From patchwork Fri Feb 10 08:03:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55311 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp827700wrn; Fri, 10 Feb 2023 00:26:39 -0800 (PST) X-Google-Smtp-Source: AK7set8K/MNHPFQF2hgEs6QZDXfEOeYqeHsDoECUize/KQjWx4sPf/R7ur2OinF7ejAlg5akDX6C X-Received: by 2002:a17:90a:1a43:b0:229:4731:994d with SMTP id 3-20020a17090a1a4300b002294731994dmr15435864pjl.4.1676017598795; Fri, 10 Feb 2023 00:26:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676017598; cv=none; d=google.com; s=arc-20160816; b=L5J+JNkg5JUisXOgkuiyxVrFnF69EaJ4SyxYxCHPnKWm7f8wP8cR84Bf2oOjRTyPCJ 0Td9Z1rV05KhZbdvqumhCtOkiVq22RKhD06xUsxBUVU6uf8sG07kEGl0olxqyOXzelM4 lufcABhP+tKu+nv7gVEV6JLODf9gLUrGBwg4jps7uaNNyiMRBAvHxvxT7TTV+QnBr6mY nKNXMiiQvwh7eGuAvc71Z9jzjk4puBfwgTSkhgUTjgq2XJbqxLFM7WZB5/0HsCFJGEdC ldfOXEmZmrpnsvukv6IVG3POXWFRQKkB0hj6bETyYoDZfSvwbMIUC0v/RpM3/y4OejY3 tVzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7zg1tUagYbEpIMwYaXEmmouyBNZUUmpuXixmXYcdebM=; b=0OhpgV+apcF2V3Tqbyuc7YoHpN0bcyAtCc6/dsr8pU4gO+iUlDo/Y+RIPX+4wcm/Lj AGhOKIcV2pr2zThDCjXB4iXFwlC1DJvEpjda7t5hsTg/H3AMIKNzU0M8FE1jE6RfqEH7 rUKqcG6PYlvNYP6GMf7rdfSeWuJVfxFlT2UxHyylzYxD71ymxPjyhMBtCwTrfnhGO2LQ gt8ngJ7CyvZ7UT9M1xrA5PHp6jTRdpmhX+DySePAm9UfXspWwVsyQSBhNx91edDYbuWp dDQl+HTUtgbs6mggY4bQQcrjG1p30y4RPtOqjRrK8OUZNhVlWedLE1pdQ1hcx/dTjc9h NZhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Gzzn6R9K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u12-20020a17090adb4c00b00233399408e3si2754955pjx.86.2023.02.10.00.26.21; Fri, 10 Feb 2023 00:26:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Gzzn6R9K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231335AbjBJIL1 (ORCPT + 99 others); Fri, 10 Feb 2023 03:11:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231160AbjBJIL0 (ORCPT ); Fri, 10 Feb 2023 03:11:26 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C67128186C; Fri, 10 Feb 2023 00:10:56 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7g23B032432; Fri, 10 Feb 2023 08:09:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=7zg1tUagYbEpIMwYaXEmmouyBNZUUmpuXixmXYcdebM=; b=Gzzn6R9KnBbWBHaeMpe4zakfa7MFfUqL3sVNM3051/PrXKHq5hVtyGnnMMI0CDy1N74E wmtRbm1xEKE6DCJLx5RF8zjrHBS8Q5dBVjf3tT5jALlQ8GJSrdmQczxnh9rZn30RNxo5 lNx4yhSb0WNGwHYWeDmaQ0FOgAYhtkPKrBQJOjwzLiFZ4ZFKbA874oOk51IFDP+WRWr5 MxrULUmizxAxenNquOGlvrn+Ey84jDTvilqrpedgb2M1nnxc78slgM4yRE4OaBEPYOS1 O1BJfznTX6d9PvC2WBhWYMdQH7J4d955So6eiF+F70i/zPquC2ghAnNboF6IXkrCNSne rQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurs40-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:09:24 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A89N0M032741; Fri, 10 Feb 2023 08:09:23 GMT Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurs29-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:09:23 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7STPI001883; Fri, 10 Feb 2023 08:04:20 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3nhf06q4vb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:20 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84I2F48103776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:18 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 320BC2004D; Fri, 10 Feb 2023 08:04:18 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A2B8C20040; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 92BC660636; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 01/26] powerpc/pseries: Fix handling of PLPKS object flushing timeout Date: Fri, 10 Feb 2023 19:03:36 +1100 Message-Id: <20230210080401.345462-2-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: KXKcxuAaROLEymt3alQtN3kv5ee9U7Dc X-Proofpoint-GUID: -RiFzNjfoW1aW979Yxpu3ldlF3f9WTss X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757431829638433009?= X-GMAIL-MSGID: =?utf-8?q?1757431829638433009?= plpks_confirm_object_flushed() uses the H_PKS_CONFIRM_OBJECT_FLUSHED hcall to check whether changes to an object in the Platform KeyStore have been flushed to non-volatile storage. The hcall returns two output values, the return code and the flush status. plpks_confirm_object_flushed() polls the hcall until either the flush status has updated, the return code is an error, or a timeout has been exceeded. While we're still polling, the hcall is returning H_SUCCESS (0) as the return code. In the timeout case, this means that upon exiting the polling loop, rc is 0, and therefore 0 is returned to the user. Handle the timeout case separately and return ETIMEDOUT if triggered. Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Reported-by: Benjamin Gray Signed-off-by: Andrew Donnellan Tested-by: Russell Currey Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series Neaten how we return at the end of the function (ruscur) v4: Move up in series (npiggin) --- arch/powerpc/platforms/pseries/plpks.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 4edd1585e245..9e85b6d85b0b 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -248,6 +248,7 @@ static int plpks_confirm_object_flushed(struct label *label, struct plpks_auth *auth) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; + bool timed_out = true; u64 timeout = 0; u8 status; int rc; @@ -259,22 +260,26 @@ static int plpks_confirm_object_flushed(struct label *label, status = retbuf[0]; if (rc) { + timed_out = false; if (rc == H_NOT_FOUND && status == 1) rc = 0; break; } - if (!rc && status == 1) + if (!rc && status == 1) { + timed_out = false; break; + } usleep_range(PKS_FLUSH_SLEEP, PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); timeout = timeout + PKS_FLUSH_SLEEP; } while (timeout < PKS_FLUSH_MAX_TIMEOUT); - rc = pseries_status_to_err(rc); + if (timed_out) + return -ETIMEDOUT; - return rc; + return pseries_status_to_err(rc); } int plpks_write_var(struct plpks_var var) From patchwork Fri Feb 10 08:03:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55288 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820852wrn; Fri, 10 Feb 2023 00:06:38 -0800 (PST) X-Google-Smtp-Source: AK7set+l4z/6HUvqDE/NOMKk3t1ON0ZJDHqIkmWeHty5OMxNQUSDdybgt0zLJ/tpYmxoep0+i/VN X-Received: by 2002:a17:906:2851:b0:8a6:93a4:c892 with SMTP id s17-20020a170906285100b008a693a4c892mr14945683ejc.44.1676016398667; Fri, 10 Feb 2023 00:06:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016398; cv=none; d=google.com; s=arc-20160816; b=rnKRnEVqnTEce/9wKv/Ag1wVmGNtKkuwF328ZNMsn3W9veSTHn3IaaDywfsLslyQZ0 Q8AaRHod2JIqzouUjPBv00+WUZxtQHIGHdAU2IOSpotmHXWm1R+i4E33BxrjpvIndadA eKmXNrEoYcLFMeVTPpAty0EzWjOzq/lQVAxgTJi9ZqzYCmNVCBd6XvNtP8Y+5MJvQwS7 UB8ebJJQiYrTivJPtchQ5I8R9u2AXjh6tMwWmF2ET1qHTyNtZPWHP3BSIKujta0sjhij FJNALQph/YfNdSG3lY0VT8W8rBP9F1h9xhi1brTBnc7+qRAMHfHe1DSfCegXwvvkUxLN YLiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=gCNzsJQMUlM3vuWRxJHuCro4Pi5S2nUUaN3zdk+N8n8=; b=MFGNxQMJQwAgVq3udHVEJQRBcUlsHD+yXpaPUXDkeHden0VoxzDYrAQgOwPDhBET5z iqen74eiiEE83fHxWTzjXUGNDdANWoHLpe8dqPqdazPJFdJVgOCF2gOpLCz8Ff6sLB/F FHnJQ44QiE5kat9LlqTI2lvmUTYKgMQsddriqecm5D1kukBcjNG94c7Hnm1hiCA+meMl RI8lDRMXRHHSqlAyfgjb/tcquQjwjUg2R2TZFFnxs7jri7nKkrps6oeFnJE4XinX129N lOrKX/Za0+wMOr31wWeW7uoDWTRPWkmghQ2OuG//HmpTLnUHV5f0GyKB0PENrYqSZDz4 FUyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=bVexbER+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eu21-20020a170907299500b00864aa239277si5635334ejc.896.2023.02.10.00.06.14; Fri, 10 Feb 2023 00:06:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=bVexbER+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231572AbjBJIEw (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231534AbjBJIEn (ORCPT ); Fri, 10 Feb 2023 03:04:43 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C72CD80748; Fri, 10 Feb 2023 00:04:34 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A83NtX008624; Fri, 10 Feb 2023 08:04:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=gCNzsJQMUlM3vuWRxJHuCro4Pi5S2nUUaN3zdk+N8n8=; b=bVexbER+Y6VW7UkwZRKNzV/lA6fNDxq+x3/TrfpLCIbSvy3x5zMn7ISm8gNn41KpLGL0 il77jAmB9EEsphb+SSuYamaHDAMG5rIxSB4/lI0wqWJOl+JkqYJxau0stiAgqFl6D6TZ /SgEk4C6WRrbK4ak5gI3eePD9q0mzB38DokvCkVvZcYm9W0nw593KGYbX0SDh25rWEHo 50d2bc/T8VsSzkVA4btGYgK9SlnvwWz0KMELK+daoTOKIWJ5ewAg0ipH+qGr8M/S3IpB iJgCcC2JD+EQMs8qLvoSa6jGjdqd83vAC/JzxCKwVxyo9mP+BrHIXFhDUEp4TMBoQzpj eQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r17t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A83WEV009161; Fri, 10 Feb 2023 08:04:22 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r16u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:22 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319DbiGL005648; Fri, 10 Feb 2023 08:04:20 GMT Received: from smtprelay01.fra02v.mail.ibm.com ([9.218.2.227]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n40a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:20 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay01.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84IgI44237110 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:18 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3687C2004D; Fri, 10 Feb 2023 08:04:18 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A64D720040; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 9E2B6600BA; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 02/26] powerpc/pseries: Fix alignment of PLPKS structures and buffers Date: Fri, 10 Feb 2023 19:03:37 +1100 Message-Id: <20230210080401.345462-3-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: AFfPeGGtvuz1wXmnE7b_gatZc6V1Hhws X-Proofpoint-ORIG-GUID: qPc-v6g1AxZjBtaywruqqgUQ0lMYDDK1 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 impostorscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430571388467047?= X-GMAIL-MSGID: =?utf-8?q?1757430571388467047?= A number of structures and buffers passed to PKS hcalls have alignment requirements, which could on occasion cause problems: - Authorisation structures must be 16-byte aligned and must not cross a page boundary - Label structures must not cross page boundaries - Password output buffers must not cross page boundaries To ensure correct alignment, we adjust the allocation size of each of these structures/buffers to be the closest power of 2 that is at least the size of the structure/buffer (since kmalloc() guarantees that an allocation of a power of 2 size will be aligned to at least that size). Reported-by: Benjamin Gray Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Signed-off-by: Andrew Donnellan Reviewed-by: Russell Currey Signed-off-by: Russell Currey --- v3: Merge plpks fixes and signed update series with secvar series v4: Fix typo in commit message Move up in series (npiggin) v5: Reword commit message to better explain alignment guarantee (mpe) --- arch/powerpc/platforms/pseries/plpks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 9e85b6d85b0b..a01cf2ff140a 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -126,7 +126,8 @@ static int plpks_gen_password(void) u8 *password, consumer = PKS_OS_OWNER; int rc; - password = kzalloc(maxpwsize, GFP_KERNEL); + // The password must not cross a page boundary, so we align to the next power of 2 + password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) return -ENOMEM; @@ -162,7 +163,9 @@ static struct plpks_auth *construct_auth(u8 consumer) if (consumer > PKS_OS_OWNER) return ERR_PTR(-EINVAL); - auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); + // The auth structure must not cross a page boundary and must be + // 16 byte aligned. We align to the next largest power of 2 + auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL); if (!auth) return ERR_PTR(-ENOMEM); @@ -196,7 +199,8 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component && slen > sizeof(label->attr.prefix)) return ERR_PTR(-EINVAL); - label = kzalloc(sizeof(*label), GFP_KERNEL); + // The label structure must not cross a page boundary, so we align to the next power of 2 + label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); if (!label) return ERR_PTR(-ENOMEM); From patchwork Fri Feb 10 08:03:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55289 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820914wrn; Fri, 10 Feb 2023 00:06:47 -0800 (PST) X-Google-Smtp-Source: AK7set+FRoy0XyZzXpaIKao8WGy8wA/PA7hCl11SXurhY5oxCb++v3zliqc3y7FyXdf8uxqUmR1Z X-Received: by 2002:a17:906:3950:b0:887:3c7e:5df with SMTP id g16-20020a170906395000b008873c7e05dfmr15916450eje.73.1676016407606; Fri, 10 Feb 2023 00:06:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016407; cv=none; d=google.com; s=arc-20160816; b=qe/dkiYeOnXvK/9RoaeK1jhPrYTyV8SxUPh7K872lN6APAIhOCgLM5QfCUDl6cs7KI bAby3jcbHVmHQ04iuGrFurUlogzX3qVgLdzycAgfDcA/rfesEpBn5d/R7KrGINF9MBmk wNiX3l2FsQZjpuL0DdvvVo8KicbaKmO07OCDLRUDdp5NT/L39AUj4zDsjyhbzj9hRgCV jmAJcs+2kcpsay3lNzTu8/RT9/nwS1Ad/taybEcIQWbZhatJibDkjm8CrQyAu+OR6oxF 8JJeq4ba1fQAE8hXgY/SlIT1pKqpn5cHIXvURQW/VoEVlMBCUM3kqX78JHO7MCRJ8thE FtXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vC9JVreK0+6SnIM1kW+akAGKStkqNb5m8QZGsYb6oRQ=; b=p0hNCQ4XQJ9CoOCHG/OEHSgJ8o81y1rY24JZmcfWKxLJnvDMT7V5G5A3dy/suMFyZt 3dJKDv6rYJUqa3gKzQORTL6rWgA0g147gHaDkHABQcKqdwqyRtTO6mQ1dYibFdbZq27v TDrWz0oKgWtjtIl08Qfr07qYhkOk9RkA5a/yXOrBIUMEPckduLiRbBLzdEFG6AUTUkfC zsgUW8QA1boNDgOB2WsfGO0Smwr0fS/QZoM+lrIhy5Iqfnh/TOl6FnFLIHJwcPupS+ou OBEt6LyuQDUNbeOKidOG/Zfu1G8Crx3RWg/SS187ddruzwKGBRyA2uB/7MrwswDo4KIk X8qQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=iF32a+a7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id vw16-20020a170907059000b0084d2eb17555si4322251ejb.579.2023.02.10.00.06.24; Fri, 10 Feb 2023 00:06:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=iF32a+a7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231579AbjBJIEy (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231524AbjBJIEn (ORCPT ); Fri, 10 Feb 2023 03:04:43 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD07680749; Fri, 10 Feb 2023 00:04:34 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A80gQH002883; Fri, 10 Feb 2023 08:04:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=vC9JVreK0+6SnIM1kW+akAGKStkqNb5m8QZGsYb6oRQ=; b=iF32a+a7DKK2eRZwk44Qz6e3KkdinkVopGSbOcHv0tXuG/wSaiDbDds4w3MR1cmd0fWe jEhQqK9v2EPj13i9RHkv5JB8Fvpq98/1SP07N7pWjZayWOABkha8Ywc0oBhGEVG61i8s MMB5hDrk6AhucNZDA5ZAFIlTCFsgwz/RBsXZ1Bs7MYs2N63bQ7DvqyLK3SJDNSqGcidX VDE77SlqrnFb2JPjEGAv+SDKp/QHua/sVFBxO6Rx2gBr3hM2W8Im22wWR990uJLCfL5b Z5XhEWwvqpKojiJ+H72Cmrdlb7hNI3tJCEnSLfr1wLjHZ8kZN/UzeApnNunC81YdYg+P 2A== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r0324-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A80bYc002184; Fri, 10 Feb 2023 08:04:25 GMT Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r0311-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319L92V2017164; Fri, 10 Feb 2023 08:04:22 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma06fra.de.ibm.com (PPS) with ESMTPS id 3nhemfn4xt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:22 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84InM48038308 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:18 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 35C2F20040; Fri, 10 Feb 2023 08:04:18 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A50E12005A; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id B3651606E7; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 03/26] powerpc/secvar: Fix incorrect return in secvar_sysfs_load() Date: Fri, 10 Feb 2023 19:03:38 +1100 Message-Id: <20230210080401.345462-4-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 4rZK73IOMvncDToE6M0FGvGxRIExe48l X-Proofpoint-GUID: sriUhezUdM1NeZLbQwLNNHhLIroukkeL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 phishscore=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430580667944423?= X-GMAIL-MSGID: =?utf-8?q?1757430580667944423?= From: Russell Currey secvar_ops->get_next() returns -ENOENT when there are no more variables to return, which is expected behaviour. Fix this by returning 0 if get_next() returns -ENOENT. This fixes an issue introduced in commit bd5d9c743d38 ("powerpc: expose secure variables to userspace via sysfs"), but the return code of secvar_sysfs_load() was never checked so this issue never mattered. