx8juVjgcHWpiE55H9Nd88UeN5EW1Bj/h5QK4sSgO73 v2Mo8SvECvKd63jX4dlq7cYhshqmAPfxRNvnH8kqQXJ2BygsAtPCpLc9FIxakC5bQox+ m9EDWcFOvvOiTgG3EZtdapZsnDjE4p0e8WIJIM0v0mYYkoRtdHMuj9I9wL1bl9Ghw2Fn IF999FDoQBzfYfAbVxgZgb2tqYUmBsqMBJL1/2W4QWq/XY7xdwZUP9eu78HBacbpjE56 4kUlaOCjTjx2VuFanKNoxuJBrVdvmhjmM/psyXaIFn8F0ouwHdBFBqJF+9Ju5viH7VsQ vA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nevu21dkg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V5vGUj005170; Tue, 31 Jan 2023 06:40:16 GMT Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nevu21dj9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UCq597016468; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3ncvt7j7gq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eBeF26018348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 51CD82004D; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C716F2004E; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 26136609BD; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 20/25] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Date: Tue, 31 Jan 2023 17:39:23 +1100 Message-Id: <20230131063928.388035-21-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 9D2_oZAgKWCQvctXCMF7XAhsi4At3DKY X-Proofpoint-GUID: EJbiktnVvxjhwj_RVlHXEfNVp6F1zaDJ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 phishscore=0 priorityscore=1501 adultscore=0 suspectscore=0 impostorscore=0 mlxlogscore=929 bulkscore=0 malwarescore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519257486967947?= X-GMAIL-MSGID: =?utf-8?q?1756519257486967947?= It seems a bit unnecessary for the PLPKS code to have a user-visible config option when it doesn't do anything on its own, and there's existing options for enabling Secure Boot-related features. It should be enabled by PPC_SECURE_BOOT, which will eventually be what uses PLPKS to populate keyrings. However, we can't get of the separate option completely, because it will also be used for SED Opal purposes. Change PSERIES_PLPKS into a hidden option, which is selected by PPC_SECURE_BOOT. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch v5: Change the previous description into a comment (npiggin) --- arch/powerpc/Kconfig | 1 + arch/powerpc/platforms/pseries/Kconfig | 19 +++++++++---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b8c4ac56bddc..d4ed46101bec 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -1029,6 +1029,7 @@ config PPC_SECURE_BOOT depends on PPC_POWERNV || PPC_PSERIES depends on IMA_ARCH_POLICY imply IMA_SECURE_AND_OR_TRUSTED_BOOT + select PSERIES_PLPKS if PPC_PSERIES help Systems with firmware secure boot enabled need to define security policies to extend secure boot to the OS. This config allows a user diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index a3b4d99567cb..e51d65969318 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -151,16 +151,15 @@ config IBMEBUS config PSERIES_PLPKS depends on PPC_PSERIES - bool "Support for the Platform Key Storage" - help - PowerVM provides an isolated Platform Keystore(PKS) storage - allocation for each LPAR with individually managed access - controls to store sensitive information securely. It can be - used to store asymmetric public keys or secrets as required - by different usecases. Select this config to enable - operating system interface to hypervisor to access this space. - - If unsure, select N. + bool + # PowerVM provides an isolated Platform Keystore (PKS) storage + # allocation for each LPAR with individually managed access + # controls to store sensitive information securely. It can be + # used to store asymmetric public keys or secrets as required + # by different usecases. + # + # This option is selected by in-kernel consumers that require + # access to the PKS. config PAPR_SCM depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM From patchwork Tue Jan 31 06:39:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50643 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593263wrn; Mon, 30 Jan 2023 22:42:27 -0800 (PST) X-Google-Smtp-Source: AK7set/7faJifmjGSM2we+NTTNd3gtJjVHP4T9cd5dq9JyXfuamxdW2T02vZH6bp1P159W4LtaSp X-Received: by 2002:a05:6a00:14d6:b0:592:6522:edd with SMTP id w22-20020a056a0014d600b0059265220eddmr17036531pfu.29.1675147347370; Mon, 30 Jan 2023 22:42:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147347; cv=none; d=google.com; s=arc-20160816; b=S2Y+qlpefhgnuk8mc1IrJjoG5NqNlfcZ/6uc9z1MZuQftglNKFg7Ae75UwlE1iwcF3 CMXDmOrVF4fH05GybefCG+lPfOcTuxCjDngBkZfeW75Wr0yWZ1+aMqPTc+qWUBCRpo+f hjup/aMpd/vKF3p6y91oWvXioKxTy3Vr+DnvAVcnanXU3iS4YzMf62JGcyAl468WoFbh AQbrbe4iC2M9NeZ6P0vd+nLS10bLxmOvcCVA8YcS0EUzpGXpS0Eyyj9s+ZNFxZabxFv/ Lhrii+WJq24etzcDP76kWk5Y4EgJFfrJ1v/Mzx00FIINpUfojEm01rDUU2NdQCwxig6v n7tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CeT+HXR//BWiccmV91ac1X5y2aYpEBfq7VFAphJ1y6s=; b=ufZO0U51DQ5o44LPaB9bjFIKK5ocJ4jBF+NGheWg4LexbUv6snVU8BAT7OcCeVTNoU lrQ34tIpwRJmAT0af2hIpyCLE00v0saDujA/fXzt5yeXlmVFm7vfs5qC8fkucZZZvAkJ sOvzbHVz20dTGzOqIcLq1QosCwRq1fQR/KA1BkEL+6fMdb3pet3TGdyajYPpwv4/ZGFd YWfStmfvp3I0HmnwjUcHTg1dcaAVDUUq5adB1fOIKDAI16iHtY9aWGgZUilXMB+6IZKi ydP9Fhlg1csuSnWuMBV9ERyRITKTsUVhC7RIGNhvxWYvyKAdOaghD08LrDTOwR9h50jL 7jOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=I8QQBIWW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 197-20020a6218ce000000b0057d34473bc6si14661541pfy.147.2023.01.30.22.42.13; Mon, 30 Jan 2023 22:42:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=I8QQBIWW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230523AbjAaGlB (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230244AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5734E3D93C; Mon, 30 Jan 2023 22:40:24 -0800 (PST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6EFpr003360; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=CeT+HXR//BWiccmV91ac1X5y2aYpEBfq7VFAphJ1y6s=; b=I8QQBIWWh08/feUevXjB6z8qYXkLu6IaPVZT+bwIKi8h6gU3PA/kYB4X3YUVRTAhb/Gl w2gAe43sDCd/KLDxBN/S7/XfZmgkJkL1k/EjuRd4sZb1U2+lmzmXhMtddmUZ7mLZxUCW