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v5: New patch --- arch/powerpc/kernel/secvar-sysfs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 1ee4640a2641..7fa5f8ed9542 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -179,8 +179,10 @@ static int secvar_sysfs_load(void) rc = secvar_ops->get_next(name, &namesize, NAME_MAX_SIZE); if (rc) { if (rc != -ENOENT) - pr_err("error getting secvar from firmware %d\n", - rc); + pr_err("error getting secvar from firmware %d\n", rc); + else + rc = 0; + break; } From patchwork Fri Feb 10 08:03:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55291 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820932wrn; Fri, 10 Feb 2023 00:06:49 -0800 (PST) X-Google-Smtp-Source: AK7set+udm1m1YWoeajoTuUEwuEbJ+hV1yi8aAqYT6sII4kJGdCE5QE9ZsH9ZnThYhfc98vp5P+8 X-Received: by 2002:a17:906:eb58:b0:87c:539c:73b9 with SMTP id mc24-20020a170906eb5800b0087c539c73b9mr14046336ejb.43.1676016409105; Fri, 10 Feb 2023 00:06:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016409; cv=none; d=google.com; s=arc-20160816; b=covCue70LHCN4MxknVAtXsil64aA9T4ng3Fxjm27o6R+FvMGVBzN8mBdpB3BjD2TVe Csbsgh+WL8jS5gvkI9hSa00/nr9q28sM8mHYNNcfbbAlqul8Epi0F5lThl/zk0O1jIyZ rUt+7daDF8kHDv9zryW4gRqoLKHO/lq3ckDKYXgAB1hQHOaRzzpnxN1SkKVottiEaccH zduXAn9k9RQNVdABmUVw26LZzCKs4c0QuDMsJfSIEC30CnMrm/NHrnJA4xJhB1TqD5Ir 8xtXwAfzzGQlJaCPi3w3cqd0cKs3Imp9rpvdGJSG1huN02VMAzMu43jlJ5ShVug9Qw41 O6GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xTlYStkg39Zq6lksZloGiyJlSyVApYtqi6JfwV+gBgc=; b=0/xGA9vEuB+qKsSOsK2HhlnAFtuhVV5xmfdmoiuWyOkoT7reChCSraH1abJU98j0Xr l+Si6Xgx+lbZBz1pEwC2aZ6iIavQfWB+NBGI4W4QH6MGmzAPkxzpp4yJ2ssebrfKk+bE e9rICtPo3VilV+mKMJyekv0E0LxKOmqPLtdJkvwxYTnKL20mNeAjuNqDytU5ZIa2PJ/q sbtC1OunWZGTQ9/6Vl5HwDsz/h07M1B67BU5nu3ORflyqcrNDiQM7jK/cAGPI+jAzM4Q iGuCLiOoneUcuKfxF4zP6dKvO/JlRhd9It6pvSKCYveivs/YzoBDNy6Ige/lYL4wadtP yL3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=JcF17GMl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id uo38-20020a170907cc2600b0089094eae192si4684005ejc.765.2023.02.10.00.06.26; Fri, 10 Feb 2023 00:06:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=JcF17GMl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231598AbjBJIFE (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231542AbjBJIEo (ORCPT ); Fri, 10 Feb 2023 03:04:44 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74C068075A; Fri, 10 Feb 2023 00:04:35 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A80bix002178; Fri, 10 Feb 2023 08:04:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=xTlYStkg39Zq6lksZloGiyJlSyVApYtqi6JfwV+gBgc=; b=JcF17GMl79/A0WVx3hpoLhaVLcd2efJZ8HA7OxaCzSNI3FPKI5S7xKySA21hc2nPQ5+q 9yy1SqC+opG8XdR5XN00eRrJ0fqje5YP7h98PpRYL4UqZLfxye5TSrs4ibtRjgKB3sEt kxe38upO2fC8RqkpG9xAhLP/RTR2L6Dx9A4YPJw2I6z1g9rYPn8SwMdn8As5hdFQY1R8 kZLbjzLtq1R/RIdM9rFuhDGH3G7oqw6YDmleE7LOOHd/I5kYYp/Xupgs7vqDKdHnvwui spohhpyCHngHUzPYbzoba618In7c0VzxwI3XLvKkB/AFqVd7gA19mTlyJxxtsrnf/dV3 1w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r031j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:24 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A82vmU014490; Fri, 10 Feb 2023 08:04:24 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r030g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319NtHiO003761; Fri, 10 Feb 2023 08:04:21 GMT Received: from smtprelay02.fra02v.mail.ibm.com ([9.218.2.226]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n40b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:21 +0000 Received: from smtpav05.fra02v.mail.ibm.com (smtpav05.fra02v.mail.ibm.com [10.20.54.104]) by smtprelay02.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84IFm44368346 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:18 GMT Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC63B20049; Fri, 10 Feb 2023 08:04:18 +0000 (GMT) Received: from smtpav05.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A4E2520043; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav05.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:17 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id BF1A4606E8; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com, Michael Ellerman Subject: [PATCH v6 04/26] powerpc/secvar: Use u64 in secvar_operations Date: Fri, 10 Feb 2023 19:03:39 +1100 Message-Id: <20230210080401.345462-5-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: R7tjIwZKIF-i8-wViDafC6xzvEBwPU1A X-Proofpoint-GUID: NImE48W92YKamPldFZhUMvZnMfv8EaN9 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 phishscore=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430582440182036?= X-GMAIL-MSGID: =?utf-8?q?1757430582440182036?= From: Michael Ellerman There's no reason for secvar_operations to use uint64_t vs the more common kernel type u64. The types are compatible, but they require different printk format strings which can lead to confusion. Change all the secvar related routines to use u64. Signed-off-by: Michael Ellerman Reviewed-by: Russell Currey Reviewed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan --- v3: Include new patch --- arch/powerpc/include/asm/secvar.h | 9 +++------ arch/powerpc/kernel/secvar-sysfs.c | 8 ++++---- arch/powerpc/platforms/powernv/opal-secvar.c | 9 +++------ security/integrity/platform_certs/load_powerpc.c | 4 ++-- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 4cc35b58b986..07ba36f868a7 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -14,12 +14,9 @@ extern const struct secvar_operations *secvar_ops; struct secvar_operations { - int (*get)(const char *key, uint64_t key_len, u8 *data, - uint64_t *data_size); - int (*get_next)(const char *key, uint64_t *key_len, - uint64_t keybufsize); - int (*set)(const char *key, uint64_t key_len, u8 *data, - uint64_t data_size); + int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); + int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); + int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 7fa5f8ed9542..702044edf14d 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -47,7 +47,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - uint64_t dsize; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -64,8 +64,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { - uint64_t dsize; char *data; + u64 dsize; int rc; rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); @@ -166,9 +166,9 @@ static int update_kobj_size(void) static int secvar_sysfs_load(void) { - char *name; - uint64_t namesize = 0; struct kobject *kobj; + u64 namesize = 0; + char *name; int rc; name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL); diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 14133e120bdd..ef89861569e0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -54,8 +54,7 @@ static int opal_status_to_err(int rc) return err; } -static int opal_get_variable(const char *key, uint64_t ksize, - u8 *data, uint64_t *dsize) +static int opal_get_variable(const char *key, u64 ksize, u8 *data, u64 *dsize) { int rc; @@ -71,8 +70,7 @@ static int opal_get_variable(const char *key, uint64_t ksize, return opal_status_to_err(rc); } -static int opal_get_next_variable(const char *key, uint64_t *keylen, - uint64_t keybufsize) +static int opal_get_next_variable(const char *key, u64 *keylen, u64 keybufsize) { int rc; @@ -88,8 +86,7 @@ static int opal_get_next_variable(const char *key, uint64_t *keylen, return opal_status_to_err(rc); } -static int opal_set_variable(const char *key, uint64_t ksize, u8 *data, - uint64_t dsize) +static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) { int rc; diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index a2900cb85357..1e4f80a4e71c 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -18,7 +18,7 @@ /* * Get a certificate list blob from the named secure variable. */ -static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) +static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { int rc; void *db; @@ -51,7 +51,7 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, uint64_t *size) static int __init load_powerpc_certs(void) { void *db = NULL, *dbx = NULL; - uint64_t dbsize = 0, dbxsize = 0; + u64 dbsize = 0, dbxsize = 0; int rc = 0; struct device_node *node; From patchwork Fri Feb 10 08:03:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55290 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820920wrn; Fri, 10 Feb 2023 00:06:48 -0800 (PST) X-Google-Smtp-Source: AK7set+uf/aKJlYDNdaZpwt+geefMm3Bbwkvj3g1GcJxBknj8ljTNBgFnrK1/c5vDPlQC5YpfCpB X-Received: by 2002:a17:907:8b94:b0:87b:d402:95ac with SMTP id tb20-20020a1709078b9400b0087bd40295acmr11488733ejc.27.1676016408130; Fri, 10 Feb 2023 00:06:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016408; cv=none; d=google.com; s=arc-20160816; b=lN9YOvU3ejmrZMb/4h8hvsDyKmS8mwFdzIjP81rpDMRSPuMXWL0/rlx9z3sVX6ZBw5 MoaPdnLXTYuUo2vLbA3EzmkqYsqvOs1l3TBWTZZ0K3+NVqNqYX+FvdHZ6yu5eMNoJq71 0bz8nBzeQMQQJhEw2MkI2F6qCRIvIO4sUckBE3+k3LEhyoB0Lm9fCLK3zlFslAno4JlJ CjiTDqTGZ0ex7xVcsIwrzYihQm+7ldUlpBw0ggyaPzVkzg8M7ra2DxvSSVIpbRIIfpxk VeKQbJvnKBm2BSEm/lEQ6zx2Fb/0uaKSlcE5bHGG16W71nBoPmn4kL0nKVhuj2OmOI/4 TNQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ztcs7hjvlb+xQDMWzJNeJQfiFEBDyVtgrMDBAAXoIfo=; b=APELopStFWpso4ChrozydE31l78kXyEzMyNmExTfageN1pa8hYrc+TRb90QuCSuzO0 BKUxndUL6ghPESVR8gcqxyaEvt/4dQ/wUsIRI/8q0B3rT5zTxrKApQlguLQnv2T1Olys utGKGKDBPv8PCuUED+Bztz4ORXb4Sc2v3msuKtBpBQaE+zE7mswuYv8BLBLqajCNpNVg c6uVW8CC94u4Swf5r7bkhwISBTG6W8SPsJPG4EkmzbA0A2aPEZDqvhbqUx4dy2vN23Pb FX6vb00/C/Hyt8R8oZVAd2o6/Ws8ZDTK0u+f6ad0QK2+yQtK/307XD3747JiJXiClbkI NhHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=AL0tast1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w6-20020aa7dcc6000000b004aab20ef6desi4622703edu.502.2023.02.10.00.06.25; Fri, 10 Feb 2023 00:06:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=AL0tast1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231531AbjBJIE7 (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231539AbjBJIEo (ORCPT ); Fri, 10 Feb 2023 03:04:44 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B29180752; Fri, 10 Feb 2023 00:04:35 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7sd3O025516; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=ztcs7hjvlb+xQDMWzJNeJQfiFEBDyVtgrMDBAAXoIfo=; b=AL0tast18NAWUUO18Zx8e4tQFExppwe0CRFhocu7IBO5uOFWsZzPKKTH3WFV3fNaZ9UW /1EEbdw9BVXuRIiz104m3hLwwg4/ZEROCJiVYh3VUEW4xBfstpUBLTJMYXWzfbjmqWLY Y+quik/FjNRFktsJtSwdgJLG77u6XJkea+6bTr5NiJeMXb41RLjuC/LsWV/So8i4Rcto Qevmn08inSB5NsMYBx2x+HEntrY9/HMf6h5yHiq/hPoPGFZVEDLL38iD4JvSelN4unpO RYcqaa+kyubLgOty7XyRxv2pRTY5xQ+1666issT6jmwIfaynMGPJ2r2BYtCPbmOXGOE0 ZQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9c7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7snsp025911; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9ad-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319IQcNG004425; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n3ur-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84KQk24183382 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:20 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id ABF4A20040; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2714C2004B; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id C9BF5606E6; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 05/26] powerpc/secvar: Warn and error if multiple secvar ops are set Date: Fri, 10 Feb 2023 19:03:40 +1100 Message-Id: <20230210080401.345462-6-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Ir0nQ3hgifueK7CNeCr0v7sQ_Lq7286S X-Proofpoint-GUID: F7gaYkEvg46cbt5VqEtueV0oBtfqxC2_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 suspectscore=0 clxscore=1015 mlxscore=0 bulkscore=0 impostorscore=0 mlxlogscore=999 phishscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430581187451715?= X-GMAIL-MSGID: =?utf-8?q?1757430581187451715?= From: Russell Currey The secvar code only supports one consumer at a time. Multiple consumers aren't possible at this point in time, but we'd want it to be obvious if it ever could happen. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v4: Return an error and don't actually try to set secvar_operations if the warning is triggered (npiggin) v5: Drop "extern" to fix a checkpatch check (snowpatch) v6: Return -EBUSY rather than -1 (stefanb) --- arch/powerpc/include/asm/secvar.h | 4 ++-- arch/powerpc/kernel/secvar-ops.c | 10 ++++++++-- arch/powerpc/platforms/powernv/opal-secvar.c | 4 +--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 07ba36f868a7..a2b5f2203dc5 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -21,11 +21,11 @@ struct secvar_operations { #ifdef CONFIG_PPC_SECURE_BOOT -extern void set_secvar_ops(const struct secvar_operations *ops); +int set_secvar_ops(const struct secvar_operations *ops); #else -static inline void set_secvar_ops(const struct secvar_operations *ops) { } +static inline int set_secvar_ops(const struct secvar_operations *ops) { return 0; } #endif diff --git a/arch/powerpc/kernel/secvar-ops.c b/arch/powerpc/kernel/secvar-ops.c index 6a29777d6a2d..19172a2804f0 100644 --- a/arch/powerpc/kernel/secvar-ops.c +++ b/arch/powerpc/kernel/secvar-ops.c @@ -8,10 +8,16 @@ #include #include +#include -const struct secvar_operations *secvar_ops __ro_after_init; +const struct secvar_operations *secvar_ops __ro_after_init = NULL; -void set_secvar_ops(const struct secvar_operations *ops) +int set_secvar_ops(const struct secvar_operations *ops) { + if (WARN_ON_ONCE(secvar_ops)) + return -EBUSY; + secvar_ops = ops; + + return 0; } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index ef89861569e0..4c0a3b030fe0 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -113,9 +113,7 @@ static int opal_secvar_probe(struct platform_device *pdev) return -ENODEV; } - set_secvar_ops(&opal_secvar_ops); - - return 0; + return set_secvar_ops(&opal_secvar_ops); } static const struct of_device_id opal_secvar_match[] = { From patchwork Fri Feb 10 08:03:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55286 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820724wrn; Fri, 10 Feb 2023 00:06:19 -0800 (PST) X-Google-Smtp-Source: AK7set/vNdZf47Tytz3gk6Nifm+BAJlTOvjj5o9hr3QK4896DdK90mdqRv6lPp7UZgOSZnhUV6lH X-Received: by 2002:a17:906:380d:b0:879:2a5:dc3c with SMTP id v13-20020a170906380d00b0087902a5dc3cmr14511696ejc.40.1676016379183; Fri, 10 Feb 2023 00:06:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016379; cv=none; d=google.com; s=arc-20160816; b=TVM/Vi4ELXmYR81n1R5Up7YxyEEesc6l/dn7LDflqxkTmYWI1RQS7Rx2Oa6WycZJPW jcNg0UbufEBozFIjw41dm0h+cMTpteWFPGEIDoHRWebqwitllb3AyuI1+m9A4C/QHGLr uw/bI1uJnlrv1o4yEcO9K0AQg7+amtTG1eKv5hLuKVkAvkLwNLWOhMSYNOA2KTM/Bi7f kMfTw92SEyf0fxX1oTqwzUkSCdPTOqIPkLLXh/XcG42Szp1g+4Bmo2xW6DWVovIIefNE LioiyeppAfNHcsL6igN9BHk0fQuPkm3puJHGYuSXH7PWqioOW+jdUtsa+AD1IpC/eVrz Xn6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SH2UbH2B3c2icAgR9z8QB14k/xdDG7GU+NiJiqoJMLw=; b=htYGsGgcQ+C2bKXQweXYKhTj/FbQdOuuTvSmZdys8GVJCIPhXR6rppreGBIp58gNFT i5exk5r1JCmPRdEuF44zAuoGv5kl+QArljEHC7U0GHs2+YxhiTOfj4s4/hOb0UyEE2Gn 7ny8ki7eTKQq2CBUmb4pcC2cg7goAToP9zynqNG9mujyN78nyEw1sOZH9zRhKQZz6PDy 4pRQdPMcOZb/8koyzL1B8PrkJXG7aMx8kyFj+kmlWFieX0h0/9DBMxmsA+VP797rSJB7 UXea1toMeaAVAuE0XolJgckhoneqC72n9e6qABfbfsX7oEmU93REU0wYCyUhyFt5/76H CQcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UizX3jIM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mu17-20020a1709068a9100b0089f801f770csi3990137ejc.585.2023.02.10.00.05.55; Fri, 10 Feb 2023 00:06:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UizX3jIM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231405AbjBJIEm (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231524AbjBJIEj (ORCPT ); Fri, 10 Feb 2023 03:04:39 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4BF580744; Fri, 10 Feb 2023 00:04:34 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7g6Z2032537; Fri, 10 Feb 2023 08:04:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=SH2UbH2B3c2icAgR9z8QB14k/xdDG7GU+NiJiqoJMLw=; b=UizX3jIMjSc5TdqjtyPNzIE8YRiM9/MwJS+WccISaqUPuLcY1ocG+vefrbpkdVsph2LK 1WgyZsCMIEfoHvWxm66GRBB0SiTtXZlVAwygCvPDTOsue9vxyNYRSa32U2zmS67yzs20 QTOSqu6ScbbTxRqSTjnu1ofjBwvQbVctg9WY/2CRQCFHQ5NhmKfnm5DRAAbQAWrDVlLS sMzaiFuMxzPXzqU9242kThE2TaWszWpftWZaEySeIE/rX5425zFxe40/GcVsuXVrNvfC MVVa5OJ/B0sL35kzMeETH1Ep5imnTzDJxs+jcW6yJ3BReYTVOmbM1k2TZwpHXaENI4nD lA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurjhf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7h2WB002304; Fri, 10 Feb 2023 08:04:25 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurjfn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7MeAH021050; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3nhemfq6ca-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84KFi22610270 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:20 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A94E82004B; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2632C20040; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id DEE0E60805; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 06/26] powerpc/secvar: Use sysfs_emit() instead of sprintf() Date: Fri, 10 Feb 2023 19:03:41 +1100 Message-Id: <20230210080401.345462-7-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: tdmQBz2FKtsx8QTdA6_EOMd18dFRwJtP X-Proofpoint-GUID: ST64kUr2XXAFKFESfCwjMSFrrr1U-_05 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430550747956548?= X-GMAIL-MSGID: =?utf-8?q?1757430550747956548?= From: Russell Currey The secvar format string and object size sysfs files are both ASCII text, and should use sysfs_emit(). No functional change. Suggested-by: Greg Kroah-Hartman Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v2: New patch (gregkh) --- arch/powerpc/kernel/secvar-sysfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 702044edf14d..b786d1005027 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -35,7 +35,7 @@ static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, if (rc) goto out; - rc = sprintf(buf, "%s\n", format); + rc = sysfs_emit(buf, "%s\n", format); out: of_node_put(node); @@ -57,7 +57,7 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, return rc; } - return sprintf(buf, "%llu\n", dsize); + return sysfs_emit(buf, "%llu\n", dsize); } static ssize_t data_read(struct file *filep, struct kobject *kobj, From patchwork Fri Feb 10 08:03:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55304 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821483wrn; Fri, 10 Feb 2023 00:08:07 -0800 (PST) X-Google-Smtp-Source: AK7set8KSikAhCdUS/6McDs6rp6qHw19INOBShSQRHBC3mpulkrYRqR2m/GhLHPhWMPZ17k05v/9 X-Received: by 2002:a17:906:4a93:b0:88c:4f0d:85ac with SMTP id x19-20020a1709064a9300b0088c4f0d85acmr15154925eju.77.1676016487551; Fri, 10 Feb 2023 00:08:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016487; cv=none; d=google.com; s=arc-20160816; b=QrOWWDVnq6MGa3bTL979C0aT29PAhmkM1ys8vUZNBSdNMs1d/jL4vvuAAn146GVwiW qnj1KISdY4MYAf8cxa7mmMgFP88bQDuMWK8oBbPfROBc2r1B0/XgZNFtRfjBCXkSgXGv HB5GoSetoUiGreuWI9rZR4KPKdIQhuqTlz7mtaOf3r+Fdh7yAirDDgZrmWhSlTxzj+tJ SLQEdGQeC5j7ADe58qrUioDruKCbI5ZFUqlhfcKUwFpgpjsGiYIhztDd3UIZ8/QX3np8 I1g7tj+SFtx0SQNnIzdEzbrzjR1QidpJmtsSEdmD6QAorN4oTIGHX/5ld63RM1Zf6v5f rZjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lVDlf1e+lx1SSxxJwdaT++MHU+m9OBvqLvOYomLLXnI=; b=tgHsxPcwAZzmiUu1OMNC7Sa2ycaLpkSHjviz0dIhi4HpPNKI+9HiPTJutoH6Wbkkhl qD6d4rJ/ehuIE2+T/KJytZlFP5bMrx4MlX5VLo0ePwUCWv5x0GXyKtnNYALZXFm2htrw Pg2SkgI/+dSdlNpP7D90kTVOvoJ8YQfZzFm6tXmOsPEn39d2NfeMkPlHXNYsv3K2kvs+ r120xgGX7b6S2shetiZuN6cMX8rzJkxeSVyXzBggZwknFhuXYNpxk6E0jE3nsNLzq/Ef h4RfxPUYDGYDBeG3ISjlMgBCSTxm1Vh20fgNumceLzYO56liToKbrgjwgpdjWZMJ857i 3Gug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qAyNpXtF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 10-20020a17090600ca00b0088c5e867083si7387818eji.807.2023.02.10.00.07.44; Fri, 10 Feb 2023 00:08:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qAyNpXtF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231558AbjBJIEt (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231531AbjBJIEk (ORCPT ); Fri, 10 Feb 2023 03:04:40 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0ACC80743; Fri, 10 Feb 2023 00:04:34 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7g06w032350; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=lVDlf1e+lx1SSxxJwdaT++MHU+m9OBvqLvOYomLLXnI=; b=qAyNpXtFLNoYT4BZ7Z2dWOkej0sPLibXyxO2kPeeJslK0C47Te0gfJJt0GiETYzfBaqH NG1zVQSQGg/KJjK1FggaI0QMAXZ36jdppkGg1tjOhJskev2DykqSWtc0M+qn73+4zmlP ebcn0OGlkZS1wFkfWi+L5JRqMd3xsCHQ65nHPCCw7fDaeU+hKNNdYfUPzdePfFJvWu7/ 5k+3pwQJtlFuJhAJTaKTcUGxriqVTQbST/raxA7t2YnNAyZCoxqR+thJYN3inGjBnlp4 Kdps7EPLwSS29z4NnqyhMwiFNBPn6P+Zt07aKIHK/Vcuo05r1rutIZQWbx0Q2m6ibQwY ag== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurjhr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7hPfW003092; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurjg0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A6KKja021016; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3nhemfq6cb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84LSI45744464 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E3522004D; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2898D20043; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id E97FF60806; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 07/26] powerpc/secvar: Handle format string in the consumer Date: Fri, 10 Feb 2023 19:03:42 +1100 Message-Id: <20230210080401.345462-8-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ffV_nczeSdFFWv6uQJ4V5UbcF2fRwaVf X-Proofpoint-GUID: f6b-MNv51pVKIx49_EGS9sTcKM6BiJrG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430664516084259?= X-GMAIL-MSGID: =?utf-8?q?1757430664516084259?= From: Russell Currey The code that handles the format string in secvar-sysfs.c is entirely OPAL specific, so create a new "format" op in secvar_operations to make the secvar code more generic. No functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v2: Use sysfs_emit() instead of sprintf() (gregkh) v3: Enforce format string size limit (ruscur) v4: Pass the buffer size as an argument, not using a macro (stefanb, npiggin) Fix error reporting (npiggin) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 27 +++++++------------- arch/powerpc/platforms/powernv/opal-secvar.c | 25 ++++++++++++++++++ 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index a2b5f2203dc5..1a2c696a48ad 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -17,6 +17,7 @@ struct secvar_operations { int (*get)(const char *key, u64 key_len, u8 *data, u64 *data_size); int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); + ssize_t (*format)(char *buf, size_t bufsize); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index b786d1005027..e4661559c855 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -21,26 +21,17 @@ static struct kset *secvar_kset; static ssize_t format_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - ssize_t rc = 0; - struct device_node *node; - const char *format; - - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } + char tmp[32]; + ssize_t len = secvar_ops->format(tmp, sizeof(tmp)); - rc = of_property_read_string(node, "format", &format); - if (rc) - goto out; + if (len > 0) + return sysfs_emit(buf, "%s\n", tmp); + else if (len < 0) + pr_err("Error %zd reading format string\n", len); + else + pr_err("Got empty format string from backend\n"); - rc = sysfs_emit(buf, "%s\n", format); - -out: - of_node_put(node); - - return rc; + return -EIO; } diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index 4c0a3b030fe0..e33bb703ecbc 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -98,10 +98,35 @@ static int opal_set_variable(const char *key, u64 ksize, u8 *data, u64 dsize) return opal_status_to_err(rc); } +static ssize_t opal_secvar_format(char *buf, size_t bufsize) +{ + ssize_t rc = 0; + struct device_node *node; + const char *format; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_string(node, "format", &format); + if (rc) + goto out; + + rc = snprintf(buf, bufsize, "%s", format); + +out: + of_node_put(node); + + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, + .format = opal_secvar_format, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Fri Feb 10 08:03:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55294 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820953wrn; Fri, 10 Feb 2023 00:06:52 -0800 (PST) X-Google-Smtp-Source: AK7set/mmQZnM7MHw0F8apOdIF23r3i4VfWZQa0Y5FWTRH341YxkBdRhPS+ZDADftL8mWfNC2KGT X-Received: by 2002:a17:907:8d17:b0:8af:346a:c186 with SMTP id tc23-20020a1709078d1700b008af346ac186mr6989400ejc.24.1676016412734; Fri, 10 Feb 2023 00:06:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016412; cv=none; d=google.com; s=arc-20160816; b=giDs9xe8Vnf+v1pt1DmYWpTKrYmhWS+yXZTOCAySQCQoOetG5fVsF8C5TKBBvh4DQ2 urL6KgBCz+cf1CYrTYVmEvgobPtVV6sGdIkVb92mcMbz871T2Xoobf2HNRMVHqezMHiY sSV9CnEuwOeTcaM9RCk7NAvE4Q5s2J1ZpPFcy2zVEvReGdeSyyJTItFwb7NNyLpnROFT d7lNJb6JOead1IFkLo64oBYiEfSL97jTaHxOLKzmdb3ywJMZD1T7G4MgnhYIwRcVzf0i zmaHlnO1fVmFZ//wBwYRekUG7zUWQYfhIbtORF4IpCZfT+OKYwx5QpFI24fkHLGaStYM 7AKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qShSbKMxV7Z7Qv9mgfP79gBedY4t+fnTdA6Vi24y4q4=; b=CdEsawsYEsKxkzzBIm6RRmpJwi07G92YqAJuj8vqrb+GTo/87dbM+322+A0pUI1tGO 004OaKY5fha8Udn75jCyPu3H2pNupwDQy8KJGZfNBiY6ot5kXCY3PsZQ+q1lIWb9EEFf EiN3MiIFbQcIcH/bLhXoUPs5wSN3rZxnYGdFM2sn1Cx3FUtObqZmWRBnfdzh8BUfvPzp wnVhEe1TquSy8vyZOO2uDueffd2wROeOGdBjCQ/kHM6FJs/S1tzJsfzhxPGEnCPMlEQG G2Gi/x89ShLEKtt1rKd2+zr8U3BvLL9s4lSxREYjO+NlJ/c3kOauOnMbnvMk7QkY5Lvj xvYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kBrAzAAD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id iy23-20020a170907819700b0088a4323d1e5si4681475ejc.135.2023.02.10.00.06.29; Fri, 10 Feb 2023 00:06:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=kBrAzAAD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231618AbjBJIFN (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231570AbjBJIEv (ORCPT ); Fri, 10 Feb 2023 03:04:51 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB29080754; Fri, 10 Feb 2023 00:04:35 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A83Neo008622; Fri, 10 Feb 2023 08:04:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=qShSbKMxV7Z7Qv9mgfP79gBedY4t+fnTdA6Vi24y4q4=; b=kBrAzAADzoucHJAe1LkpQUGvSutkb9kpjbn39LFQu7uCs3gyouh+juIPL2S9eGqiGYf+ D9WnvIhR8RI86g1WR23iLYwRsTKN93ISnTv5Q0916twcqfTjtWCV9pRKb7I44xau28AA dkMaYXZC6CynKYy2hH3P+f9IKLrAZ3t7Qbiw1UH85owiHVwAdacLC1Mq4QDam1L8gE9T NTLY6RGVb5cy0tb+jDsIthH4VRbg9jU92B0jkp8nuANw0lrkZrGglbUkEDMGf+Ul7jVX ip8zMLhk1qPb5ucuMn8DDGJaisMTFoynBSEFOOoCRpBstLgrrIjiBxCe8eshghj4E+BH 9g== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r1aa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A84CVC013305; Fri, 10 Feb 2023 08:04:25 GMT Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r195-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319D8J8K026476; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma02fra.de.ibm.com (PPS) with ESMTPS id 3nhf06w4c1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84L2i43385232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 320682005A; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2B36F2004E; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id F41DF60807; Fri, 10 Feb 2023 19:04:14 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 08/26] powerpc/secvar: Handle max object size in the consumer Date: Fri, 10 Feb 2023 19:03:43 +1100 Message-Id: <20230210080401.345462-9-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: ONaePQBeGn3UwiTweLjUb9FfFiMXAIJw X-Proofpoint-ORIG-GUID: uyJXsz2nn0TPt2Df-gDe9Nn9bIQHfl-f X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 impostorscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430586291917041?= X-GMAIL-MSGID: =?utf-8?q?1757430586291917041?= From: Russell Currey Currently the max object size is handled in the core secvar code with an entirely OPAL-specific implementation, so create a new max_size() op and move the existing implementation into the powernv platform. Should be no functional change. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: Change uint64_t type to u64 (mpe) v4: Return immediately if node is NULL (gjoyce) --- arch/powerpc/include/asm/secvar.h | 1 + arch/powerpc/kernel/secvar-sysfs.c | 17 +++------------ arch/powerpc/platforms/powernv/opal-secvar.c | 22 ++++++++++++++++++++ 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 1a2c696a48ad..bf396215903d 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -18,6 +18,7 @@ struct secvar_operations { int (*get_next)(const char *key, u64 *key_len, u64 keybufsize); int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf, size_t bufsize); + int (*max_size)(u64 *max_size); }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index e4661559c855..0966806f28c7 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -132,27 +132,16 @@ static struct kobj_type secvar_ktype = { static int update_kobj_size(void) { - struct device_node *node; u64 varsize; - int rc = 0; + int rc = secvar_ops->max_size(&varsize); - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); - if (!of_device_is_available(node)) { - rc = -ENODEV; - goto out; - } - - rc = of_property_read_u64(node, "max-var-size", &varsize); if (rc) - goto out; + return rc; data_attr.size = varsize; update_attr.size = varsize; -out: - of_node_put(node); - - return rc; + return 0; } static int secvar_sysfs_load(void) diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c b/arch/powerpc/platforms/powernv/opal-secvar.c index e33bb703ecbc..a8436bf35e2f 100644 --- a/arch/powerpc/platforms/powernv/opal-secvar.c +++ b/arch/powerpc/platforms/powernv/opal-secvar.c @@ -122,11 +122,33 @@ static ssize_t opal_secvar_format(char *buf, size_t bufsize) return rc; } +static int opal_secvar_max_size(u64 *max_size) +{ + int rc; + struct device_node *node; + + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-backend"); + if (!node) + return -ENODEV; + + if (!of_device_is_available(node)) { + rc = -ENODEV; + goto out; + } + + rc = of_property_read_u64(node, "max-var-size", max_size); + +out: + of_node_put(node); + return rc; +} + static const struct secvar_operations opal_secvar_ops = { .get = opal_get_variable, .get_next = opal_get_next_variable, .set = opal_set_variable, .format = opal_secvar_format, + .max_size = opal_secvar_max_size, }; static int opal_secvar_probe(struct platform_device *pdev) From patchwork Fri Feb 10 08:03:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55287 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820795wrn; Fri, 10 Feb 2023 00:06:30 -0800 (PST) X-Google-Smtp-Source: AK7set/JVxN3+kzIUv8kVk7QAdgbVsoZeSJ93ziLtVVa8G4tptYXS/MF4ZlQOoaCLbxpZuz03QrC X-Received: by 2002:a17:906:1d44:b0:889:b6ae:75ff with SMTP id o4-20020a1709061d4400b00889b6ae75ffmr14183743ejh.53.1676016390208; Fri, 10 Feb 2023 00:06:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016390; cv=none; d=google.com; s=arc-20160816; b=TxNVgvkfOuZjWYUYZPOJshVey9IzfqQG94gCWzR8FqQjlh93dyz3S8cMWPLxQ/Oe/N dYeLF9kX9rGLjCII1BFCR74ckF8vQyd/DshJr6cpIyjFhESlyi67SU1Zd9sZpubYWBG7 msl3FoMuX0jMuZmmH3ONQXUBNU4ZqI4W2DZHnIOoW/psrtTxSjr87tIRGKDSxYrMh6pj DgZGVMm/cdkejG0le6eC2f8doskXF0nMkHL+GJMF+Zfs1b3uQqXIzif0P6vrPTHrDFcs shHV7vbSqaebJnZBsmHZdq9T9r6zB/p7HPK4EgDNaq9MJUvehQ9OYcW+X19CIVep1q3D depA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eZb6vUAGTGnga61UM9JN4LJVD4kgAKESil2nrGX3iao=; b=onxRtLPGRhrZBUVUEenNSMp35D6hpy3YgLUOxmQ50IP1DAXZss3V/xzN3VqYQ4BEsd TyYs/VwUoYmKMrVwKQ4BvkBOXjMgWO1RGejcWoB1crKO0qARYrjQFV99bxV89KV3hNaD QsHinyiB7XRGytmg0wYGBSWsM9mzRA6TOIDHuOwRpf+Ahrejb+1hVt88JpMJTcfKUYq3 KGXNTdlcGrLmdHTh88UGw8VGlQSs/d+eEVxxklPRbCaotNoQX+vE1xIp/fkLk4ycM5t4 eY+Kpx0qGdD98kVVcURdy4jYEOWWfo7d5L+YMsTa5PXlj1I0fHn09CF0XF6hqoYphF2t 895Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=juEzpLM+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ew4-20020a170907950400b007aeaacd5592si4459122ejc.124.2023.02.10.00.06.06; Fri, 10 Feb 2023 00:06:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=juEzpLM+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231553AbjBJIEr (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231511AbjBJIEj (ORCPT ); Fri, 10 Feb 2023 03:04:39 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 967A780741; Fri, 10 Feb 2023 00:04:34 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7scRI025422; Fri, 10 Feb 2023 08:04:26 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=eZb6vUAGTGnga61UM9JN4LJVD4kgAKESil2nrGX3iao=; b=juEzpLM+o58+ip7qu/tElOKVook7j5RbrTeYmgW80dC3oRcxe5oqS9QqmFnGyCisNBVr eqJYFCtC/95NRwoE8XsodmGLzN7hlTetcQaSJTKMJym7dkOzeOgjnwDzAsIIw2KknHp3 E/ReRghSwPFctd7tb/ek5qBKyCzbTpShthwMC5zQYbkl3xmG33qpwCkJO11gExcy9CWV AE+xI4ImP6WBvOEZPYO179Su2sg+ZJG8WZ9D5By4iQH5zoKM8gnnY78Z8vAmgpk5095x LggRO5KaDrLVAJMb8Sc+U8OLLCIhC2L53hPHoxHPJQiq5O5HmJdN2z+DnBpXLSvKg6zi Dg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9c4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7t9pE026723; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9a8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319NbW87026034; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay03.fra02v.mail.ibm.com ([9.218.2.224]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3nhf06w4aq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay03.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84KNX41615854 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:20 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AFBCD2005A; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C35020040; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 0C907606E9; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 09/26] powerpc/secvar: Clean up init error messages Date: Fri, 10 Feb 2023 19:03:44 +1100 Message-Id: <20230210080401.345462-10-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: mFZH3w4ecpT83Zu251QLbrPmUvdt8I9W X-Proofpoint-GUID: tFnFHG_2uiO1UZWhL8xM8Sf7eLEsJBfN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 suspectscore=0 clxscore=1015 mlxscore=0 bulkscore=0 impostorscore=0 mlxlogscore=999 phishscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430562757526222?