axvNS2ZGFd4kwxqPdmDatteW2uHR0ZWq7HY/Vgq9jOQujoq8vT63dlgghOXXmTV6Mn6b ml3v8HH52eWb9YxTIiGqJi7pwumU+W+HCOHIY/s82L+Zu6+jDgUBENQSjSuTqnV9R5YE A5ht1qZ8pIBQIGFv/e0tlCo5VFWkUKMjAJU63sFOKCehudwcWshqnPcbGGodgTU40XxK sQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fs2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6Euks006418; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newhm0fr4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30V3LI8E025083; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3ncvv6a7ds-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eAjB49086832 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CD3642004E; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4E2B920040; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 34DD8609BE; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 21/25] powerpc/pseries: Add helper to get PLPKS password length Date: Tue, 31 Jan 2023 17:39:24 +1100 Message-Id: <20230131063928.388035-22-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ERgL8LpBP4ZCkG3n0aJzoe9aMuYumYdk X-Proofpoint-GUID: NjsZbwwZPLvbVESAfIjS14i9y-C6yax6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 impostorscore=0 suspectscore=0 mlxlogscore=802 lowpriorityscore=0 adultscore=0 spamscore=0 priorityscore=1501 mlxscore=0 bulkscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519304665853852?= X-GMAIL-MSGID: =?utf-8?q?1756519304665853852?= From: Russell Currey Add helper function to get the PLPKS password length. This will be used in a later patch to support passing the password between kernels over kexec. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch v5: Drop plpks_get_password() since we no longer need to expose it. --- arch/powerpc/include/asm/plpks.h | 5 +++++ arch/powerpc/platforms/pseries/plpks.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 0c49969b0864..757313e00521 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -171,6 +171,11 @@ u32 plpks_get_maxlargeobjectsize(void); */ u64 plpks_get_signedupdatealgorithms(void); +/** + * Returns the length of the PLPKS password in bytes. + */ +u16 plpks_get_passwordlen(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 926b6a927326..6940280ae94a 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -359,6 +359,11 @@ u64 plpks_get_signedupdatealgorithms(void) return signedupdatealgorithms; } +u16 plpks_get_passwordlen(void) +{ + return ospasswordlength; +} + bool plpks_is_available(void) { int rc; From patchwork Tue Jan 31 06:39:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50645 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593329wrn; Mon, 30 Jan 2023 22:42:41 -0800 (PST) X-Google-Smtp-Source: AK7set+1UbVFDKp1bj8J+vmSg6WjRB0kf66pIE1ukB+raJ0bSWdrqqfHu6o7CAQKTzVWVFmFKgTp X-Received: by 2002:a05:6a20:4282:b0:be:a189:1475 with SMTP id o2-20020a056a20428200b000bea1891475mr5486938pzj.47.1675147360746; Mon, 30 Jan 2023 22:42:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147360; cv=none; d=google.com; s=arc-20160816; b=M2PJEho3Z+h/UCRBdGYFsaHhCxF8h/c0ixyy+OPN1KnipxAOIfIwAeR3AvrBJwhbZm QYcrd3TDouou5U8ZyS/12cpgb0mnHKscnVpTFsrly914Ie7THCX5LdCK11axbNQOTNhT y67kMy2P4kmYBMkiRozX1ZiuEzMxdydoGGuVSUSIYFeLCjU7vuO+N3qIofXmaheLW+ns Zg0tLYF0Gc4tWV7qMXS6S5tbdM/2P9xY3eeeIHS8wSyQ5rx46o3IUrT74MtYYVoi0QlP xhrmmjuAivNnbo9zy6QS6rkxVh3yx23AAbtKLkNIpNa93tYYwVN4QQ/EGQZ/CZWgh2zi I8ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=G0fVIZuQLtZFyHOkb1iCcvNuLmCiPYYFNMTF6Yodh5k=; b=OVF3/AQkPqSOvX2anLwx1DketYVINIt3k2d9uKFtALIqL0wa/qzkLC3JTl445hgS7j KN9Mvr9IeCpjZmugLVahPN4SnU76tI0MSsnX7VfNbsREyG6LaWqjx0SzDjPXRv77fgyJ WOG+9JhixR8wK5GIFuBlrRigK1jb9nYQChBHrFZcRhSFrkokD7UXNzXCrXe9cgUbK+hQ uIjsuHhnlI0l1U7iqpB8zEk2LG/4NOJvk5ZuzQISk/SuthU+GkN0r3xU6aqUqOvF+Pxy Grd1UQvKR8MPVkwdriJYHF7RjkRqydKHXikD/fgRf/30dCCPn5q9PaL6odTYA2k8rvVf BGKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Fbys/PTI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s82-20020a632c55000000b004b9ff24ee40si15192951pgs.550.2023.01.30.22.42.28; Mon, 30 Jan 2023 22:42:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="Fbys/PTI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230205AbjAaGlD (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229686AbjAaGk0 (ORCPT ); Tue, 31 Jan 2023 01:40:26 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E1193E08C; Mon, 30 Jan 2023 22:40:24 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V6IY0h004158; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=G0fVIZuQLtZFyHOkb1iCcvNuLmCiPYYFNMTF6Yodh5k=; b=Fbys/PTI8ZDdlRwCVjmQqeeMoOPjfvJyid7G8o3RAClOCZH6HFQ12kenpmIWQZAq9knI tkZjY5uZiwcfMYPQ0IjBLYp3zHFMSOovN2Tp4nBqMkG1nA+e9RvVGcr2z1cWPgXyTkrU rvq2pOQtbUm+MzpwlM2hnmh/WY2dMiA/8B6LOa9nU/PqhkAVLAE/a7MbT6TNPcNx92cd rbGu0F1hvgqQNkSilIzdiL/Q0lk0F1jsoj3FrKefnewxs8rlxj2jp0xOIO+T8K8TYmKk HjMowf8x7MX4AKY7VZEQIo+iV7FCJCsbFftiJQ942oPNvVd9hO1o2vuxgMUVCvX6AeL5 wg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3newkwgf12-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6TgRr011186; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3newkwgf01-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UCtaYG012460; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3ncvs7k436-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eB6m23069274 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4A66D20040; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4D65C2004E; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 512F4609BC; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 22/25] powerpc/pseries: Pass PLPKS password on kexec Date: Tue, 31 Jan 2023 17:39:25 +1100 Message-Id: <20230131063928.388035-23-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: EFGriNSuUTPOnvAQy2B6cA7ePijGPyF2 X-Proofpoint-ORIG-GUID: Gqd9rvwleJVWnDo4si71zOwNO2WesUsl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 impostorscore=0 mlxscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 priorityscore=1501 clxscore=1015 bulkscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519318952478919?