= X-GMAIL-MSGID: =?utf-8?q?1757430562757526222?= Remove unnecessary prefixes from error messages in secvar_sysfs_init() (the file defines pr_fmt, so putting "secvar:" in every message is unnecessary). Make capitalisation and punctuation more consistent. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 0966806f28c7..8f3deff94009 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -196,13 +196,13 @@ static int secvar_sysfs_init(void) int rc; if (!secvar_ops) { - pr_warn("secvar: failed to retrieve secvar operations.\n"); + pr_warn("Failed to retrieve secvar operations\n"); return -ENODEV; } secvar_kobj = kobject_create_and_add("secvar", firmware_kobj); if (!secvar_kobj) { - pr_err("secvar: Failed to create firmware kobj\n"); + pr_err("Failed to create firmware kobj\n"); return -ENOMEM; } @@ -214,7 +214,7 @@ static int secvar_sysfs_init(void) secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { - pr_err("secvar: sysfs kobject registration failed.\n"); + pr_err("sysfs kobject registration failed\n"); kobject_put(secvar_kobj); return -ENOMEM; } From patchwork Fri Feb 10 08:03:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55302 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821341wrn; Fri, 10 Feb 2023 00:07:49 -0800 (PST) X-Google-Smtp-Source: AK7set/ikEn3tFS8BvImpQtV4lkVElfCwMrMiqDdGGjYW3U0+4tk4smOIByWNhGTM++bcb2vaMpr X-Received: by 2002:a50:cd50:0:b0:4ab:4be9:5dcf with SMTP id d16-20020a50cd50000000b004ab4be95dcfmr970140edj.4.1676016469448; Fri, 10 Feb 2023 00:07:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016469; cv=none; d=google.com; s=arc-20160816; b=pDtGL7L7GbL+WO8IHm4aXvVGtwSeQG0ge0Nj1Auzzl3fLvUxgFClQdME9HegT5LMbU kTBDokU5VZdc82DougcLkzyBiZ8vsJGLliHdJMxHDtK0PSCf1rUHfMWVJQ1PgPQoSP0O pelaq5a5ZWhClVqPEnkNh1UOWUBkzmRs/RSbjg3FwLIp04YMZ6dEeVS6RY/wUdf1bH03 1TJwhag3jGPhpXEgrfirgHUIo6s6Y9IG41JD70rqpDW0ZvCr95WEd0UlRy2quuGJjwaP LjczLm1XwPOhU3I+d+pGa5JVYKfnh0DY+hRVIt+Mchg/dFWwY+zU1lfEAmIXokF+kFDS 1ckA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=S3IwBRsZdsoCvc3RVU2TWTGixDKNmbhq85X0YWsSqy0=; b=ESctlU7XJNjVU2GmT2Cl2tRvit5B3SPWX/Q2R+CNBnJqErU5CiUoV2zcfKHKncBaH4 hUpPGupp1FvhPugLGBbSNmtEbJ8d43nIw5609vBVHvQl7qHnKS9bdT80+XDD6LsiXeNE 4XmAArtIUnI2gfwBDzVYkoePf75R7oHBboCrF9N30n/Ix1YFSQyuWsFtqs9NVOF1K/mK VhLXVXsMs2RSNv4K4xAOAKLSkgLnGaLTyjuPhoGnO8qfRkVItUKyFYe4GjC4DH09DugT mEA86oPL1Acoip+9gvJpGjIdLOrVKzJZJk1C0Wfs8roH1lo3m44ztQClOQiCbnxk4L4r SRqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=eVdidaIc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a9-20020a50e709000000b004aacde6642bsi5299058edn.99.2023.02.10.00.07.14; Fri, 10 Feb 2023 00:07:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=eVdidaIc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231702AbjBJIGF (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231616AbjBJIFN (ORCPT ); Fri, 10 Feb 2023 03:05:13 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D19181853; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7wZps013885; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=S3IwBRsZdsoCvc3RVU2TWTGixDKNmbhq85X0YWsSqy0=; b=eVdidaIcaWiOgLQMWOjq90hQovPb4ZiYCfKLQaupuJamM6FZbgRAUAvVXmiUCBBcEj5E RLfNv+DZWLXfVHxmgGHHUVyipCeUf/Kvz2RUD20cvksuDXIV38LpM3fmfGuQhps8UyKQ SXUwj5Om/Acy2EPEY/4VxNjEqNroeXwt0L/+3RBNHaybcjEMxMtoCi0xF01wboIgwjVa I6jlDm6dI+Z8mYeitUx5HIhtrDtNyICrF5RK9R104RKHcpcKdRBYUNbZbFTMFmOQdooH wtmZ9A3qLpxU+5ab0cM8mfd0h1X+b4fruMjP8DkIVC96tTTS7+q139ZSDlqJ70zpTd6A EA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5em-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7xZCt016176; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5d0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319E1H2b015745; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n3us-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84LiW23593644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 33E0A2005A; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2D5DD2004D; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 1824160953; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 10/26] powerpc/secvar: Extend sysfs to include config vars Date: Fri, 10 Feb 2023 19:03:45 +1100 Message-Id: <20230210080401.345462-11-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: CwfAPzd2dD23yxt4I0YmrZSTkI9Hh8pq X-Proofpoint-GUID: F-HU4bxLueaajTJsO-I--1Mx56oc27EV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 phishscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 mlxscore=0 suspectscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430645408437954?= X-GMAIL-MSGID: =?utf-8?q?1757430645408437954?= From: Russell Currey The forthcoming pseries consumer of the secvar API wants to expose a number of config variables. Allowing secvar implementations to provide their own sysfs attributes makes it easy for consumers to expose what they need to. This is not being used by the OPAL secvar implementation at present, and the config directory will not be created if no attributes are set. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: Remove unnecessary "secvar:" prefix from error messages (ajd) Merge config attributes into secvar_operations (mpe) --- arch/powerpc/include/asm/secvar.h | 2 ++ arch/powerpc/kernel/secvar-sysfs.c | 33 +++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index bf396215903d..011a53a8076c 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -10,6 +10,7 @@ #include #include +#include extern const struct secvar_operations *secvar_ops; @@ -19,6 +20,7 @@ struct secvar_operations { int (*set)(const char *key, u64 key_len, u8 *data, u64 data_size); ssize_t (*format)(char *buf, size_t bufsize); int (*max_size)(u64 *max_size); + const struct attribute **config_attrs; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 8f3deff94009..7df32be86507 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -144,6 +144,19 @@ static int update_kobj_size(void) return 0; } +static int secvar_sysfs_config(struct kobject *kobj) +{ + struct attribute_group config_group = { + .name = "config", + .attrs = (struct attribute **)secvar_ops->config_attrs, + }; + + if (secvar_ops->config_attrs) + return sysfs_create_group(kobj, &config_group); + + return 0; +} + static int secvar_sysfs_load(void) { struct kobject *kobj; @@ -208,26 +221,36 @@ static int secvar_sysfs_init(void) rc = sysfs_create_file(secvar_kobj, &format_attr.attr); if (rc) { - kobject_put(secvar_kobj); - return -ENOMEM; + pr_err("Failed to create format object\n"); + rc = -ENOMEM; + goto err; } secvar_kset = kset_create_and_add("vars", NULL, secvar_kobj); if (!secvar_kset) { pr_err("sysfs kobject registration failed\n"); - kobject_put(secvar_kobj); - return -ENOMEM; + rc = -ENOMEM; + goto err; } rc = update_kobj_size(); if (rc) { pr_err("Cannot read the size of the attribute\n"); - return rc; + goto err; + } + + rc = secvar_sysfs_config(secvar_kobj); + if (rc) { + pr_err("Failed to create config directory\n"); + goto err; } secvar_sysfs_load(); return 0; +err: + kobject_put(secvar_kobj); + return rc; } late_initcall(secvar_sysfs_init); From patchwork Fri Feb 10 08:03:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55292 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820934wrn; Fri, 10 Feb 2023 00:06:49 -0800 (PST) X-Google-Smtp-Source: AK7set8tQEATWAoSpxo+HHLSVeL2Jb82BD/Q0zF4S+GlaEOk5H40ESWPlUw3GSpS4HYsugc9Ps3s X-Received: by 2002:a17:906:d051:b0:86f:3dfa:4016 with SMTP id bo17-20020a170906d05100b0086f3dfa4016mr13351779ejb.7.1676016409267; Fri, 10 Feb 2023 00:06:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016409; cv=none; d=google.com; s=arc-20160816; b=VOMUGEVQ4A/zspOIJJ9qRPNE08mxvqtRdSV2ihL4jvwUbCppcUegKIn1f05CpdHnXx ZwPV7vJqnT0UIYj5GUvtOdE9liVW/1uqTygF8jTXp0xLC4ofADCF6Mb6ZLG5DnSWiDCU +GyMI4Tr4sOuXPbDMDJJY8E71VyUUf1/277PmW9toMvHDrCSyzrc1jbIk9akialWrIXz J+3Xbs/oOJ84abX2Pnpa2iMiVDIuTYQvNkzTTQG+6LOuaCcEw1nYqODQHFGFkaPCNmKy ceNPC5FVgxkR1WbVFfpx2AhayAGgCLy7AOb6JWE+BzxYHx0y2freJquWcpnO3R1l3N9b m+Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=EDMRb/pgprezJpuLp7eG9eI5mYQwAF6AHf8HSWqEV9Q=; b=FqhTnjCkyRF5CB88KcS+DystWjAkcZDa+vzU2M34gCfp3GrQd8XAwslWM7wq3wf/1a 5x2SRMzRn3i9/mBz1mU6SAhWyRJbDQKg359IzU3009XEp6+H9ED4IM5JvCXpUn+CEfqo V4QcmXXXVsWMPkxUmfusUTbJoCW3MepRIxCnKImQvagk3YABEuqRWA/nbKtnHd+0EBAI +YOhGjYY71nYov1v05SUS5OiUH6I+JyWtt3smKUyE+kzv1UUg14S9nAR5r4jKagcSXJ/ BjI0ax8ERICigypIhlrPJjkQCGf87C7l4YFmD8Tw0oULcNMeOjAK0ZKYykkQCg7v1620 kvfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=NzCTP90n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e4-20020a056402088400b004ab250bcee1si3103141edy.643.2023.02.10.00.06.26; Fri, 10 Feb 2023 00:06:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=NzCTP90n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231608AbjBJIFI (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231544AbjBJIEo (ORCPT ); Fri, 10 Feb 2023 03:04:44 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F9408075D; Fri, 10 Feb 2023 00:04:35 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7sa6P025248; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=EDMRb/pgprezJpuLp7eG9eI5mYQwAF6AHf8HSWqEV9Q=; b=NzCTP90nzoL25NNnl6cBTNDcaCOppRO23JFAcQi0ZGpHhwUkQg5UAuzQmLadNSZ9qlr0 I9JWGjD/a06VkBPpilqkKiVopndqVS3+gd8UOeb0qXUOHV8rbSYa4Os050cbqNWyU+lm ShDN+1MlDgsDYnlWbpHU/BU4DjZ5WLYDPr5nEG82Y5d55A0/FrYnoSH8WRsS3wdvMxYw 5YKTAM5iT+8BCtWNqPA3agD5Ojw3I5Leu04LkYd0XntfYCDxS5djrhiidXpybu9j4fEv zPTYTWplVOlywXX3Fb4mafEWfHxG3G1v0poofh3tJXMtOLHZV76+iP6D1LvxgRKPg8Lf ow== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9cm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7t9Gr026741; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9aq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7MeAI021050; Fri, 10 Feb 2023 08:04:24 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3nhemfq6cd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:24 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84Lak22807266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A38572004E; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9DB9D20043; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 2485C60954; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 11/26] powerpc/secvar: Allow backend to populate static list of variable names Date: Fri, 10 Feb 2023 19:03:46 +1100 Message-Id: <20230210080401.345462-12-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: axkixmmpmCaGdezZ4Ou-pn9Nvb4lpPWf X-Proofpoint-GUID: RhdfuBOFXfIR0r-R08ZTvlQcLp6ErXIB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 suspectscore=0 clxscore=1015 mlxscore=0 bulkscore=0 impostorscore=0 mlxlogscore=999 phishscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430582486811662?= X-GMAIL-MSGID: =?utf-8?q?1757430582486811662?= Currently, the list of variables is populated by calling secvar_ops->get_next() repeatedly, which is explicitly modelled on the OPAL API (including the keylen parameter). For the upcoming PLPKS backend, we have a static list of variable names. It is messy to fit that into get_next(), so instead, let the backend put a NULL-terminated array of variable names into secvar_ops->var_names, which will be used if get_next() is undefined. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (ajd/mpe) v6: Add newlines for better aesthetics (stefanb) --- arch/powerpc/include/asm/secvar.h | 4 ++ arch/powerpc/kernel/secvar-sysfs.c | 69 +++++++++++++++++++++--------- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/arch/powerpc/include/asm/secvar.h b/arch/powerpc/include/asm/secvar.h index 011a53a8076c..4828e0ab7e3c 100644 --- a/arch/powerpc/include/asm/secvar.h +++ b/arch/powerpc/include/asm/secvar.h @@ -21,6 +21,10 @@ struct secvar_operations { ssize_t (*format)(char *buf, size_t bufsize); int (*max_size)(u64 *max_size); const struct attribute **config_attrs; + + // NULL-terminated array of fixed variable names + // Only used if get_next() isn't provided + const char * const *var_names; }; #ifdef CONFIG_PPC_SECURE_BOOT diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 7df32be86507..bfb19f22c6ba 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -157,9 +157,31 @@ static int secvar_sysfs_config(struct kobject *kobj) return 0; } -static int secvar_sysfs_load(void) +static int add_var(const char *name) { struct kobject *kobj; + int rc; + + kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); + if (!kobj) + return -ENOMEM; + + kobject_init(kobj, &secvar_ktype); + + rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); + if (rc) { + pr_warn("kobject_add error %d for attribute: %s\n", rc, + name); + kobject_put(kobj); + return rc; + } + + kobject_uevent(kobj, KOBJ_ADD); + return 0; +} + +static int secvar_sysfs_load(void) +{ u64 namesize = 0; char *name; int rc; @@ -179,31 +201,28 @@ static int secvar_sysfs_load(void) break; } - kobj = kzalloc(sizeof(*kobj), GFP_KERNEL); - if (!kobj) { - rc = -ENOMEM; - break; - } - - kobject_init(kobj, &secvar_ktype); - - rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name); - if (rc) { - pr_warn("kobject_add error %d for attribute: %s\n", rc, - name); - kobject_put(kobj); - kobj = NULL; - } - - if (kobj) - kobject_uevent(kobj, KOBJ_ADD); - + rc = add_var(name); } while (!rc); kfree(name); return rc; } +static int secvar_sysfs_load_static(void) +{ + const char * const *name_ptr = secvar_ops->var_names; + int rc; + + while (*name_ptr) { + rc = add_var(*name_ptr); + if (rc) + return rc; + name_ptr++; + } + + return 0; +} + static int secvar_sysfs_init(void) { int rc; @@ -245,7 +264,15 @@ static int secvar_sysfs_init(void) goto err; } - secvar_sysfs_load(); + if (secvar_ops->get_next) + rc = secvar_sysfs_load(); + else + rc = secvar_sysfs_load_static(); + + if (rc) { + pr_err("Failed to create variable attributes\n"); + goto err; + } return 0; err: From patchwork Fri Feb 10 08:03:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55301 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821339wrn; Fri, 10 Feb 2023 00:07:48 -0800 (PST) X-Google-Smtp-Source: AK7set8d4XJp5BtJ8AekWrNmH7XiaxqehX7/6JnSdZJHKPxp3IcDEfRJufE7ssHd/8FU0U+J4J5F X-Received: by 2002:a17:907:9709:b0:888:1613:49d4 with SMTP id jg9-20020a170907970900b00888161349d4mr19711372ejc.0.1676016468676; Fri, 10 Feb 2023 00:07:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016468; cv=none; d=google.com; s=arc-20160816; b=aLkd8holMeQw81fI2/2mo/HYKl8ZuRAzyjOCFZB83PKr4OCGPVY1kEZ+WnIMW3EeE8 kvD61H1D98quAbfHQIMKpN82TU6B2G20EmiiZDmAW05IRSsaLA4zeGz6NKiRXuBnuERP 4m/mJ5Zgjkcs56ZYJplERbNAiB2oOzJnHiAb3cd/kJa9tUT/x/ewFDwCSYIlTcluhaa6 4NIAHac2f8uRoqDtGUzIqsz94uWWlSmuX7xPpvsv4juoTza4oUW6a4rrBnJu90HNLqU3 0XWPpdMVtttCW9sl04OroZD/Ht7YorKp7bkEyFgPG5p1HdrIl9EFareekb07jRUMRV+O AFsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Mz/m+UoRYuFUUZb89gu8Ix2Q3YtcIMhHY1JJ5tirGWA=; b=lXg3zyzAg5xa/DDH3rLKyi0ykPnlbr+xJyl6vMV26BQiZiPFy7/lGzsKLw/k8n6WOc gs06oivW4CmaUHWMEy78+BKUXGBFIPVY3+6dAXjUqUkwVzbmmCs+IMtyMJ6mC178u6Sr ttAKn4EasreY5k1XYJow8/75WxZDAAzVZqHnURnWnXuyzuQbckKW7g2pcn60dXATAKv8 +wvJTqBZbZTI9lB5CQyycXqQK7HwlHzhHO9u3JLEz6C6IypBfkoOdoVHrG5PGHiBpwGF b69hXXUBcrDaBsziJKZ3NxEr3awvgHYfVMxufEs+ZTck8ziPV/G/6LqtONf+aYWxrjok DDgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VQIcTGBo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id iy17-20020a170907819100b0088e0dfe36fdsi4060923ejc.729.2023.02.10.00.07.25; Fri, 10 Feb 2023 00:07:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=VQIcTGBo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231585AbjBJIE4 (ORCPT + 99 others); Fri, 10 Feb 2023 03:04:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231435AbjBJIEn (ORCPT ); Fri, 10 Feb 2023 03:04:43 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26F7180747; Fri, 10 Feb 2023 00:04:35 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A80Zqi002110; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Mz/m+UoRYuFUUZb89gu8Ix2Q3YtcIMhHY1JJ5tirGWA=; b=VQIcTGBoC5IbxuhCNmLkQ+mXsppMaf6LhUBULr8krLcOS3RZyMhaR+rnqdm/szXq0bn2 vkt1cGBxSEM7FJlcxnUrlrSxmv55iGjgwlWZs6aFD8OSEjkTorSfPSbVsJMqk9OOEeAZ Vbo2C54UbAVmPkPT0eZzXjitc1HhfH05F9q+Bm/904bEOf+bottSDXXPklIvXUWDGLRK XfUdTv1+mQZkqZpYJRlEFiGU3s8DjuwbVLRIw1nOSndD5mYXfiXrZXOl+kAtg8hx5pM6 6xbxyhILssIGX4+rEYFGxOPVPV9jXAJ3SYNa07qG6fHxwhOfTEYsRzAadecElkgaYpHv zA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r032p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A84Qib019162; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma04ams.nl.ibm.com (63.31.33a9.ip4.static.sl-reverse.com [169.51.49.99]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r031k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from pps.filterd (ppma04ams.nl.ibm.com [127.0.0.1]) by ppma04ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A6RrxE024301; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma04ams.nl.ibm.com (PPS) with ESMTPS id 3nhf06y5wd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84LqX22151532 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 300162004B; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A0B6A2005A; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 306B960808; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 12/26] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Date: Fri, 10 Feb 2023 19:03:47 +1100 Message-Id: <20230210080401.345462-13-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: bze12ioFa_dsPXoIwHM4yk8Kvs1Yh8E9 X-Proofpoint-GUID: 1KMOS7QICOR-9IXt1WIRysRbF76ibUU7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 phishscore=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430644976073712?