= X-GMAIL-MSGID: =?utf-8?q?1756519318952478919?= From: Russell Currey Before interacting with the PLPKS, we ask the hypervisor to generate a password for the current boot, which is then required for most further PLPKS operations. If we kexec into a new kernel, the new kernel will try and fail to generate a new password, as the password has already been set. Pass the password through to the new kernel via the device tree, in /chosen/ibm,plpks-pw. Check for the presence of this property before trying to generate a new password - if it exists, use the existing password and remove it from the device tree. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch) Fix error handling on fdt_path_offset() call (ruscur) v5: Fix DT property name in commit message (npiggin) Clear prop in FDT during init to prevent password exposure (mpe) Rework to remove ifdefs from C code (npiggin) --- arch/powerpc/include/asm/plpks.h | 14 ++++++ arch/powerpc/kernel/prom.c | 4 ++ arch/powerpc/kexec/file_load_64.c | 15 +++++-- arch/powerpc/platforms/pseries/plpks.c | 60 ++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 757313e00521..23b77027c916 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -176,6 +176,20 @@ u64 plpks_get_signedupdatealgorithms(void); */ u16 plpks_get_passwordlen(void); +/** + * Called in early init to retrieve and clear the PLPKS password from the DT. + */ +void plpks_early_init_devtree(void); + +/** + * Populates the FDT with the PLPKS password to prepare for kexec. + */ +int plpks_populate_fdt(void *fdt); +#else // CONFIG_PSERIES_PLPKS +static inline bool plpks_is_available(void) { return false; } +static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); } +static inline void plpks_early_init_devtree(void) { } +static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); } #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c index 4f1c920aa13e..8a13b378770f 100644 --- a/arch/powerpc/kernel/prom.c +++ b/arch/powerpc/kernel/prom.c @@ -56,6 +56,7 @@ #include #include #include +#include #include @@ -893,6 +894,9 @@ void __init early_init_devtree(void *params) powerpc_firmware_features |= FW_FEATURE_PS3_POSSIBLE; #endif + /* If kexec left a PLPKS password in the DT, get it and clear it */ + plpks_early_init_devtree(); + tm_init(); DBG(" <- early_init_devtree()\n"); diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c index af8854f9eae3..3f5740fb01a4 100644 --- a/arch/powerpc/kexec/file_load_64.c +++ b/arch/powerpc/kexec/file_load_64.c @@ -27,6 +27,7 @@ #include #include #include +#include struct umem_info { u64 *buf; /* data buffer for usable-memory property */ @@ -977,12 +978,16 @@ static unsigned int cpu_node_size(void) */ unsigned int kexec_extra_fdt_size_ppc64(struct kimage *image) { - unsigned int cpu_nodes, extra_size; + unsigned int cpu_nodes, extra_size = 0; struct device_node *dn; u64 usm_entries; + // Make room for the PLPKS password, plus node overhead for ibm,plpks-pw. + if (plpks_is_available()) + extra_size += (unsigned int)plpks_get_passwordlen() + 32; + if (image->type != KEXEC_TYPE_CRASH) - return 0; + return extra_size; /* * For kdump kernel, account for linux,usable-memory and @@ -992,7 +997,7 @@ unsigned int kexec_extra_fdt_size_ppc64(struct kimage *image) usm_entries = ((memblock_end_of_DRAM() / drmem_lmb_size()) + (2 * (resource_size(&crashk_res) / drmem_lmb_size()))); - extra_size = (unsigned int)(usm_entries * sizeof(u64)); + extra_size += (unsigned int)(usm_entries * sizeof(u64)); /* * Get the number of CPU nodes in the current DT. This allows to @@ -1230,6 +1235,10 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt, } } + // If we have PLPKS active, we need to provide the password to the new kernel + if (plpks_is_available()) + ret = plpks_populate_fdt(fdt); + out: kfree(rmem); kfree(umem); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 6940280ae94a..481a669845c5 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -16,6 +16,9 @@ #include #include #include +#include +#include +#include #include #include #include @@ -128,6 +131,12 @@ static int plpks_gen_password(void) u8 *password, consumer = PLPKS_OS_OWNER; int rc; + // If we booted from kexec, we could be reusing an existing password already + if (ospassword) { + pr_debug("Password of length %u already in use\n", ospasswordlength); + return 0; + } + // The password must not cross a page boundary, so we align to the next power of 2 password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) @@ -621,6 +630,57 @@ int plpks_read_bootloader_var(struct plpks_var *var) return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var); } +int plpks_populate_fdt(void *fdt) +{ + int chosen_offset = fdt_path_offset(fdt, "/chosen"); + if (chosen_offset < 0) { + pr_err("Can't find chosen node: %s\n", + fdt_strerror(chosen_offset)); + return chosen_offset; + } + + return fdt_setprop(fdt, chosen_offset, "ibm,plpks-pw", ospassword, ospasswordlength); +} + +// Once a password is registered with the hypervisor it cannot be cleared without +// rebooting the LPAR, so to keep using the PLPKS across kexec boots we need to +// recover the previous password from the FDT. +// +// There are a few challenges here. We don't want the password to be visible to +// users, so we need to clear it from the FDT. This has to be done in early boot. +// Clearing it from the FDT would make the FDT's checksum invalid, so we have to +// manually cause the checksum to be recalculated. +void __init plpks_early_init_devtree(void) +{ + void *fdt = initial_boot_params; + int chosen_node = fdt_path_offset(fdt, "/chosen"); + u8 *password; + int len; + + if (chosen_node < 0) + return; + + password = (u8 *)fdt_getprop(fdt, chosen_node, "ibm,plpks-pw", &len); + if (len <= 0) { + pr_debug("Couldn't find ibm,plpks-pw node.\n"); + return; + } + + ospassword = memblock_alloc_raw(len, SMP_CACHE_BYTES); + if (!ospassword) { + pr_err("Error allocating memory for password.\n"); + goto out; + } + + memcpy(ospassword, password, len); + ospasswordlength = (u16)len; + +out: + fdt_nop_property(fdt, chosen_node, "ibm,plpks-pw"); + // Since we've cleared the password, we must update the FDT checksum + early_init_dt_verify(fdt); +} + static __init int pseries_plpks_init(void) { int rc; From patchwork Tue Jan 31 06:39:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50638 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593120wrn; Mon, 30 Jan 2023 22:41:59 -0800 (PST) X-Google-Smtp-Source: AK7set96wmKDUPmWL748MKOrhqR2zN6TuX3Zh5r7A8WCKin4c5/FA6PmFPW6HgYtGFv3R5guShKW X-Received: by 2002:a17:902:f0d4:b0:196:56ae:ed19 with SMTP id v20-20020a170902f0d400b0019656aeed19mr12297326pla.2.1675147318989; Mon, 30 Jan 2023 22:41:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147318; cv=none; d=google.com; s=arc-20160816; b=p8nlPZrKntSaMLS9rMUgDbNixbIStsuJ4SdzirOWEdzIz/EoCv9cDesq+vyryL8Qt8 2oiyb4OzFrDdWjxUWJa2SGyk51zZQY3wwe2s67QGQon8ez5A1sFad6aAR4xeE9seBDCF I4oojN+UdtTKj1Jx1sXBiyhdO2EfI322dypp74HJXHz5ovW/bI1KQJ8ddp2/KZlFH+aW vex+Kcsb/MNFoCM5nc9qihMYazLFRzjpkVCEALgfrJEVtLgd4PHfjuFWHcVc5+vSrsYE 4BazToZUzam+1lYSINONyUJvIEwnNXpJohol5yaxUG2H34zfD0d8zI7tPJKKDOJ+oaR5 saRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mCiAlZfx7Qo1JS5NAF8eQNSraARxAiiT/g4phV6IC2A=; b=h1y/ufC5EiPdQSqABS1ILKuidb3f68WazAQ7t25WnsWuzzXlcI+tc9IO0exytqFUg7 zwDXMyOdVbmZgtyNmkDxvaMDob17IuA3ZmlGujQKbyi7Ah7TdJ4briRAGzt381DgY6mA y1WqwYdN2MSduGaxVe0JwkG+FpZDP/P39HRH0ihlqiQCa/CGPT7J4yYkyJ88CKsYDJOL RNWRj6iKnTLglQsuuH75YnG+2L7e8xahtfcHBLgJ9I/V1RMIKVksx224HoLY4FQdZ7EI 2woMZkjxATRF3DBAYkCw3/R+s6uPwYihCNYx0aE0IdgyOJmIMBJVik/i+TiN423+XRkZ nQOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=NHcpCZmo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u18-20020a17090341d200b00188f0ca258asi17384997ple.388.2023.01.30.22.41.46; Mon, 30 Jan 2023 22:41:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=NHcpCZmo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230267AbjAaGlO (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230172AbjAaGk1 (ORCPT ); Tue, 31 Jan 2023 01:40:27 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A9AE3D0AA; Mon, 30 Jan 2023 22:40:25 -0800 (PST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V61sVP020588; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=mCiAlZfx7Qo1JS5NAF8eQNSraARxAiiT/g4phV6IC2A=; b=NHcpCZmoBYLR5EbiO50BzPw8wgjaVcSXUxg75UZ3oKwsdpcglBtIaROyIPDEeYUFlOTF 1g1+sK8YStWQ+Ps3YiMRbCs1YDP0+8Iv2LpIPgdhrA+RRCIc2S7pJlCyRACtIFr24fIZ 1euISTS2VrsczVs8WG5tmSYtnKnpzz3u7QTKzzHXDrKtgRVWs0m1PMB53u257jqhahuG TDaBKCqy1hIDckG0qSjooinGJflobJeGZgJiO5aYZF2DGuEvSTgXfjPFVaYSqpPVClEM bLVbyv4G38+p3pTNZkRhIZkcTHgS325rCIHlepjcx8pyTJIZC1KxB55pgVJKZfJkkcWc uA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40ru1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V677ec005093; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rsn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UFaedu018469; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma06fra.de.ibm.com (PPS) with ESMTPS id 3ncvugj7ek-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eBRW43319732 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 545C02004B; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4E03A20043; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 62514609C2; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 23/25] powerpc/pseries: Implement secvars for dynamic secure boot Date: Tue, 31 Jan 2023 17:39:26 +1100 Message-Id: <20230131063928.388035-24-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: CgLfzW2Pg0DKw6BYx1UeWXTfz6eQSWH6 X-Proofpoint-GUID: f8FXYWa9nRoPw81WbHy_Z-fDtE5FIooy X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 clxscore=1015 suspectscore=0 bulkscore=0 impostorscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519275277550540?= X-GMAIL-MSGID: =?utf-8?q?1756519275277550540?= From: Russell Currey The pseries platform can support dynamic secure boot (i.e. secure boot using user-defined keys) using variables contained with the PowerVM LPAR Platform KeyStore (PLPKS). Using the powerpc secvar API, expose the relevant variables for pseries dynamic secure boot through the existing secvar filesystem layout. The relevant variables for dynamic secure boot are signed in the keystore, and can only be modified using the H_PKS_SIGNED_UPDATE hcall. Object labels in the keystore are encoded using ucs2 format. With our fixed variable names we don't have to care about encoding outside of the necessary byte padding. When a user writes to a variable, the first 8 bytes of data must contain the signed update flags as defined by the hypervisor. When a user reads a variable, the first 4 bytes of data contain the policies defined for the object. Limitations exist due to the underlying implementation of sysfs binary attributes, as is the case for the OPAL secvar implementation - partial writes are unsupported and writes cannot be larger than PAGE_SIZE. (Even when using bin_attributes, which can be larger than a single page, sysfs only gives us one page's worth of write buffer at a time, and the hypervisor does not expose an interface for partial writes.) Co-developed-by: Nayna Jain Signed-off-by: Nayna Jain Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v2: Remove unnecessary config vars from sysfs and document the others, thanks to review from Greg. If we end up needing to expose more, we can add them later and update the docs. Use sysfs_emit() instead of sprintf(), thanks to Greg. Change the size of the sysfs binary attributes to include the 8-byte flags header, preventing truncation of large writes. v3: plpks_set_variable(): pass var to plpks_signed_update_var() as a pointer (mpe) Update copyright date (ajd) Consistent comment style (ajd) Change device_initcall() to machine_arch_initcall(pseries...) so we don't try to load on powernv and kill the machine (mpe) Add config attributes into plpks_secvar_ops (mpe) Get rid of PLPKS_SECVAR_COUNT