= X-GMAIL-MSGID: =?utf-8?q?1757430644976073712?= Due to sysfs constraints, when writing to a variable, we can only handle writes of up to PAGE_SIZE. It's possible that the maximum object size is larger than PAGE_SIZE, in which case, print a warning on boot so that the user is aware. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (ajd) --- arch/powerpc/kernel/secvar-sysfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index bfb19f22c6ba..6ba23b2bb9da 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -225,6 +225,7 @@ static int secvar_sysfs_load_static(void) static int secvar_sysfs_init(void) { + u64 max_size; int rc; if (!secvar_ops) { @@ -274,6 +275,14 @@ static int secvar_sysfs_init(void) goto err; } + // Due to sysfs limitations, we will only ever get a write buffer of + // up to 1 page in size. Print a warning if this is potentially going + // to cause problems, so that the user is aware. + secvar_ops->max_size(&max_size); + if (max_size > PAGE_SIZE) + pr_warn_ratelimited("PAGE_SIZE (%lu) is smaller than maximum object size (%llu), writes are limited to PAGE_SIZE\n", + PAGE_SIZE, max_size); + return 0; err: kobject_put(secvar_kobj); From patchwork Fri Feb 10 08:03:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55293 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820937wrn; Fri, 10 Feb 2023 00:06:49 -0800 (PST) X-Google-Smtp-Source: AK7set+ckDvukIVcFA2ZtCgnYc1Ii7Cujg9BForLI87Fqsxd51dNHRQUG11WGEUuxn+TzmkxMYVA X-Received: by 2002:a17:907:2104:b0:88d:697d:a3d2 with SMTP id qn4-20020a170907210400b0088d697da3d2mr14091805ejb.54.1676016409807; Fri, 10 Feb 2023 00:06:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016409; cv=none; d=google.com; s=arc-20160816; b=hTFmvCVWcPkm+hN5fvdskXNWH3uZ2Zp4hAceqWILdC3qFJEwHcQKt2Nr2rLoXSVJEG rH+4eIyKhUwxS7N4t+pyW2r2SCmlpjihmAA6PRONB3ylAEH6dMKDKMyhqNA0CcsHP4kk s5ZT7OX51H/5BeOV7RESJ1z4gfRPr4CX0W1jTbTXQq8g+TZW2qUA2opcfvgSnYxZmuZL ccOwQga+sXUwA7ALn3ru3z8rk9fCx61TotFVawN0x13lXRTFkvsAuYWwIcoPNh01swf2 2gfaG/jT0WibOmRfVC3rsQVMX/CMtxn/NRb/AnzkKlVkoW+n/BIl5grv89o9PTkP+NM1 tSWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6RkPafligA6B+YzStqIbqDRp7JI1Hfw2d/onHYoGAx4=; b=mCNvWTpadzF5UQvB3nZ9/6N1/8Jb4d/2iZ1VIJryjl1ztPhw7iOI4ttIeZVkgWOmYR SZFl+KnLOX73sdu6clJmeMYhfPZzLBYSw2ea8VOv0OPENMGAqqlpnx0pS6rC/iTqNgfd bbHZGdYho7MCm4o+x43cyqTiyO6JZ09nWnMMKMg6wkDa0CZi/v6upGO7S6i5iklt7hEC Dk+97qgVHb5iPRWm0GObCzr+CSAU8S9HPEzHZP7JSzdfbHxXmLDaVqRf/EaPMJHRW/6J V8EyCmNWsPd2Y7HuCh1Mq3YoWGhwFhRu2MHNWdy+Jw3DCgAuU0QIEdMzAuxXHMFcKSfd dKog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ddghUGUK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fp17-20020a1709069e1100b0088c3a872136si4053576ejc.693.2023.02.10.00.06.26; Fri, 10 Feb 2023 00:06:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=ddghUGUK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231612AbjBJIFK (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231569AbjBJIEv (ORCPT ); Fri, 10 Feb 2023 03:04:51 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 494F280772; Fri, 10 Feb 2023 00:04:36 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7hGNh006808; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=6RkPafligA6B+YzStqIbqDRp7JI1Hfw2d/onHYoGAx4=; b=ddghUGUKO911Q3wfgJSO6yfv0+tC3KLeKC+cprCbiE7FoUxr8SgsXnaP4TDukhJHMnHR UzQMX/bnvc6eRP/wILEH231wqgGis/Rbe/kZoJFrX4j3Vf99SAxb8AJQAF8p1s8GeFsC UAJJ/bhNJvYKK9pi/8k0hfa2qwXt5utl/ITajf8ic1YDNA7dgBh21RESBe4i9dGL9QjB HcWiaI/5ZJVMwxwBPIH3vcyyFGyPDTMZ7OUzdQM6mD2w1zYFDjaywaKBVVqJOQj7oOB3 4W9P0c0D5v1KROLjueCwf8YF55sJzHdyKWzI78NyLJCQBlaWa1feBEUgH1/XDeM251BW 5w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhnu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7lVKv022488; Fri, 10 Feb 2023 08:04:25 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhmn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A6FcSh020984; Fri, 10 Feb 2023 08:04:24 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3nhemfq6cc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84LbV22610276 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3204920040; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A214F20043; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 46DED6096E; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 13/26] powerpc/secvar: Don't print error on ENOENT when reading variables Date: Fri, 10 Feb 2023 19:03:48 +1100 Message-Id: <20230210080401.345462-14-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: qkh-ENGpZZfeRl5nFMZ5iqKYoQF2Dlro X-Proofpoint-ORIG-GUID: YkWXcUUTfGWKSfQT7UMzOWmM5f7nSl5O X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430583152598799?= X-GMAIL-MSGID: =?utf-8?q?1757430583152598799?= If attempting to read the size or data attributes of a non-existent variable (which will be possible after a later patch to expose the PLPKS via the secvar interface), don't spam the kernel log with error messages. Only print errors for return codes that aren't ENOENT. Reported-by: Sudhakar Kuppusamy Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch --- arch/powerpc/kernel/secvar-sysfs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/secvar-sysfs.c b/arch/powerpc/kernel/secvar-sysfs.c index 6ba23b2bb9da..eb3c053f323f 100644 --- a/arch/powerpc/kernel/secvar-sysfs.c +++ b/arch/powerpc/kernel/secvar-sysfs.c @@ -43,8 +43,8 @@ static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error retrieving %s variable size %d\n", kobj->name, - rc); + if (rc != -ENOENT) + pr_err("Error retrieving %s variable size %d\n", kobj->name, rc); return rc; } @@ -61,7 +61,8 @@ static ssize_t data_read(struct file *filep, struct kobject *kobj, rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize); if (rc) { - pr_err("Error getting %s variable size %d\n", kobj->name, rc); + if (rc != -ENOENT) + pr_err("Error getting %s variable size %d\n", kobj->name, rc); return rc; } pr_debug("dsize is %llu\n", dsize); From patchwork Fri Feb 10 08:03:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55298 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821213wrn; Fri, 10 Feb 2023 00:07:33 -0800 (PST) X-Google-Smtp-Source: AK7set9jom7fk5TyLs/dx2kK1FUB0jLtCDrib8ikh2UJ2GJWdGMq/690hmluOj51hb5PTpUPbxmw X-Received: by 2002:a17:907:1c90:b0:8aa:be1a:2d1b with SMTP id nb16-20020a1709071c9000b008aabe1a2d1bmr16147080ejc.46.1676016453147; Fri, 10 Feb 2023 00:07:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016453; cv=none; d=google.com; s=arc-20160816; b=hzYuul4uJGq2w7dcE2o6Xu7SG1/3UA5XFd8QwURQWYUJArf+r4aEPIREaRPhAVz/lu XmDG4J+DkTiitqp4mlwC6JFznB1QEAYIe6HjGyLjNIdCl585FMLnJ1Nrdu303rlZQL0x jAhIy+vPcsSE+BAZomn2nGQNOGm/gN4fYJtGPC+wk9Q3b8Wm5ditM8q6ORO3niPIaUHi vA/Mbiwn6LNSl/MWl9inxwMKMxKAUG+Sr4ZQg9d3Pl67QOcrwcWnejAF13lt9+ITXt30 xmP0gkeigPG9atCuPpZ1b0NmU3SOrY302tLriiJt3UIC78NM+myW854qe+lxttMuQVgs UlmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=BsL1ePXwOOXNjQDluFUSAj3yoloT3UdHoCxMkzSHPkg=; b=WH815iRjdxzv2FEwmj9LXvgpgnPnf6Gkygs9UewjCtHvTX4ew48LjCv+nUVzxM2fSz kOLDXgc5LK//pGUJEq2kGXZAT2nHCax2PQy4WaEmXmQe5oDhSFICeaoaTSCXwI0HQY6N 0rQo5rPSHjSSYOVh4s/0CO7F4q577bvouqPjHhTkOdHGHzjnuiPOkhLsWKmKMosD/snh uvIUEnwW3EwYZCLzZxITrwljMwx2u72QB0sphjEHvwCrLNMqs2HA/XHbfLVkcsiaO+Um l2rYQIFj2K818xflgrrrZWVqqClZ5Je0qKexNWBnQRzIoIYtzKwyJPXjyDE2e1sjo/dt Ty7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qquDDg2c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ay16-20020a170907901000b0088fa742b8ebsi3935415ejc.667.2023.02.10.00.07.10; Fri, 10 Feb 2023 00:07:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=qquDDg2c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231668AbjBJIGA (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47338 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231625AbjBJIFO (ORCPT ); Fri, 10 Feb 2023 03:05:14 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5388C80767; Fri, 10 Feb 2023 00:04:38 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7wooI014438; Fri, 10 Feb 2023 08:04:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=BsL1ePXwOOXNjQDluFUSAj3yoloT3UdHoCxMkzSHPkg=; b=qquDDg2cYecoGHxOzf4oHFd+dy+aONrlCJRh3Ug+e2VKXYTDwvyZuIUZYxMhf8i3zcG3 1aeQ6Jq3YKzsVb/PyuBwyXnUbx/zM/aRdgwaboxFR3F+SyC6YWAWbO/o/DXiii8h8DFf lf5slom7oHmIK3qXv604cX1hvM4jadbMrfOzZNAm2d8tKrGLiK11HaIDtBiO1mfFakQC hXxbRPol3a0gD12uX19fT01gvAo0TFUffnuVE3DdE9v77Rr9xeKju2gRADAwHkadaHlW 2uOV7ICJlJ2eq2Eqtk8UEK125rDNy/SiyDlrLH1Q0SkcA7roV1UyJcEadTNy6p4RFytQ dw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5ec-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7wcHJ013990; Fri, 10 Feb 2023 08:04:26 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5cw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319Ft9ft004215; Fri, 10 Feb 2023 08:04:23 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n40f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:23 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84Le822807254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:21 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 322592004F; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A26392004E; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:20 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 5D61C60972; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 14/26] powerpc/pseries: Move plpks.h to include directory Date: Fri, 10 Feb 2023 19:03:49 +1100 Message-Id: <20230210080401.345462-15-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: O6LkmVq4q9bBItnu0FqGcwc6eNIeSdcd X-Proofpoint-GUID: Au9HCKTEOmBwJd9x1NSQOhxkAWLgckZ- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 phishscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 mlxscore=0 suspectscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430628547154372?= X-GMAIL-MSGID: =?utf-8?q?1757430628547154372?= From: Russell Currey Move plpks.h from platforms/pseries/ to include/asm/. This is necessary for later patches to make use of the PLPKS from code in other subsystems. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch --- .../powerpc/{platforms/pseries => include/asm}/plpks.h | 10 +++++++--- arch/powerpc/platforms/pseries/plpks.c | 3 +-- 2 files changed, 8 insertions(+), 5 deletions(-) rename arch/powerpc/{platforms/pseries => include/asm}/plpks.h (89%) diff --git a/arch/powerpc/platforms/pseries/plpks.h b/arch/powerpc/include/asm/plpks.h similarity index 89% rename from arch/powerpc/platforms/pseries/plpks.h rename to arch/powerpc/include/asm/plpks.h index 275ccd86bfb5..8295502ee93b 100644 --- a/arch/powerpc/platforms/pseries/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -6,8 +6,10 @@ * Platform keystore for pseries LPAR(PLPKS). */ -#ifndef _PSERIES_PLPKS_H -#define _PSERIES_PLPKS_H +#ifndef _ASM_POWERPC_PLPKS_H +#define _ASM_POWERPC_PLPKS_H + +#ifdef CONFIG_PSERIES_PLPKS #include #include @@ -68,4 +70,6 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); -#endif +#endif // CONFIG_PSERIES_PLPKS + +#endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index a01cf2ff140a..13e6daadb179 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -18,8 +18,7 @@ #include #include #include - -#include "plpks.h" +#include #define PKS_FW_OWNER 0x1 #define PKS_BOOTLOADER_OWNER 0x2 From patchwork Fri Feb 10 08:03:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55305 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821563wrn; Fri, 10 Feb 2023 00:08:19 -0800 (PST) X-Google-Smtp-Source: AK7set+31W3Uwk4HtPE3UPVizU1zI/OEnqDsC1izb/HQKp5Dc85np45rzaP4P7Qiz0mjK5hi9+XC X-Received: by 2002:a17:907:7293:b0:8af:2b80:a1a with SMTP id dt19-20020a170907729300b008af2b800a1amr8227759ejc.10.1676016499784; Fri, 10 Feb 2023 00:08:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016499; cv=none; d=google.com; s=arc-20160816; b=022737sGqWtT/OqYZqQ6lpchf04jVs1ICNzsUaAhluo7VHBcnqr6pzmOyGoYB4Nr5R jDO2XWN6Wnv8s3vC1Nv5vNREmKr0609v8pYMu/6wlW60/et2oXCo26JNDDtZBTgzSqVP +rKGwQ49A+1Lx1/qSGhl8AD+iJ++MLBvGxFyne+iKgmTU/6QPahd9w3SyTqdCuirQl7Y a2QLU+QbUMSuyDixZ5PsX1K1SQVa/Na9JZV2nofDMYztl8tgr5jFUfPPkzw3dkPns3/e g4bOOxnYTVLkjZMBRE0rYzHHi8Atth7v4hXIyQiUGozul/ATW1J/ExFC64zfsl8ChQsp 8+Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=AUR+itMMjTBo6eW+lG6x+xOBXZ4hPq2DwuCulCvbpk8=; b=UXoa1D5D9siIuEE5syjJYta8ADvahpmLRzb5JNpM5bzNNotzKC2NWQXm11WQO/1rN+ vvzmnibn07ZT5StjKVG8QqGUQtGSTZQnDAG2Rf9Tlh78QteSKD8dugErNsv7FluO37qi uMg119MlALhQhJb1WY+9ceePkyG0eSVYKaZr657ensGMleXMfkDZELs1Cb+MHph/J0VW wSlKlI/KCk3TN2NTXEqRPko/VWtF9nv8EwNPnzcKm5g8anBXkAj6UXB2uYinl9RCqoUd HH36CPBGJKsZJ2az66uUNdkQkDZ1tNYG3dw3tLvu8N78ujNLzareU+LOB4AgtoScijsZ qoJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PI6pBQLO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s18-20020a170906221200b0088b3b09e13fsi4875637ejs.953.2023.02.10.00.07.56; Fri, 10 Feb 2023 00:08:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PI6pBQLO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231728AbjBJIGK (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231617AbjBJIFN (ORCPT ); Fri, 10 Feb 2023 03:05:13 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7031F80760; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A83MZw008514; Fri, 10 Feb 2023 08:04:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=AUR+itMMjTBo6eW+lG6x+xOBXZ4hPq2DwuCulCvbpk8=; b=PI6pBQLOpJcjXMMet5RcSv3FQuG+KawIWG2Lp2N7CWmJmeMZCGCxtEU2GDoM7o2O1ESy KhA/3yJOUhreISv2Oj0MhYcM83y4R+RpBohY7Y346HvqQkX88QBtn5gur/jl03yU5YQX K42Q/Vt1uTwYMESsd8snQIuJbuTgE9FMc3Ker+vB1Ui45EgHEgBSRHAjyDFWnoWKoV1B cVsrnIzXBiuRFojaKoMPvOrDh9NUm+tbkxcp/UMFVZbe5iuT1aLQyl5a7Zf3uY79Ebbe QJuvRMw50YvRvZp1hWlfUy1n/w4vpPi3ru73qK50meWL2ZtlSNF1t0DCPW82YQxejY2n yA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r1cu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A84D0A013376; Fri, 10 Feb 2023 08:04:28 GMT Received: from ppma06fra.de.ibm.com (48.49.7a9f.ip4.static.sl-reverse.com [159.122.73.72]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r1av-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from pps.filterd (ppma06fra.de.ibm.com [127.0.0.1]) by ppma06fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319Gt40T024491; Fri, 10 Feb 2023 08:04:26 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma06fra.de.ibm.com (PPS) with ESMTPS id 3nhemfn4xw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84Nch50004448 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A6F2A2004E; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E7D120040; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 6917F6096D; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 15/26] powerpc/pseries: Move PLPKS constants to header file Date: Fri, 10 Feb 2023 19:03:50 +1100 Message-Id: <20230210080401.345462-16-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: VbtgJvwCjBAsXtujelv_sGVTA-Rn6Ki5 X-Proofpoint-ORIG-GUID: HyWVpY7aPXCzMFBgcl1FxfJkpAat1VcE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 impostorscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430677548481499?= X-GMAIL-MSGID: =?utf-8?q?1757430677548481499?