macro (mpe) Reworded descriptions in ABI documentation (mpe) Switch to using secvar_ops->var_names rather than secvar_ops->get_next() (ajd/mpe) Optimise allocation/copying of buffers (mpe) Elaborate the comment documenting the "format" string (mpe) Return -EIO on errors in the read case (mpe) Add "grubdbx" variable (Sudhakar Kuppusamy) Use utf8s_to_utf16s() rather than our own "UCS-2" conversion code (mpe) Change uint64_t to u64 (mpe) Fix SB_VERSION data length (ruscur) Stop prepending policy data on read (ruscur) Enforce max format length on format string (not strictly needed, but makes the length limit clear) (ajd) Update include of plpks.h to reflect new path (ruscur) Consistent constant naming scheme (ruscur) v4: Return set_secvar_ops() return code Pass buffer size to plpks_secvar_format() (stefanb, npiggin) Add missing null check (stefanb) Add comment to commit message explaining PAGE_SIZE write limit (joel) v5: Add comment explaining why we use "key_len - 1" (npiggin) Use strlen(var.name) instead of hardcoding 10 as length of "SB_VERSION" (npiggin) Improve comments about use of SB_VERSION and format string (npiggin) Change "+ 8" to "+ sizeof(u64)" when accounting for flags size in working out file's max size (npiggin) Compile plpks-secvar.c based on CONFIG_PPC_SECURE_BOOT, not CONFIG_PPC_SECVAR_SYSFS, as the secvar backend is needed for loading keys into keyrings even if the sysfs interface is disabled (ajd) --- Documentation/ABI/testing/sysfs-secvar | 75 +++++- arch/powerpc/platforms/pseries/Makefile | 4 +- arch/powerpc/platforms/pseries/plpks-secvar.c | 219 ++++++++++++++++++ 3 files changed, 295 insertions(+), 3 deletions(-) create mode 100644 arch/powerpc/platforms/pseries/plpks-secvar.c diff --git a/Documentation/ABI/testing/sysfs-secvar b/Documentation/ABI/testing/sysfs-secvar index feebb8c57294..a19f4d5fcec6 100644 --- a/Documentation/ABI/testing/sysfs-secvar +++ b/Documentation/ABI/testing/sysfs-secvar @@ -18,6 +18,14 @@ Description: A string indicating which backend is in use by the firmware. This determines the format of the variable and the accepted format of variable updates. + On powernv/OPAL, this value is provided by the OPAL firmware + and is expected to be "ibm,edk2-compat-v1". + + On pseries/PLPKS, this is generated by the kernel based on the + version number in the SB_VERSION variable in the keystore, and + has the form "ibm,plpks-sb-v", or + "ibm,plpks-sb-unknown" if there is no SB_VERSION variable. + What: /sys/firmware/secvar/vars/ Date: August 2019 Contact: Nayna Jain @@ -34,7 +42,7 @@ Description: An integer representation of the size of the content of the What: /sys/firmware/secvar/vars//data Date: August 2019 -Contact: Nayna Jain h +Contact: Nayna Jain Description: A read-only file containing the value of the variable. The size of the file represents the maximum size of the variable data. @@ -44,3 +52,68 @@ Contact: Nayna Jain Description: A write-only file that is used to submit the new value for the variable. The size of the file represents the maximum size of the variable data that can be written. + +What: /sys/firmware/secvar/config +Date: December 2022 +Contact: Nayna Jain +Description: This optional directory contains read-only config attributes as + defined by the secure variable implementation. All data is in + ASCII format. The directory is only created if the backing + implementation provides variables to populate it, which at + present is only PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/version +Date: December 2022 +Contact: Nayna Jain +Description: Config version as reported by the hypervisor in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/max_object_size +Date: December 2022 +Contact: Nayna Jain +Description: Maximum allowed size of objects in the keystore in bytes, + represented in ASCII decimal format. + + This is not necessarily the same as the max size that can be + written to an update file as writes can contain more than + object data, you should use the size of the update file for + that purpose. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/total_size +Date: December 2022 +Contact: Nayna Jain +Description: Total size of the PLPKS in bytes, represented in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/used_space +Date: December 2022 +Contact: Nayna Jain +Description: Current space consumed by the key store, in bytes, represented + in ASCII decimal format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/supported_policies +Date: December 2022 +Contact: Nayna Jain +Description: Bitmask of supported policy flags by the hypervisor, + represented as an 8 byte hexadecimal ASCII string. Consult the + hypervisor documentation for what these flags are. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/signed_update_algorithms +Date: December 2022 +Contact: Nayna Jain +Description: Bitmask of flags indicating which algorithms the hypervisor + supports for signed update of objects, represented as a 16 byte + hexadecimal ASCII string. Consult the hypervisor documentation + for what these flags mean. + + Currently only provided by PLPKS on the pseries platform. diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 92310202bdd7..20a0f3c3fe04 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -27,8 +27,8 @@ obj-$(CONFIG_PAPR_SCM) += papr_scm.o obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o -obj-$(CONFIG_PSERIES_PLPKS) += plpks.o - +obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PPC_SECURE_BOOT) += plpks-secvar.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c b/arch/powerpc/platforms/pseries/plpks-secvar.c new file mode 100644 index 000000000000..04e6cc3f9dd8 --- /dev/null +++ b/arch/powerpc/platforms/pseries/plpks-secvar.c @@ -0,0 +1,219 @@ +// SPDX-License-Identifier: GPL-2.0-only + +// Secure variable implementation using the PowerVM LPAR Platform KeyStore (PLPKS) +// +// Copyright 2022, 2023 IBM Corporation +// Authors: Russell Currey +// Andrew Donnellan +// Nayna Jain + +#define pr_fmt(fmt) "secvar: "fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// Config attributes for sysfs +#define PLPKS_CONFIG_ATTR(name, fmt, func) \ + static ssize_t name##_show(struct kobject *kobj, \ + struct kobj_attribute *attr, \ + char *buf) \ + { \ + return sysfs_emit(buf, fmt, func()); \ + } \ + static struct kobj_attribute attr_##name = __ATTR_RO(name) + +PLPKS_CONFIG_ATTR(version, "%u\n", plpks_get_version); +PLPKS_CONFIG_ATTR(max_object_size, "%u\n", plpks_get_maxobjectsize); +PLPKS_CONFIG_ATTR(total_size, "%u\n", plpks_get_totalsize); +PLPKS_CONFIG_ATTR(used_space, "%u\n", plpks_get_usedspace); +PLPKS_CONFIG_ATTR(supported_policies, "%08x\n", plpks_get_supportedpolicies); +PLPKS_CONFIG_ATTR(signed_update_algorithms, "%016llx\n", plpks_get_signedupdatealgorithms); + +static const struct attribute *config_attrs[] = { + &attr_version.attr, + &attr_max_object_size.attr, + &attr_total_size.attr, + &attr_used_space.attr, + &attr_supported_policies.attr, + &attr_signed_update_algorithms.attr, + NULL, +}; + +static u32 get_policy(const char *name) +{ + if ((strcmp(name, "db") == 0) || + (strcmp(name, "dbx") == 0) || + (strcmp(name, "grubdb") == 0) || + (strcmp(name, "grubdbx") == 0) || + (strcmp(name, "sbat") == 0)) + return (PLPKS_WORLDREADABLE | PLPKS_SIGNEDUPDATE); + else + return PLPKS_SIGNEDUPDATE; +} + +static const char * const plpks_var_names[] = { + "PK", + "KEK", + "db", + "dbx", + "grubdb", + "grubdbx", + "sbat", + "moduledb", + "trustedcadb", + NULL, +}; + +static int plpks_get_variable(const char *key, u64 key_len, u8 *data, + u64 *data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + + // We subtract 1 from key_len because we don't need to include the + // null terminator at the end of the string + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + var.os = PLPKS_VAR_LINUX; + if (data) { + var.data = data; + var.datalen = *data_size; + } + rc = plpks_read_os_var(&var); + + if (rc) + goto err; + + *data_size = var.datalen; + +err: + kfree(var.name); + if (rc && rc != -ENOENT) { + pr_err("Failed to read variable '%s': %d\n", key, rc); + // Return -EIO since userspace probably doesn't care about the + // specific error + rc = -EIO; + } + return rc; +} + +static int plpks_set_variable(const char *key, u64 key_len, u8 *data, + u64 data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + u64 flags; + + // Secure variables need to be prefixed with 8 bytes of flags. + // We only want to perform the write if we have at least one byte of data. + if (data_size <= sizeof(flags)) + return -EINVAL; + + // We subtract 1 from key_len because we don't need to include the + // null terminator at the end of the string + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + memcpy(&flags, data, sizeof(flags)); + + var.datalen = data_size - sizeof(flags); + var.data = data + sizeof(flags); + var.os = PLPKS_VAR_LINUX; + var.policy = get_policy(key); + + // Unlike in the read case, the plpks error code can be useful to + // userspace on write, so we return it rather than just -EIO + rc = plpks_signed_update_var(&var, flags); + +err: + kfree(var.name); + return rc; +} + +// PLPKS dynamic secure boot doesn't give us a format string in the same way OPAL does. +// Instead, report the format using the SB_VERSION variable in the keystore. +// The string is made up by us, and takes the form "ibm,plpks-sb-v" (or "ibm,plpks-sb-unknown" +// if the SB_VERSION variable doesn't exist). Hypervisor defines the SB_VERSION variable as a +// "1 byte unsigned integer value". +static ssize_t plpks_secvar_format(char *buf, size_t bufsize) +{ + struct plpks_var var = {0}; + ssize_t ret; + + var.component = NULL; + // Only the signed variables have null bytes in their names, this one doesn't + var.name = "SB_VERSION"; + var.namelen = strlen(var.name); + var.datalen = 1; + var.data = kzalloc(1, GFP_KERNEL); + if (!var.data) + return -ENOMEM; + + // Unlike the other vars, SB_VERSION is owned by firmware instead of the OS + ret = plpks_read_fw_var(&var); + if (ret) { + if (ret == -ENOENT) { + ret = snprintf(buf, bufsize, "ibm,plpks-sb-unknown"); + } else { + pr_err("Error %ld reading SB_VERSION from firmware\n", ret); + ret = -EIO; + } + goto err; + } + + ret = snprintf(buf, bufsize, "ibm,plpks-sb-v%hhu", var.data[0]); + +err: + kfree(var.data); + return ret; +} + +static int plpks_max_size(u64 *max_size) +{ + // The max object size reported by the hypervisor is accurate for the + // object itself, but we use the first 8 bytes of data on write as the + // signed update flags, so the max size a user can write is larger. + *max_size = (u64)plpks_get_maxobjectsize() + sizeof(u64); + + return 0; +} + + +static const struct secvar_operations plpks_secvar_ops = { + .get = plpks_get_variable, + .set = plpks_set_variable, + .format = plpks_secvar_format, + .max_size = plpks_max_size, + .config_attrs = config_attrs, + .var_names = plpks_var_names, +}; + +static int plpks_secvar_init(void) +{ + if (!plpks_is_available()) + return -ENODEV; + + return set_secvar_ops(&plpks_secvar_ops); +} +machine_device_initcall(pseries, plpks_secvar_init); From patchwork Tue Jan 31 06:39:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50633 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593017wrn; Mon, 30 Jan 2023 22:41:42 -0800 (PST) X-Google-Smtp-Source: AK7set9nxClYxfmGSpaRLv4dA/t+R7BkRoMdsinHsWCR2F6Z1z26Y9sXrGlIt8mtVj8IelVAX2vr X-Received: by 2002:a17:90b:3806:b0:22c:3052:47dd with SMTP id mq6-20020a17090b380600b0022c305247ddmr19143367pjb.17.1675147301937; Mon, 30 Jan 2023 22:41:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147301; cv=none; d=google.com; s=arc-20160816; b=gFcRRCTE1NHAgjaY854CO73R7ZwWHpSD4wG0wZbfSN2JjvCcLfOe0PMpa4fw5XHMw2 uNGUfCfsHI4c936sftAX7Z1n5eO0FTKSGDGCNFVks3zMIpFKnCcqw5PavYzH4XBapstw mvRZdFKPzKkyjNKeE0U4hU66Js0X0EzZCs7iyxnzC022cuqGrMNk1AFlY2yX7sPcjc1G cGiIPX7w4QrzQvTndhkDfG99PIc0SeCswM6F+n8aCd2lrBh+F1H4m2zAjCIMs5T2XUTP