= From: Russell Currey Move the constants defined in plpks.c to plpks.h, and standardise their naming, so that PLPKS consumers can make use of them later on. Signed-off-by: Russell Currey Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch --- arch/powerpc/include/asm/plpks.h | 36 +++++++++++++--- arch/powerpc/platforms/pseries/plpks.c | 57 ++++++++++---------------- 2 files changed, 53 insertions(+), 40 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 8295502ee93b..6466aadd7145 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -14,14 +14,40 @@ #include #include -#define OSSECBOOTAUDIT 0x40000000 -#define OSSECBOOTENFORCE 0x20000000 -#define WORLDREADABLE 0x08000000 -#define SIGNEDUPDATE 0x01000000 +// Object policy flags from supported_policies +#define PLPKS_OSSECBOOTAUDIT PPC_BIT32(1) // OS secure boot must be audit/enforce +#define PLPKS_OSSECBOOTENFORCE PPC_BIT32(2) // OS secure boot must be enforce +#define PLPKS_PWSET PPC_BIT32(3) // No access without password set +#define PLPKS_WORLDREADABLE PPC_BIT32(4) // Readable without authentication +#define PLPKS_IMMUTABLE PPC_BIT32(5) // Once written, object cannot be removed +#define PLPKS_TRANSIENT PPC_BIT32(6) // Object does not persist through reboot +#define PLPKS_SIGNEDUPDATE PPC_BIT32(7) // Object can only be modified by signed updates +#define PLPKS_HVPROVISIONED PPC_BIT32(28) // Hypervisor has provisioned this object -#define PLPKS_VAR_LINUX 0x02 +// Signature algorithm flags from signed_update_algorithms +#define PLPKS_ALG_RSA2048 PPC_BIT(0) +#define PLPKS_ALG_RSA4096 PPC_BIT(1) + +// Object label OS metadata flags +#define PLPKS_VAR_LINUX 0x02 #define PLPKS_VAR_COMMON 0x04 +// Flags for which consumer owns an object is owned by +#define PLPKS_FW_OWNER 0x1 +#define PLPKS_BOOTLOADER_OWNER 0x2 +#define PLPKS_OS_OWNER 0x3 + +// Flags for label metadata fields +#define PLPKS_LABEL_VERSION 0 +#define PLPKS_MAX_LABEL_ATTR_SIZE 16 +#define PLPKS_MAX_NAME_SIZE 239 +#define PLPKS_MAX_DATA_SIZE 4000 + +// Timeouts for PLPKS operations +#define PLPKS_MAX_TIMEOUT 5000 // msec +#define PLPKS_FLUSH_SLEEP 10 // msec +#define PLPKS_FLUSH_SLEEP_RANGE 400 + struct plpks_var { char *component; u8 *name; diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 13e6daadb179..91f3f623a2c7 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -20,19 +20,6 @@ #include #include -#define PKS_FW_OWNER 0x1 -#define PKS_BOOTLOADER_OWNER 0x2 -#define PKS_OS_OWNER 0x3 - -#define LABEL_VERSION 0 -#define MAX_LABEL_ATTR_SIZE 16 -#define MAX_NAME_SIZE 239 -#define MAX_DATA_SIZE 4000 - -#define PKS_FLUSH_MAX_TIMEOUT 5000 //msec -#define PKS_FLUSH_SLEEP 10 //msec -#define PKS_FLUSH_SLEEP_RANGE 400 - static u8 *ospassword; static u16 ospasswordlength; @@ -59,7 +46,7 @@ struct label_attr { struct label { struct label_attr attr; - u8 name[MAX_NAME_SIZE]; + u8 name[PLPKS_MAX_NAME_SIZE]; size_t size; }; @@ -122,7 +109,7 @@ static int pseries_status_to_err(int rc) static int plpks_gen_password(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - u8 *password, consumer = PKS_OS_OWNER; + u8 *password, consumer = PLPKS_OS_OWNER; int rc; // The password must not cross a page boundary, so we align to the next power of 2 @@ -159,7 +146,7 @@ static struct plpks_auth *construct_auth(u8 consumer) { struct plpks_auth *auth; - if (consumer > PKS_OS_OWNER) + if (consumer > PLPKS_OS_OWNER) return ERR_PTR(-EINVAL); // The auth structure must not cross a page boundary and must be @@ -171,7 +158,7 @@ static struct plpks_auth *construct_auth(u8 consumer) auth->version = 1; auth->consumer = consumer; - if (consumer == PKS_FW_OWNER || consumer == PKS_BOOTLOADER_OWNER) + if (consumer == PLPKS_FW_OWNER || consumer == PLPKS_BOOTLOADER_OWNER) return auth; memcpy(auth->password, ospassword, ospasswordlength); @@ -191,7 +178,7 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, struct label *label; size_t slen; - if (!name || namelen > MAX_NAME_SIZE) + if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); slen = strlen(component); @@ -206,9 +193,9 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component) memcpy(&label->attr.prefix, component, slen); - label->attr.version = LABEL_VERSION; + label->attr.version = PLPKS_LABEL_VERSION; label->attr.os = varos; - label->attr.length = MAX_LABEL_ATTR_SIZE; + label->attr.length = PLPKS_MAX_LABEL_ATTR_SIZE; memcpy(&label->name, name, namelen); label->size = sizeof(struct label_attr) + namelen; @@ -274,10 +261,10 @@ static int plpks_confirm_object_flushed(struct label *label, break; } - usleep_range(PKS_FLUSH_SLEEP, - PKS_FLUSH_SLEEP + PKS_FLUSH_SLEEP_RANGE); - timeout = timeout + PKS_FLUSH_SLEEP; - } while (timeout < PKS_FLUSH_MAX_TIMEOUT); + usleep_range(PLPKS_FLUSH_SLEEP, + PLPKS_FLUSH_SLEEP + PLPKS_FLUSH_SLEEP_RANGE); + timeout = timeout + PLPKS_FLUSH_SLEEP; + } while (timeout < PLPKS_MAX_TIMEOUT); if (timed_out) return -ETIMEDOUT; @@ -293,13 +280,13 @@ int plpks_write_var(struct plpks_var var) int rc; if (!var.component || !var.data || var.datalen <= 0 || - var.namelen > MAX_NAME_SIZE || var.datalen > MAX_DATA_SIZE) + var.namelen > PLPKS_MAX_NAME_SIZE || var.datalen > PLPKS_MAX_DATA_SIZE) return -EINVAL; - if (var.policy & SIGNEDUPDATE) + if (var.policy & PLPKS_SIGNEDUPDATE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -331,10 +318,10 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > MAX_NAME_SIZE) + if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; - auth = construct_auth(PKS_OS_OWNER); + auth = construct_auth(PLPKS_OS_OWNER); if (IS_ERR(auth)) return PTR_ERR(auth); @@ -366,14 +353,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) u8 *output; int rc; - if (var->namelen > MAX_NAME_SIZE) + if (var->namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(consumer); if (IS_ERR(auth)) return PTR_ERR(auth); - if (consumer == PKS_OS_OWNER) { + if (consumer == PLPKS_OS_OWNER) { label = construct_label(var->component, var->os, var->name, var->namelen); if (IS_ERR(label)) { @@ -388,7 +375,7 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_label; } - if (consumer == PKS_OS_OWNER) + if (consumer == PLPKS_OS_OWNER) rc = plpar_hcall(H_PKS_READ_OBJECT, retbuf, virt_to_phys(auth), virt_to_phys(label), label->size, virt_to_phys(output), maxobjsize); @@ -428,17 +415,17 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) int plpks_read_os_var(struct plpks_var *var) { - return plpks_read_var(PKS_OS_OWNER, var); + return plpks_read_var(PLPKS_OS_OWNER, var); } int plpks_read_fw_var(struct plpks_var *var) { - return plpks_read_var(PKS_FW_OWNER, var); + return plpks_read_var(PLPKS_FW_OWNER, var); } int plpks_read_bootloader_var(struct plpks_var *var) { - return plpks_read_var(PKS_BOOTLOADER_OWNER, var); + return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var); } static __init int pseries_plpks_init(void) From patchwork Fri Feb 10 08:03:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55306 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821655wrn; Fri, 10 Feb 2023 00:08:30 -0800 (PST) X-Google-Smtp-Source: AK7set/T+EqinCVWNTZpacWnrkEU2FXHR3Ek8xW0Xphk3GDNjGdrKMe6VEyLdHAbt4Nuc6vED0Sc X-Received: by 2002:a50:99d6:0:b0:4ab:5ce9:9f83 with SMTP id n22-20020a5099d6000000b004ab5ce99f83mr403927edb.23.1676016509871; Fri, 10 Feb 2023 00:08:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016509; cv=none; d=google.com; s=arc-20160816; b=r3G2VpWLkvLHcA09x9PjhKsJx6ghBoMxYViaQJcFS0/Tbkql1OXzFsMI0IDn/MzD2T AEDeJPuqUA4Mou/Q27eCviA+1jwGLPspZuqvC+Rd7pUbHB9o+jx5vq6PJbkilGxgPvlL 8KmsdLda9LjLoRyyzvVvIeSmJx0Xe3SGbgn/HGXCDByVweaTTxdhFbcTEt/KKfdWiQOU axb1Xmun65A8iOYMfq8/PFF4tuJlpAWwBRj9vlWmWVr65E0J2qGQUBgOAjlcXMqj38it Ev1t3mntdBRrMW1s53+sbPw2ipOciLjnGzW8SX3Kp859g04tjamsX/BjA+jJKL9nEq3+ Vmyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qZAUAYNyMth+nPFzeTG+4szRNRHxZNhxEcB9Us7i+xk=; b=GJ5L/S/D1FwhMPJUR6wzCJ+nuzKbiSuC9N9y3vZKlS2AutlJ3bFUcxEv+p2S8DyMcx k9dsQlku5pccsypFf8mvS2PE7TSRK3lM18myonqmZ/eKNf2GOtbv0Ab+lA8CO2FzpQBj 1Iyf7MgK8QRWdzWf6TctgPhhPHLS44a/EJKP8wenRbWDwgw4j1RlZatDnSqPTNXKXLmf X/S9CwxBpANc6IMVbwQEIpaYwsneUPUYSNc5mWOUDNfrBzdf8SM+c50Mce3Tnj/beUAK JvTqdVD/Mut8+U1TEorN8pGjlaK1rHDHXq4chKc6YcyccJwLeY7/e2x0mjoCTHwpQlB8 4CwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fyaamj8p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s8-20020a056402164800b004ab4c2ecd9csi934757edx.310.2023.02.10.00.08.07; Fri, 10 Feb 2023 00:08:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=fyaamj8p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231629AbjBJIFQ (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231537AbjBJIEw (ORCPT ); Fri, 10 Feb 2023 03:04:52 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E19C881847; Fri, 10 Feb 2023 00:04:36 -0800 (PST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7sbTN025276; Fri, 10 Feb 2023 08:04:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=qZAUAYNyMth+nPFzeTG+4szRNRHxZNhxEcB9Us7i+xk=; b=fyaamj8p1x1jmFsM5DVLKU24WAfAX9TFg/hDqv5KfhHCTcXqQ3k29fSVFYFFRlxISqbt IkVUZlJQBVnzdoCmanK7ZML1JmzVIk+gMd2L7qi+vVG5nwoNY98rAvZKZf+kRuMKo0XP Zzii3V5jsJqBtz4aG1qnjh2DVn3iL0CHh7F8a9melJ/LbR96eyTO7jntPP1QWBT97l4P k+ZYhFij2lDIF7gVhHQF9VLhPfLZh4k/9ZzDe3yogtAIVnJa/80EKCMefLVectgmGAve gJMtPadDxRn8apZdEu1EyGfllkzEpGwbaFFYI22Bt148SNfzCjyyzRdBJDgPZO+N9oHy nA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9de-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7uilY031226; Fri, 10 Feb 2023 08:04:28 GMT Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhxxg9c2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7kBnl002393; Fri, 10 Feb 2023 08:04:25 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3nhf06q4vk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84M8F25494038 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:22 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A65772004E; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A2C212004D; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 777B960996; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 16/26] powerpc/pseries: Expose PLPKS config values, support additional fields Date: Fri, 10 Feb 2023 19:03:51 +1100 Message-Id: <20230210080401.345462-17-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: oZQCA7tMPPL0IbPRUtMcTkntCbMDSu9s X-Proofpoint-GUID: G0vC_NuFDeYvE0qUHXN-ZcOaO0-ExTaw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 suspectscore=0 clxscore=1015 mlxscore=0 bulkscore=0 impostorscore=0 mlxlogscore=999 phishscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430687566902493?= X-GMAIL-MSGID: =?utf-8?q?1757430687566902493?= From: Nayna Jain The plpks driver uses the H_PKS_GET_CONFIG hcall to retrieve configuration and status information about the PKS from the hypervisor. Update _plpks_get_config() to handle some additional fields. Add getter functions to allow the PKS configuration information to be accessed from other files. Validate that the values we're getting comply with the spec. While we're here, move the config struct in _plpks_get_config() off the stack - it's getting large and we also need to make sure it doesn't cross a page boundary. Signed-off-by: Nayna Jain [ajd: split patch, extend to support additional v3 API fields, minor fixes] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: Merge plpks fixes and signed update series with secvar series Refresh config values in plpks_get_usedspace() (ajd) Validate the config values being returned comply with spec (ruscur) Return maxobjlabelsize as is (ruscur) Move plpks.h to include/asm (ruscur) Fix checkpatch checks (ruscur) --- arch/powerpc/include/asm/plpks.h | 58 ++++++++++ arch/powerpc/platforms/pseries/plpks.c | 149 +++++++++++++++++++++++-- 2 files changed, 195 insertions(+), 12 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 6466aadd7145..7c5f51a9af7c 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -96,6 +96,64 @@ int plpks_read_fw_var(struct plpks_var *var); */ int plpks_read_bootloader_var(struct plpks_var *var); +/** + * Returns if PKS is available on this LPAR. + */ +bool plpks_is_available(void); + +/** + * Returns version of the Platform KeyStore. + */ +u8 plpks_get_version(void); + +/** + * Returns hypervisor storage overhead per object, not including the size of + * the object or label. Only valid for config version >= 2 + */ +u16 plpks_get_objoverhead(void); + +/** + * Returns maximum password size. Must be >= 32 bytes + */ +u16 plpks_get_maxpwsize(void); + +/** + * Returns maximum object size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectsize(void); + +/** + * Returns maximum object label size supported by Platform KeyStore. + */ +u16 plpks_get_maxobjectlabelsize(void); + +/** + * Returns total size of the configured Platform KeyStore. + */ +u32 plpks_get_totalsize(void); + +/** + * Returns used space from the total size of the Platform KeyStore. + */ +u32 plpks_get_usedspace(void); + +/** + * Returns bitmask of policies supported by the hypervisor. + */ +u32 plpks_get_supportedpolicies(void); + +/** + * Returns maximum byte size of a single object supported by the hypervisor. + * Only valid for config version >= 3 + */ +u32 plpks_get_maxlargeobjectsize(void); + +/** + * Returns bitmask of signature algorithms supported for signed updates. + * Only valid for config version >= 3 + */ +u64 plpks_get_signedupdatealgorithms(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 91f3f623a2c7..1189246b03dc 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -24,8 +24,16 @@ static u8 *ospassword; static u16 ospasswordlength; // Retrieved with H_PKS_GET_CONFIG +static u8 version; +static u16 objoverhead; static u16 maxpwsize; static u16 maxobjsize; +static s16 maxobjlabelsize; +static u32 totalsize; +static u32 usedspace; +static u32 supportedpolicies; +static u32 maxlargeobjectsize; +static u64 signedupdatealgorithms; struct plpks_auth { u8 version; @@ -206,32 +214,149 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, static int _plpks_get_config(void) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; - struct { + struct config { u8 version; u8 flags; - __be32 rsvd0; + __be16 rsvd0; + __be16 objoverhead; __be16 maxpwsize; __be16 maxobjlabelsize; __be16 maxobjsize; __be32 totalsize; __be32 usedspace; __be32 supportedpolicies; - __be64 rsvd1; - } __packed config; + __be32 maxlargeobjectsize; + __be64 signedupdatealgorithms; + u8 rsvd1[476]; + } __packed * config; size_t size; - int rc; + int rc = 0; + + size = sizeof(*config); + + // Config struct must not cross a page boundary. So long as the struct + // size is a power of 2, this should be fine as alignment is guaranteed + config = kzalloc(size, GFP_KERNEL); + if (!config) { + rc = -ENOMEM; + goto err; + } + + rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(config), size); + + if (rc != H_SUCCESS) { + rc = pseries_status_to_err(rc); + goto err; + } + + version = config->version; + objoverhead = be16_to_cpu(config->objoverhead); + maxpwsize = be16_to_cpu(config->maxpwsize); + maxobjsize = be16_to_cpu(config->maxobjsize); + maxobjlabelsize = be16_to_cpu(config->maxobjlabelsize); + totalsize = be32_to_cpu(config->totalsize); + usedspace = be32_to_cpu(config->usedspace); + supportedpolicies = be32_to_cpu(config->supportedpolicies); + maxlargeobjectsize = be32_to_cpu(config->maxlargeobjectsize); + signedupdatealgorithms = be64_to_cpu(config->signedupdatealgorithms); + + // Validate that the numbers we get back match the requirements of the spec + if (maxpwsize < 32) { + pr_err("Invalid Max Password Size received from hypervisor (%d < 32)\n", maxpwsize); + rc = -EIO; + goto err; + } + + if (maxobjlabelsize < 255) { + pr_err("Invalid Max Object Label Size received from hypervisor (%d < 255)\n", + maxobjlabelsize); + rc = -EIO; + goto err; + } - size = sizeof(config); + if (totalsize < 4096) { + pr_err("Invalid Total Size received from hypervisor (%d < 4096)\n", totalsize); + rc = -EIO; + goto err; + } + + if (version >= 3 && maxlargeobjectsize >= 65536 && maxobjsize != 0xFFFF) { + pr_err("Invalid Max Object Size (0x%x != 0xFFFF)\n", maxobjsize); + rc = -EIO; + goto err; + } + +err: + kfree(config); + return rc; +} + +u8 plpks_get_version(void) +{ + return version; +} - rc = plpar_hcall(H_PKS_GET_CONFIG, retbuf, virt_to_phys(&config), size); +u16 plpks_get_objoverhead(void) +{ + return objoverhead; +} - if (rc != H_SUCCESS) - return pseries_status_to_err(rc); +u16 plpks_get_maxpwsize(void) +{ + return maxpwsize; +} - maxpwsize = be16_to_cpu(config.maxpwsize); - maxobjsize = be16_to_cpu(config.maxobjsize); +u16 plpks_get_maxobjectsize(void) +{ + return maxobjsize; +} + +u16 plpks_get_maxobjectlabelsize(void) +{ + return maxobjlabelsize; +} + +u32 plpks_get_totalsize(void) +{ + return totalsize; +} + +u32 plpks_get_usedspace(void) +{ + // Unlike other config values, usedspace regularly changes as objects + // are updated, so we need to refresh. + int rc = _plpks_get_config(); + if (rc) { + pr_err("Couldn't get config, rc: %d\n", rc); + return 0; + } + return usedspace; +} + +u32 plpks_get_supportedpolicies(void) +{ + return supportedpolicies; +} + +u32 plpks_get_maxlargeobjectsize(void) +{ + return maxlargeobjectsize; +} + +u64 plpks_get_signedupdatealgorithms(void) +{ + return signedupdatealgorithms; +} + +bool plpks_is_available(void) +{ + int rc; + + rc = _plpks_get_config(); + if (rc) + return false; - return 0; + return true; } static int plpks_confirm_object_flushed(struct label *label, From patchwork Fri Feb 10 08:03:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55300 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821267wrn; Fri, 10 Feb 2023 00:07:38 -0800 (PST) X-Google-Smtp-Source: AK7set9F50wt5dMAmhMZ1FwB5rlZI2GE86HEMzoEs+auId3EnYPQ3u+5y5+OOM0Pw5nKQRjX1o1t X-Received: by 2002:a17:907:a608:b0:8af:4257:93f7 with SMTP id vt8-20020a170907a60800b008af425793f7mr4972899ejc.2.1676016458640; Fri, 10 Feb 2023 00:07:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016458; cv=none; d=google.com; s=arc-20160816; b=M+/o0EFv5Rv5w6EFRkHRYadEitqJT5l8uYQv4YO0vPlGb8tWStCFXhQcz1U7c6ajIv Wja5mN64clhHQT3b1Ri5TcAdrQvMGMZIQgF73jMIhiHWlEeu2+DmLwOZ5mGb5ZyVFP0I NRS7d0p2DU5RGlT+UCl8eAxRDRWNwuRpYZQEzDfmnz0fxWPAWn2QDcTGtrVbBczab79x JeBrxWhxdRgrQUuyq1deQ/JecsyvQKJT8AFXCHpjvWrgn0hEobiqa+Yvp5rpst61qLAD oTBQUv/tfHrXB/MqIleTQF3BWnnRpomJ2sI+qEkQzFPo19HwVE2wIdp6P0WyaUMZtuJ7 rigg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Ufq03sxlKcM4fJM7m9OQUwYu9n4sTonoeB8rVuBDA/s=; b=hhSOhKnglH1iZwNuL3anxHAPpE+lTd1Ghu6ozLrgA9+c+wY8DcZxQIBz2Zx+BjHHhE T2DjNBPi+eNg/kdu28758cPt1S+23snMVgkuNqQspN0M0O2BgyVTwbf8DwDtlYiC9PKr og7gZlsvQFShS8I/VQezE7201eOPC75lpvjS0AbfdVIVxDX153VCmbsvyI+pTk4So6n2 yF+atksSYQINIuYG+uLeoGZE2Rk7R0MTACksn02L1D6h0NBUN8DMShPBblXCyjhYYx3P 5ye5zlPR+FZehBMaoQp2SrZAHKhpVgLUmzNC+drpfxal8dT2oz2oRcVy8029CG8q27NL XzOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=klKgPnm9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 17-20020a170906015100b00880f6861f00si5601068ejh.35.2023.02.10.00.07.15; Fri, 10 Feb 2023 00:07:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=klKgPnm9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231411AbjBJIGI (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231620AbjBJIFN (ORCPT ); Fri, 10 Feb 2023 03:05:13 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C122B8074F; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7wZLm013901; Fri, 10 Feb 2023 08:04:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=Ufq03sxlKcM4fJM7m9OQUwYu9n4sTonoeB8rVuBDA/s=; b=klKgPnm9GpXFzIQrbJ6owuCLrUO9uIkAFGdSbgYNhDIbOfWjXi7UYnoeJ0kqv0pKekRt L8dp7hVmudY0IijVq0sowxo1Qui7O5WBYk1FDUcFo+pCwK95HvdXOd8Jrvd1QBEibp+z M7RWof7ONjdVSsKBzzoVaQbpb2qAmscNovEviLi+3XjkDRGvmaGeMScSK2VACvXAYxzs v4LqV1uDjB4dCft7Kfuq0W7BUdCjyFPtqj7tr50Ka5gA+hG3HbEkLPJvZtXFGzRlQC6g bf51yFD/faLY8go8AqlGM8i8+dbcEjI732hzKiQPK4QdnaZDWDNwT+yKK0VCQcIXJeul zw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5gm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:29 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7wrOZ014490; Fri, 10 Feb 2023 08:04:29 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5eu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:29 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319D65dx005776; Fri, 10 Feb 2023 08:04:26 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n40h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84NJB23397108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:23 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AAFFC20043; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A1AC420040; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 85A2A609A2; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 17/26] powerpc/pseries: Implement signed update for PLPKS objects Date: Fri, 10 Feb 2023 19:03:52 +1100 Message-Id: <20230210080401.345462-18-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: yddcBJeUW4ZxZwRLbcjZ5s-tP9lTadIU X-Proofpoint-GUID: ienj2NToylmtsmS-89KlEUd0TynZGOhD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 phishscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 mlxscore=0 suspectscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430633798535228?= X-GMAIL-MSGID: =?utf-8?q?1757430633798535228?= From: Nayna Jain The Platform Keystore provides a signed update interface which can be used to create, replace or append to certain variables in the PKS in a secure fashion, with the hypervisor requiring that the update be signed using the Platform Key. Implement an interface to the H_PKS_SIGNED_UPDATE hcall in the plpks driver to allow signed updates to PKS objects. (The plpks driver doesn't need to do any cryptography or otherwise handle the actual signed variable contents - that will be handled by userspace tooling.) Signed-off-by: Nayna Jain [ajd: split patch, add timeout handling and misc cleanups] Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: Merge plpks fixes and signed update series with secvar series Fix error code handling in plpks_confirm_object_flushed() (ruscur) Pass plpks_var struct to plpks_signed_update_var() by reference (mpe) Consistent constant naming scheme (ruscur) v4: Fix MAX_HCALL_OPCODE rebasing issue (npiggin) v5: Drop the EXPORT_SYMBOL since we don't need it (npiggin) Return an error if plpks_signed_update_var() is called with non-NULL component (npiggin) --- arch/powerpc/include/asm/hvcall.h | 1 + arch/powerpc/include/asm/plpks.h | 5 ++ arch/powerpc/platforms/pseries/plpks.c | 74 ++++++++++++++++++++++++-- 3 files changed, 75 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index 95fd7f9485d5..c099780385dd 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -335,6 +335,7 @@ #define H_RPT_INVALIDATE 0x448 #define H_SCM_FLUSH 0x44C #define H_GET_ENERGY_SCALE_INFO 0x450 +#define H_PKS_SIGNED_UPDATE 0x454 #define H_WATCHDOG 0x45C #define MAX_HCALL_OPCODE H_WATCHDOG diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 7c5f51a9af7c..e7204e6c0ca4 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -68,6 +68,11 @@ struct plpks_var_name_list { struct plpks_var_name varlist[]; }; +/** + * Updates the authenticated variable. It expects NULL as the component. + */ +int plpks_signed_update_var(struct plpks_var *var, u64 flags); + /** * Writes the specified var and its data to PKS. * Any caller of PKS driver should present a valid component type for diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 1189246b03dc..cee06fb9a370 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -81,6 +81,12 @@ static int pseries_status_to_err(int rc) err = -ENOENT; break; case H_BUSY: + case H_LONG_BUSY_ORDER_1_MSEC: + case H_LONG_BUSY_ORDER_10_MSEC: + case H_LONG_BUSY_ORDER_100_MSEC: + case H_LONG_BUSY_ORDER_1_SEC: + case H_LONG_BUSY_ORDER_10_SEC: + case H_LONG_BUSY_ORDER_100_SEC: err = -EBUSY; break; case H_AUTHORITY: @@ -184,14 +190,17 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, u16 namelen) { struct label *label; - size_t slen; + size_t slen = 0; if (!name || namelen > PLPKS_MAX_NAME_SIZE) return ERR_PTR(-EINVAL); - slen = strlen(component); - if (component && slen > sizeof(label->attr.prefix)) - return ERR_PTR(-EINVAL); + // Support NULL component for signed updates + if (component) { + slen = strlen(component); + if (slen > sizeof(label->attr.prefix)) + return ERR_PTR(-EINVAL); + } // The label structure must not cross a page boundary, so we align to the next power of 2 label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); @@ -397,6 +406,61 @@ static int plpks_confirm_object_flushed(struct label *label, return pseries_status_to_err(rc); } +int plpks_signed_update_var(struct plpks_var *var, u64 flags) +{ + unsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0}; + int rc; + struct label *label; + struct plpks_auth *auth; + u64 continuetoken = 0; + u64 timeout = 0; + + if (!var->data || var->datalen <= 0 || var->namelen > PLPKS_MAX_NAME_SIZE) + return -EINVAL; + + if (!(var->policy & PLPKS_SIGNEDUPDATE)) + return -EINVAL; + + // Signed updates need the component to be NULL. + if (var->component) + return -EINVAL; + + auth = construct_auth(PLPKS_OS_OWNER); + if (IS_ERR(auth)) + return PTR_ERR(auth); + + label = construct_label(var->component, var->os, var->name, var->namelen); + if (IS_ERR(label)) { + rc = PTR_ERR(label); + goto out; + } + + do { + rc = plpar_hcall9(H_PKS_SIGNED_UPDATE, retbuf, + virt_to_phys(auth), virt_to_phys(label), + label->size, var->policy, flags, + virt_to_phys(var->data), var->datalen, + continuetoken); + + continuetoken = retbuf[0]; + if (pseries_status_to_err(rc) == -EBUSY) { + int delay_ms = get_longbusy_msecs(rc); + mdelay(delay_ms); + timeout += delay_ms; + } + rc = pseries_status_to_err(rc); + } while (rc == -EBUSY && timeout < PLPKS_MAX_TIMEOUT); + + if (!rc) + rc = plpks_confirm_object_flushed(label, auth); + + kfree(label); +out: + kfree(auth); + + return rc; +} + int plpks_write_var(struct plpks_var var) { unsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 }; @@ -443,7 +507,7 @@ int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname) struct label *label; int rc; - if (!component || vname.namelen > PLPKS_MAX_NAME_SIZE) + if (vname.namelen > PLPKS_MAX_NAME_SIZE) return -EINVAL; auth = construct_auth(PLPKS_OS_OWNER); From patchwork Fri Feb 10 08:03:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55307 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821675wrn; Fri, 10 Feb 2023 00:08:34 -0800 (PST) X-Google-Smtp-Source: AK7set9zpt7xl+AsWugIf3ogL1BG0C84TaBQjUvBXLa48+AWeegqBG5c2CemYEnGBYr/pAgsL7A1 X-Received: by 2002:a50:9512:0:b0:4ab:1c05:a513 with SMTP id u18-20020a509512000000b004ab1c05a513mr5360093eda.10.1676016514388; Fri, 10 Feb 2023 00:08:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016514; cv=none; d=google.com; s=arc-20160816; b=a7wCF0uHcVkhY+veqgTBgPa48ysJbmX51FgwfrbY2NUfVcLUqXLyzOWjjRUbgAaJLH QyVkBLZ7ykYi1mfM9bVhhzoSsau3RiOnrBiisi5v4tjRX+YWp7jA8nVh2KzABPOLXsDf wR50Hm71/mQ4S5W1v3DzYDE/5zoARR+iowYZNsl713vTbwrM7+IFhORISpFab0Dz57eL QoWS9+fXB5kMfRScouhfyaMhKp32pZ4BKHGlJTDLeM4jVjd4zH8kpuwViSLZ1Vv9TR0/ RNPdIB3NGqiYHEkrU5U8gxflfRtZrXW2uvksJwYOIibYZ3Ltuv26HxxUJNMch7/sbQg4 hUkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=UnzXq2OcvfxiXutsiymzBCI87K9XMb/T4J2mZtLKH8w=; b=gcg38xAU4C3xWmoqcgelMKxBbfOYLrw4hxNqhLMratQSkW9Xbxlkn7Hic6WZAdeb4F ueuxkbSvD6Esb6ugh9L+FJMuHyzD5DMlVGHT57TIieb6z3EbgIBKQJ8kayGtHKe76J7+ 86mfiG2OWwnZM0EtsbC/S+K3jf7LBjakeTv/OVO9ARUU3wlKOKtBGM9ryMxrxYyzlXa/ hHadcyrbhziutRN3BTWcoXukCAnPa+9qQhKrUvf+UPdLC+eWD82rKxRBMNR3E3shni1e 5PZPcdr4hRrs+QIJUbTI4tsjqrhXyiz1wsFQo02jNOWeEdxujEDyIvwcLsBSb9sJOjkW O9Lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=DYK8v+AK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x24-20020aa7dad8000000b004ab1d672074si4543975eds.167.2023.02.10.00.08.11; Fri, 10 Feb 2023 00:08:34 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=DYK8v+AK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231635AbjBJIFU (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231573AbjBJIEw (ORCPT ); Fri, 10 Feb 2023 03:04:52 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC7E981848; Fri, 10 Feb 2023 00:04:36 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7hLk1006955; Fri, 10 Feb 2023 08:04:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=UnzXq2OcvfxiXutsiymzBCI87K9XMb/T4J2mZtLKH8w=; b=DYK8v+AKfYOGB/9fmd08CcXmMQFuizHB8LOUETUYroRKhuuc7nn4tnF6sA+ocYUpags/ qGO80miOAE82rxYV+NhJPjFiMc9UL9GY/A7N/mM80xBafeFygo+Ap1yyzyaJSKJ/jrSg +VoNU2rLUy2ydfQgZ9YFXm01MbVq5bXW8xlDyjdY4e2OnKCCS7j+lNfaI/DR66+L26YP ALfd5ShY1kcVMUKOzKJK3RYzwmUzFwnWAGWFENLPTAPTxyDYjPYH/vSfAc71NNeO6sd6 L6YC7pdeYI82cUoBBq08jzcQkDbe4K9i0WA1/QJu2UQ1es+k3A4gt51PDU06QLQ7aH64 +Q== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhqw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7hbCj007522; Fri, 10 Feb 2023 08:04:27 GMT Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhn7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A2XHcQ027437; Fri, 10 Feb 2023 08:04:24 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma01fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n40g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:24 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84MGR17826356 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:22 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 370692005A; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A72C72004E; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 9D4B5609BC; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 18/26] powerpc/pseries: Log hcall return codes for PLPKS debug Date: Fri, 10 Feb 2023 19:03:53 +1100 Message-Id: <20230210080401.345462-19-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 7LGYDyi6Q9j_itlTahZ7zdVAB23O6riU X-Proofpoint-ORIG-GUID: qWP16HyoJjYkqM1ZDssMDwNXzFGIH6rL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430692483715537?= X-GMAIL-MSGID: =?utf-8?q?1757430692483715537?= From: Russell Currey The plpks code converts hypervisor return codes into their Linux equivalents so that users can understand them. Having access to the original return codes is really useful for debugging, so add a pr_debug() so we don't lose information from the conversion. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- arch/powerpc/platforms/pseries/plpks.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index cee06fb9a370..e5755443d4a4 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -117,6 +117,8 @@ static int pseries_status_to_err(int rc) err = -EINVAL; } + pr_debug("Converted hypervisor code %d to Linux %d\n", rc, err); + return err; } From patchwork Fri Feb 10 08:03:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55295 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp820999wrn; Fri, 10 Feb 2023 00:06:59 -0800 (PST) X-Google-Smtp-Source: AK7set8GEB5mFYIlTKLFAJrrxCAGdJmicqW+cO27x5jPh5BFAOTgPIfU+hiB7oKX3VXDiH4lg8FI X-Received: by 2002:a50:8e17:0:b0:4aa:c4bb:d432 with SMTP id 23-20020a508e17000000b004aac4bbd432mr17007881edw.11.1676016419700; Fri, 10 Feb 2023 00:06:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016419; cv=none; d=google.com; s=arc-20160816; b=wQQA+v63i/5Pm8zKgerByR2cRwUa6ryww8gXSFztx2kOgQaTM/HSg7s2bbjdh4Bdum ulmNl9plRL6shrltcuLoDqeYVjnHj0VlPK84+XZ8XRk4b8erZlcUF8XTLFRD+FL/FWz2 4XWxSM6NB0bNjYiRgfnLEdgATM81MYLiFDbmJCu+jmt9Foc5N7+lIlXneVKxf9jOxKNm Wwy80TfcAToBwnsWjgoY5BWMkPEKXtVk2jI21KcEfmp5VZZj2dMF5M2Kp4v9M79xnjby YU/TP1gcvCy8E0mnCvcJkK1UI5J3AqFexyOg6VFBcXbcdjUDP0eGlpKsDizkVb7jaLpG MD9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XX7O+1nbex4u6xyQvbha9t5Lh69ekGMi0RZxMBi3dIM=; b=VcO4jSglx0lex3t+S/h5PGYe7rOekG2pi5C4LVpt0YgVTjV4bTig5yE892Q98ZyTKB /Sf0oVvAY8S0EwIP631XN20UOsjexwxt21zd6o+X0Dkm8HWqPdpMyA3xuGBZHawi5rr5 2mLywXq4qx//FvGIOkkXi6wSkunguTDzMYDjpU7EUGwLobUI6TGW06OdBiVtHICrEXk5 naokGPQ9jfoDvSZ9FbPHa5j7X0NqOh/3ALAnRQcqZ+exhrP8TQnIg15HD71lv7xmxBIr gNdzMLCXfBjI5Ozp/fz7vqhXKh3VG6QVtx4a4WbRT/wIewgkZFdvBAS9vlbX3J1t7lgE 3ukg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Xkk9UM6J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m2-20020a50ef02000000b004aaab420a1dsi1502186eds.389.2023.02.10.00.06.36; Fri, 10 Feb 2023 00:06:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=Xkk9UM6J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231493AbjBJIFX (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231576AbjBJIEx (ORCPT ); Fri, 10 Feb 2023 03:04:53 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3580F8184B; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A80gQJ002883; Fri, 10 Feb 2023 08:04:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=XX7O+1nbex4u6xyQvbha9t5Lh69ekGMi0RZxMBi3dIM=; b=Xkk9UM6JeOVpZJ9sckXFDIMc0DMse6ty2P7+B0yHhvx/nVp1G1FzwkcLsy/xeAqr3i0d x8kVyu0yEsNJLB+JgwjlwNDLs6t5VTCLzrWI2HVAnga+76jFKPR4aDCSVJr4f3/PJC3x uzciOYrd2V/tKJxYK9SBoFSAnPJtS4sO1DkUMF9nXbmWMVZnuyEArI2Zoq8gmgc8F25f 74p/FdUNfjcsydZuxmUyJpghN/kTMKibQhn8LlKbWd90EUKdxFOl9dPaJ5lG4pOhpWc8 o13ctlEoM9OMQwytDu+2JWESJl+rEAdFPnCWMzoPUz4uJ+ztENse9MZJNStRMY+vLVMF jQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r033h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:29 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A80fLl002642; Fri, 10 Feb 2023 08:04:28 GMT Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r032q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7MeAJ021050; Fri, 10 Feb 2023 08:04:26 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma06ams.nl.ibm.com (PPS) with ESMTPS id 3nhemfq6cg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84NZ529688158 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:23 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A9A7F20043; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A2B852004B; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id AD6496097C; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com, Michael Ellerman Subject: [PATCH v6 19/26] powerpc/pseries: Make caller pass buffer to plpks_read_var() Date: Fri, 10 Feb 2023 19:03:54 +1100 Message-Id: <20230210080401.345462-20-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: cLu69oJZdV381eQpsVGXsipFvgqjakQl X-Proofpoint-GUID: fzGdSvGR4RZCvgD071gHJ7LqnUpJyl3P X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 phishscore=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430593065365413?= X-GMAIL-MSGID: =?utf-8?q?1757430593065365413?