uC0p90SfUTxvJC2MeiRGwIw5q4WRss4QGwOZ68TWYgkawH+2z96NGwDEJj1QVSDML+2d bYpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WMu/Zb3Iphqdf5G/sJin/L6+0Yox6l6Bi4TmsUaD9TQ=; b=VVCxiW+J3ud1DNax8nGuz9nM2CqojF8OE2swG/JE0lbSNE/LVp9E3yHEolv8ZP3pbf ZXiSNHzbHmRtRgUxnNRF4FiyFt/xbDtELprxQ6Cg+oZLh5tXPzHOzdrjGHp05ur6fCHj TnOtVpv1kjvSizBGpx4BNdQ7878LvPJauwaMkAld+FRviUEJPpOef6oas4NzDvSEi+Gr 8XdOKSMkE+Ur47GPStDXaUlk0pSntrcOsM20lKIiPzUN/Z86iCKUVxTn0iz5N+XCGTJs rdbRO7lqh/x24exhxiwr6r2HF2qYFSJtEt4v11IwoMj7kLbd28GP6BDFx0NHf53PWUVH qXdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=L7HcX7fl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n15-20020a17090a2bcf00b00225b16285cbsi19539606pje.168.2023.01.30.22.41.29; Mon, 30 Jan 2023 22:41:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=L7HcX7fl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231163AbjAaGkt (ORCPT + 99 others); Tue, 31 Jan 2023 01:40:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230238AbjAaGkZ (ORCPT ); Tue, 31 Jan 2023 01:40:25 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CDD93D927; Mon, 30 Jan 2023 22:40:23 -0800 (PST) Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V628Yj020806; Tue, 31 Jan 2023 06:40:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=WMu/Zb3Iphqdf5G/sJin/L6+0Yox6l6Bi4TmsUaD9TQ=; b=L7HcX7flY0eB+CV9gjZw3eQsAsmm4MJwBSnlHH7oHEDKNKRgzzPxHBSuXXzrrAVJ7U2T 1uuZjnl6BcRtlqkgOaSFsNDnroY3ELSePn4QoWFd38mCQW/4WOVbrJzk+gfoGxsooFGJ 7L1TGS4ZyJcBAGK76NJnLSLP3MSaCHjiGowr4981ZzJcHPQcvrTENtbUQRSpTP8q/Wlb HJlKcF2HBB8lMoHNN450+UoAIBb/4BOwwQQbClXT8/CwoeFGKXvG2dQwgeDqdcIFyKFC iDcWRi6eml1BWOMIDaDcO8kFq4HjMwEoE3Vm5uyXJuy5iMdEltxY1uOCDnoDUtFQ4jsR 7g== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rtd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V6YVf1010722; Tue, 31 Jan 2023 06:40:15 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3newc40rsb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:15 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30V1Jrlm027465; Tue, 31 Jan 2023 06:40:13 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3ncvttu3nj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:13 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eAdJ25428716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:10 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CD16020040; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4EE3520043; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:10 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 75873609C3; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 24/25] integrity/powerpc: Improve error handling & reporting when loading certs Date: Tue, 31 Jan 2023 17:39:27 +1100 Message-Id: <20230131063928.388035-25-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: YqhAwv9dW2ORib0Nrdq4MI7DMoA8jw_6 X-Proofpoint-GUID: QBjONroKTfT8XqK0pJI_mESvht7N0TLi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 clxscore=1015 suspectscore=0 bulkscore=0 impostorscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519257449680071?= X-GMAIL-MSGID: =?utf-8?q?1756519257449680071?= From: Russell Currey A few improvements to load_powerpc.c: - include integrity.h for the pr_fmt() - move all error reporting out of get_cert_list() - use ERR_PTR() to better preserve error detail - don't use pr_err() for missing keys Reviewed-by: Mimi Zohar Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- .../integrity/platform_certs/load_powerpc.c | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index 1e4f80a4e71c..dee51606d5f4 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -14,9 +14,15 @@ #include #include #include "keyring_handler.h" +#include "../integrity.h" /* * Get a certificate list blob from the named secure variable. + * + * Returns: + * - a pointer to a kmalloc'd buffer containing the cert list on success + * - NULL if the key does not exist + * - an ERR_PTR on error */ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { @@ -25,19 +31,19 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) rc = secvar_ops->get(key, keylen, NULL, size); if (rc) { - pr_err("Couldn't get size: %d\n", rc); - return NULL; + if (rc == -ENOENT) + return NULL; + return ERR_PTR(rc); } db = kmalloc(*size, GFP_KERNEL); if (!db) - return NULL; + return ERR_PTR(-ENOMEM); rc = secvar_ops->get(key, keylen, db, size); if (rc) { kfree(db); - pr_err("Error reading %s var: %d\n", key, rc); - return NULL; + return ERR_PTR(rc); } return db; @@ -69,7 +75,11 @@ static int __init load_powerpc_certs(void) */ db = get_cert_list("db", 3, &dbsize); if (!db) { - pr_err("Couldn't get db list from firmware\n"); + pr_info("Couldn't get db list from firmware\n"); + } else if (IS_ERR(db)) { + rc = PTR_ERR(db); + pr_err("Error reading db from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:db", db, dbsize, get_handler_for_db); @@ -81,6 +91,10 @@ static int __init load_powerpc_certs(void) dbx = get_cert_list("dbx", 4, &dbxsize); if (!dbx) { pr_info("Couldn't get dbx list from firmware\n"); + } else if (IS_ERR(dbx)) { + rc = PTR_ERR(dbx); + pr_err("Error reading dbx from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:dbx", dbx, dbxsize, get_handler_for_dbx); From patchwork Tue Jan 31 06:39:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 50640 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2593162wrn; Mon, 30 Jan 2023 22:42:07 -0800 (PST) X-Google-Smtp-Source: AK7set+zdcrHiZuWZd9BpLNa8n2qEQBea+SSoNlgsH0A4cr3I8AnwUGlYCb/B/UvACVkiY/SMLL6 X-Received: by 2002:a17:903:11cd:b0:196:8d33:f083 with SMTP id q13-20020a17090311cd00b001968d33f083mr5126128plh.28.1675147326783; Mon, 30 Jan 2023 22:42:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675147326; cv=none; d=google.com; s=arc-20160816; b=0x8gIgsqRd5RWECuMxh2iDviZsZDk8Nq7iP+mavYMyqvf+Y/79+nLO5f49SJYHSCIJ pSY/CTfZBrTaLVLTs7vMuNNqh/8x6D53iKNEetS9EeprQHqHJ9X9qHTDvUclVH4GW31I 4WsygPiYFsYCxbJvUlPwu+9z2vw6FNLEJlzD9J90zpdGjXg+ClIBwJXFRhhfleooD6i1 LPBNGUCOBctpGr6QLBjyreZL1HDogl3PpvuDYKOKWf1EQXs4jMSpRDjGYz296ACCXqXu AapipW+lUKuZKcShiCtO8sfTv3H3qsMGQRKOCXD63mD20zdoPKPFouzPOhYyRm4ysnWe md/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=U8C+0QlsWH7fAWudF9ims90JHfDey/gQjvgG2A7qCyg=; b=pUaOJdxNBiA6WFTJgiyqHH4pLNpBF5ajviRpsQlMMB/qouzkm5TXEoEvrf433Le68d NxP1YExhn/Wf2uAprKCqNaP3OS0n2BHTpCMnXpj5jecw9M6Abvzz1xumowEyIEJ47LfN xmvUWDBWQwAiRwQeMR5AXH82JK7wIZrk+PaxjiH/6bHu/67yGjhmp0SXcWzWSue+EjgU EtsZ2WtoyOhjZNs3e7uADWzr4PufI5p037D06IlSWL1WMCnlYs+wqtYNf21qHLuWHWtV X+BzvyPulPrhDQ1fIVHjeUrYz8r5exSAsF1TAOaMvluCvIjJ5tkizYA9t8TkWstZLihi LULg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="aKyB2/Po"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u14-20020a170902a60e00b001966abb1a11si8397675plq.612.2023.01.30.22.41.54; Mon, 30 Jan 2023 22:42:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="aKyB2/Po"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230346AbjAaGlI (ORCPT + 99 others); Tue, 31 Jan 2023 01:41:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229884AbjAaGk0 (ORCPT ); Tue, 31 Jan 2023 01:40:26 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F4C33D08E; Mon, 30 Jan 2023 22:40:25 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V5PYO2029039; Tue, 31 Jan 2023 06:40:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=U8C+0QlsWH7fAWudF9ims90JHfDey/gQjvgG2A7qCyg=; b=aKyB2/Po6mi6UPAx5Mb3498lqP7brZEajgINwM/4hH49tukgYHamN7LmvMXdDycxmfaJ rX9N7YxxcM4IrxmqcLYd4U4TYBscU+KFJ5GaksecXmVYE5kW0k1IsPNadB4xmQX5seG+ qWmCkTi9+YLGyB9NxY8m/dsO8H2yob3/qMHjxvmTESzat1fCED0JaJdqFIZF4rpmROCO LHnSuSdFA6oCMzcLccZ8IQpBoSGiOGakJMLO4U9rO9obF4LfCd904vDReNqLCffMsb92 81yRW9saiGBbcPTsGCmWTwsPoiDjAAv3efeavI2yFVw9AchCYEIn3qV7A3Onq97Ort/j HQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nevu21dks-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:17 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30V5ul1h003960; Tue, 31 Jan 2023 06:40:16 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nevu21djw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:16 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30UCZfOd025984; Tue, 31 Jan 2023 06:40:14 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3ndn6u9g29-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 06:40:14 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30V6eBCv36766190 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 31 Jan 2023 06:40:11 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BFD2E20043; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 40B1720040; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Tue, 31 Jan 2023 06:40:11 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.au.ibm.com (unknown [9.192.255.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 91117609C1; Tue, 31 Jan 2023 17:40:05 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 25/25] integrity/powerpc: Support loading keys from PLPKS Date: Tue, 31 Jan 2023 17:39:28 +1100 Message-Id: <20230131063928.388035-26-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> References: <20230131063928.388035-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: R9n9s5sVcu5b0hLQV2-aSv-Va5U5mqMs X-Proofpoint-GUID: 9-uGLIuU0-_4AgdcK_5hb4nrg6CEJCXv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_02,2023-01-30_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 mlxscore=0 phishscore=0 priorityscore=1501 adultscore=0 suspectscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 malwarescore=0 spamscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310059 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756519283056473852?= X-GMAIL-MSGID: =?utf-8?q?1756519283056473852?= From: Russell Currey Add support for loading keys from the PLPKS on pseries machines, with the "ibm,plpks-sb-v1" format. The object format is expected to be the same, so there shouldn't be any functional differences between objects retrieved on powernv or pseries. Unlike on powernv, on pseries the format string isn't contained in the device tree. Use secvar_ops->format() to fetch the format string in a generic manner, rather than searching the device tree ourselves. (The current code searches the device tree for a node compatible with "ibm,edk2-compat-v1". This patch switches to calling secvar_ops->format(), which in the case of OPAL/powernv means opal_secvar_format(), which searches the device tree for a node compatible with "ibm,secvar-backend" and checks its "format" property. These are equivalent, as skiboot creates a node with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as compatible strings.) Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch v4: Pass format buffer size (stefanb, npiggin) v5: Use sizeof(buf) rather than stating the size twice (npiggin) Clarify change to DT compatible strings in commit message (zohar) Reword commit message a bit (ajd) --- .../integrity/platform_certs/load_powerpc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index dee51606d5f4..b9de70b90826 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include "keyring_handler.h" @@ -59,16 +58,22 @@ static int __init load_powerpc_certs(void) void *db = NULL, *dbx = NULL; u64 dbsize = 0, dbxsize = 0; int rc = 0; - struct device_node *node; + ssize_t len; + char buf[32]; if (!secvar_ops) return -ENODEV; - /* The following only applies for the edk2-compat backend. */ - node = of_find_compatible_node(NULL, NULL, "ibm,edk2-compat-v1"); - if (!node) + len = secvar_ops->format(buf, sizeof(buf)); + if (len <= 0) return -ENODEV; + // Check for known secure boot implementations from OPAL or PLPKS + if (strcmp("ibm,edk2-compat-v1", buf) && strcmp("ibm,plpks-sb-v1", buf)) { + pr_err("Unsupported secvar implementation \"%s\", not loading certs\n", buf); + return -ENODEV; + } + /* * Get db, and dbx. They might not exist, so it isn't an error if we * can't get them. @@ -103,8 +108,6 @@ static int __init load_powerpc_certs(void) kfree(dbx); } - of_node_put(node); - return rc; } late_initcall(load_powerpc_certs);