= Currently, plpks_read_var() allocates a buffer to pass to the H_PKS_READ_OBJECT hcall, then allocates another buffer into which the data is copied, and returns that buffer to the caller. This is a bit over the top - while we probably still want to allocate a separate buffer to pass to the hypervisor in the hcall, we can let the caller allocate the final buffer and specify the size. Don't allocate var->data in plpks_read_var(), instead expect the caller to allocate it. If the caller needs to discover the size, it can set var->data to NULL and var->datalen will be populated. Update header file to document this. Suggested-by: Michael Ellerman Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch (mpe) v6: Reword commit message (stefanb) --- arch/powerpc/include/asm/plpks.h | 12 ++++++++++++ arch/powerpc/platforms/pseries/plpks.c | 11 ++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index e7204e6c0ca4..0c49969b0864 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -88,16 +88,28 @@ int plpks_remove_var(char *component, u8 varos, /** * Returns the data for the specified os variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_os_var(struct plpks_var *var); /** * Returns the data for the specified firmware variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_fw_var(struct plpks_var *var); /** * Returns the data for the specified bootloader variable. + * + * Caller must allocate a buffer in var->data with length in var->datalen. + * If no buffer is provided, var->datalen will be populated with the object's + * size. */ int plpks_read_bootloader_var(struct plpks_var *var); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index e5755443d4a4..926b6a927326 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -581,17 +581,14 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var) goto out_free_output; } - if (var->datalen == 0 || var->datalen > retbuf[0]) + if (!var->data || var->datalen > retbuf[0]) var->datalen = retbuf[0]; - var->data = kzalloc(var->datalen, GFP_KERNEL); - if (!var->data) { - rc = -ENOMEM; - goto out_free_output; - } var->policy = retbuf[1]; - memcpy(var->data, output, var->datalen); + if (var->data) + memcpy(var->data, output, var->datalen); + rc = 0; out_free_output: From patchwork Fri Feb 10 08:03:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55310 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp827698wrn; Fri, 10 Feb 2023 00:26:39 -0800 (PST) X-Google-Smtp-Source: AK7set9eRP1QsNPr3Fd1e/cyqGFYxxGyYCGM2HKLxESX/YFZXnGo4AQxs8g86Fh1p0/uX8nG6Mnh X-Received: by 2002:a17:902:f0cb:b0:199:3d6:ac0e with SMTP id v11-20020a170902f0cb00b0019903d6ac0emr10804157pla.24.1676017598804; Fri, 10 Feb 2023 00:26:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676017598; cv=none; d=google.com; s=arc-20160816; b=CxKAyJc40MHCW4Ofl4cKHhnYwkggUHnNErMlZYKveH4uaDlIyr9bn7it0pJnNII5j1 soJSLI/Oe6cMcxXCjB38Uf/4utf6OztMnEzO2yjTCGejv5qUKGS5O/LKjYAPdLd3ALWN oxc0hh2zwTX3MTACDjLxjJEfo4p57DGwbKZYxMFXe0gYk/AjPIQ+Wtca5PJTzm2HU8A5 JGpJfVlb7FYDHHETYF3TPdlrwOXSGoW5raAJcoiW9p+PloHIejQ98Ngh4anUy/R+bfCa gT+ZqmizlUlvPGs4OE9B2DgbOT10XDShI2uXq+Sy/gj8prQZA24yLcodK68qrDal77sb rwYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FJTu8g+cFp9v9UBAlDhc/WogF7VPq+5Iyel3+118rCY=; b=NFuQMrTC+BfvkLtskh6qs3ZwZEfwoLqfDbSQ3NHtMlQEyF9Od5mxloSE7hafwNetEP M9uBSfk2NmyRmWRyBwWhwZLaaJquEq0EE6sax18tC7XdVHFu3CPrZ1CkD4g7ll6B5fh4 rfXDYSXyIwi8/2M0OHMG3puVkwzpctF4J4OVwx7lYKr5RZ5SG/8tMKdJSgTt1DuzsYdf cJ0yjRPOsu7kb/gRppoXhHgH174BXVw9aiV0EQLGTRhvrjBqBL8PFPOw8PzpZoDsUsW8 bAUP9dt/Q/gea345J3mgIVoc89NXOatN8RGsaRwdxUpwo6vkeTx2nCaDxJ7V5eMXavYB H8Fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=H2PlDHib; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k18-20020a170902ba9200b0019935c3fdc4si3847386pls.58.2023.02.10.00.26.10; Fri, 10 Feb 2023 00:26:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=H2PlDHib; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231420AbjBJIK7 (ORCPT + 99 others); Fri, 10 Feb 2023 03:10:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54438 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231465AbjBJIK4 (ORCPT ); Fri, 10 Feb 2023 03:10:56 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3ECC776D23; Fri, 10 Feb 2023 00:10:18 -0800 (PST) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7g0Kj032359; Fri, 10 Feb 2023 08:09:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=FJTu8g+cFp9v9UBAlDhc/WogF7VPq+5Iyel3+118rCY=; b=H2PlDHib+SbWH3fEFdzBlKGYXdQff0Gok0hbnlBcP+YGZjLjfnJ1Gs+XIBXSuou43mR0 YC+HitVdWCewyIFT9F9ChaZbyddaZkWWssWdo9JhPEi/yYrF2k/OmUUNffbI1SDEK7AA pBOFqx7jbN/wbsFpPuMPqNlMHhCtrgDp0M4HcWIpCnglQ3b5lLfYM421GSG3cvQn5ogu K+xv3RFEU8ONXs5LOGERtKveYj/b/+0/5HQBn7FeRQ9/KtDiXqPmuGe+imc7rmnTtD6q mlERfUOtwaFEdKlH92oPDjYmjk3O4A4ffGf4mYv+la/mcS2nCCDAA/o1vwuiPzNC9NKd 4Q== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurs6m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:09:28 +0000 Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7hPfo003092; Fri, 10 Feb 2023 08:09:27 GMT Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhrurs53-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:09:27 +0000 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319DYWaA001846; Fri, 10 Feb 2023 08:04:24 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma03ams.nl.ibm.com (PPS) with ESMTPS id 3nhf06q4vj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:24 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84M5d30736796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:22 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 381822004D; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA2232004F; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:21 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id BB608609BE; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 20/26] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Date: Fri, 10 Feb 2023 19:03:55 +1100 Message-Id: <20230210080401.345462-21-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ckglOMvGBKNXWo5ZR6d28Ydukc12klHn X-Proofpoint-GUID: tQV0Wjammj_00RiP24XqbwIV5v2hnh7e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 spamscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757431829589019852?= X-GMAIL-MSGID: =?utf-8?q?1757431829589019852?= It seems a bit unnecessary for the PLPKS code to have a user-visible config option when it doesn't do anything on its own, and there's existing options for enabling Secure Boot-related features. It should be enabled by PPC_SECURE_BOOT, which will eventually be what uses PLPKS to populate keyrings. However, we can't get of the separate option completely, because it will also be used for SED Opal purposes. Change PSERIES_PLPKS into a hidden option, which is selected by PPC_SECURE_BOOT. Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey Reviewed-by: Stefan Berger --- v3: New patch v5: Change the previous description into a comment (npiggin) --- arch/powerpc/Kconfig | 1 + arch/powerpc/platforms/pseries/Kconfig | 19 +++++++++---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index b8c4ac56bddc..d4ed46101bec 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -1029,6 +1029,7 @@ config PPC_SECURE_BOOT depends on PPC_POWERNV || PPC_PSERIES depends on IMA_ARCH_POLICY imply IMA_SECURE_AND_OR_TRUSTED_BOOT + select PSERIES_PLPKS if PPC_PSERIES help Systems with firmware secure boot enabled need to define security policies to extend secure boot to the OS. This config allows a user diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index a3b4d99567cb..e51d65969318 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -151,16 +151,15 @@ config IBMEBUS config PSERIES_PLPKS depends on PPC_PSERIES - bool "Support for the Platform Key Storage" - help - PowerVM provides an isolated Platform Keystore(PKS) storage - allocation for each LPAR with individually managed access - controls to store sensitive information securely. It can be - used to store asymmetric public keys or secrets as required - by different usecases. Select this config to enable - operating system interface to hypervisor to access this space. - - If unsure, select N. + bool + # PowerVM provides an isolated Platform Keystore (PKS) storage + # allocation for each LPAR with individually managed access + # controls to store sensitive information securely. It can be + # used to store asymmetric public keys or secrets as required + # by different usecases. + # + # This option is selected by in-kernel consumers that require + # access to the PKS. config PAPR_SCM depends on PPC_PSERIES && MEMORY_HOTPLUG && LIBNVDIMM From patchwork Fri Feb 10 08:03:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55296 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821051wrn; Fri, 10 Feb 2023 00:07:08 -0800 (PST) X-Google-Smtp-Source: AK7set/at8djLUdtyWmnW03nn6xcjLKnx+W6gB+ZOK2NWB6qfnCS5Pv7Eyd7x8MMtGVIgDBx+o/z X-Received: by 2002:a50:d5d9:0:b0:4ab:1584:c0d6 with SMTP id g25-20020a50d5d9000000b004ab1584c0d6mr8617478edj.32.1676016428623; Fri, 10 Feb 2023 00:07:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016428; cv=none; d=google.com; s=arc-20160816; b=EtHWVCHKktTaMwGF2/BO2St7OU7ccB3ZdTMqnavOeL2thMnjGH52eneSQXK1OXUT39 SYWt+8tdk/2cx37jEZAQ5bpnhOp9s1dmMpC5f5ek/rOUhKQ1yz9O8pTIQxpm5fmw/QXB ZaAQ8OCIKYHoqdRDIEOHCtGKzd7qDJfn/OFu93KIMl/UkuAQhHhAGMbDGWqmkK5SYlKd WvfE2lEygK6NPxhIXmR6vZqa1t9z+LUvKjfJhIDnAAmP2C7hfW2CGhUg2Ko9kbu4icc+ 8POWNTC7DUAtfxNgIsFfyhQxZFyqGXMABH/M5yrc8GqxEkzo3SYBxXnZd3D3+kPJLKcA YzAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=OmbOlRdU5FmZKKR16QacPFsw1HIuj25rRAQx2e3ol8A=; b=vcig/uwSqwuqGK2IeWWxbRTwsX4mD8RpMKH55ZUz0BU6lp15w3l8uhb4DeTDM1cGTj xlV+seJVoxUpYqnSWqKyaZFDSA+ipondafcU09l0NqtNmRbr9J6NLOH0FqV/oECmm6GK Yz20Y8W5FA2n7MOt4f2k4yN53yegDIAdx5qYTSHw/tRfk3oMUUvK0EhGjgDa+xND0c+p LcWo37egwMFSgHcuP4eR4/BG66+ZNEe1N0WDwXj+j/XPi/IRfScaHOsUpBrvBoepznf4 CN+PjJ3jd5whKjvuRqWASZiCqQVBEdiyMyViTtgXSXMc6SpaGmHSKRTX7U3uaIO8MyZR AE0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="rMckL//n"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f18-20020a056402005200b0049e37585a7bsi4943671edu.196.2023.02.10.00.06.45; Fri, 10 Feb 2023 00:07:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="rMckL//n"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231655AbjBJIFZ (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46974 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231565AbjBJIE7 (ORCPT ); Fri, 10 Feb 2023 03:04:59 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 511438184C; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A83Ntd008624; Fri, 10 Feb 2023 08:04:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=OmbOlRdU5FmZKKR16QacPFsw1HIuj25rRAQx2e3ol8A=; b=rMckL//nAv4kbJcFhsgHe2kdHx+gEbVE9yFXEncMXaJKkQLwbeOpvMHTlKnHnwjXNHRn GRkOGv2S+xx0/49xkEYg+dMJjHmmjUYRG0UDL9HFgBPOlf1qBYy9sdFeKImtG5zwEg1j 2Zp2taNgmhwc5CXFDdYzRLu4MRlhb+lNaQnIwSe0S9ZI7wYTEd7M2yoWivniV8pR+pah kf01Or+g3M0/Z3Q+50M+TcJMLnPJFAw9O6WzoB/2G/bbHwze8AZD2fhOGqECum+sOBX4 aKZ7iAK9WGc6XsWaqbf8q9EI8WOFt9jtasx0/fy4hfNnGQwLHjcjf8JwwsF9PUn49XcV Pw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r1ch-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A84R8m014504; Fri, 10 Feb 2023 08:04:27 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj30r1aj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31A44NAL016255; Fri, 10 Feb 2023 08:04:25 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3nhf06w3vv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from smtpav04.fra02v.mail.ibm.com (smtpav04.fra02v.mail.ibm.com [10.20.54.103]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84MXH17826358 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:22 GMT Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA8732004F; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from smtpav04.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2836120040; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav04.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id D17A0609C1; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 21/26] powerpc/pseries: Clarify warning when PLPKS password already set Date: Fri, 10 Feb 2023 19:03:56 +1100 Message-Id: <20230210080401.345462-22-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: OYB-GQOs8MHRBvBxIHXpeKTQXm9gcBdw X-Proofpoint-ORIG-GUID: nLjqzLPDYSgfdjY1qcPPd-aIWv2QTVrw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 adultscore=0 impostorscore=0 suspectscore=0 malwarescore=0 priorityscore=1501 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430603076826807?= X-GMAIL-MSGID: =?utf-8?q?1757430603076826807?= When the H_PKS_GEN_PASSWORD hcall returns H_IN_USE, operations that require authentication (i.e. anything other than reading a world-readable variable) will not work. The current error message doesn't explain this clearly enough. Reword it to emphasise that authenticated operations will fail. Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v6: New patch --- arch/powerpc/platforms/pseries/plpks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 926b6a927326..01ae919b4497 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -146,7 +146,7 @@ static int plpks_gen_password(void) memcpy(ospassword, password, ospasswordlength); } else { if (rc == H_IN_USE) { - pr_warn("Password is already set for POWER LPAR Platform KeyStore\n"); + pr_warn("Password already set - authenticated operations will fail\n"); rc = 0; } else { goto out; From patchwork Fri Feb 10 08:03:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55303 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821422wrn; Fri, 10 Feb 2023 00:08:00 -0800 (PST) X-Google-Smtp-Source: AK7set8JThgspljCRU86+EV61YJ/0k7vHBGvd5FmbkN2T3uNZTOzz+RvLuC0bP7Ng9NPlAgySW8i X-Received: by 2002:a50:d547:0:b0:4ab:15d9:2dae with SMTP id f7-20020a50d547000000b004ab15d92daemr8819790edj.14.1676016480321; Fri, 10 Feb 2023 00:08:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016480; cv=none; d=google.com; s=arc-20160816; b=wVMHX34BNYiscuf/YVeRnj4RNlI1MGCGE/wbxvX7AYiDKRo2PBE0P7LimzK41gee4k 6vIAsXqurkGJmf/Hj7YeYd61Ui514IIpDBS7KDMe1WE30kxqP5tZps8QUfhyK/Iq5bNs FYITNH+oXKFShwGYQ7qyOQ/9p2+PY/009ahtR3HNKUBQcH+R4hImACUK0WMXanjKrvak aH9fOoWMX6SuEdbZa6/Q0Sp8gYn7ggIDxko4QGqt0Ylx+MzluBHU/yA1ZVWGweJ6Yj4Z PL9eblWVWBa+cY+BWwgBrEDdBF3M9nSgsYA9nnGKspFgAOTO//KCkjdDChLJu1vZni/a QSoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=w+TVcrzCzgtgNHsymCu63Bi0OTVfuzZdP7nE3gzDQP8=; b=ubTClF/G0uvTUUUCnCA94l9vWF0FdKE8qQEcyCPkzh/Ko2NGC0NOc3MxpPyxdeA46J xhw6IcnsOX4RC4ST9+8ea0KEKlh1fkNAEwxXvGpD0freua1NuJOmpcwV1YglqMzDDSje CrK2pZJVZ6Er+gXXDkbqeYRSh77EaMrjG75yP1fKa1IYfKKOQNFY5ubNXumCJSWUaaZS +7UqSWgCnRQmg4iOcQ+pyCWWXxQ6zIw81y90aAf2EVRBpqsXpPgosNtT2eVpp8osWYnn F/6aCce4R2wO8TjIO1wv8f+zKoa0+ORu/s7vmvJf7PcSagMrjyyCdDa7/pzaZ6NN5oFS uJXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=pJI1la8T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bm8-20020a0564020b0800b004ab1f89c649si3849345edb.337.2023.02.10.00.07.36; Fri, 10 Feb 2023 00:08:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=pJI1la8T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231687AbjBJIF1 (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231590AbjBJIFA (ORCPT ); Fri, 10 Feb 2023 03:05:00 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53FAB8184D; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A80ZJA002097; Fri, 10 Feb 2023 08:04:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=w+TVcrzCzgtgNHsymCu63Bi0OTVfuzZdP7nE3gzDQP8=; b=pJI1la8TLwy9o1274yA/N5K+JKtRLGLR+G6qAcjebma0GdSRCYKYYcY3xX5NLlNvM1pq Leu5dXqbsWrX0xaM77LQ/nDzV/qBUZwavLfIjZt+1bhATWLt33y4Y9weAesAnIbKvKyZ ViH2C+wkyrLE7J2DxfwhV5z1J15fQmMVM2wf5jfaWlg6awGCiHHzS3/swTDPp2py8yUG P6p2uEXx0AIvLSkl44Yl2tuyVeiZsYA+GENEpgGrifTtHbFSSee894CL4qTd5Ebb3Qv+ /OzVizq98mU4BnnM6NVGMUAKYu5xK9VOf5ugxXFi00cgekSG2aCbQYAe7xffd86dqUs1 2w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r033j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:29 +0000 Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A81Hbj007960; Fri, 10 Feb 2023 08:04:28 GMT Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj1r032n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319ECHSp016371; Fri, 10 Feb 2023 08:04:26 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n3uv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84NeT25363008 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:23 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AC06C2004F; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 28D282004B; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id DC894609BD; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 22/26] powerpc/pseries: Add helper to get PLPKS password length Date: Fri, 10 Feb 2023 19:03:57 +1100 Message-Id: <20230210080401.345462-23-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: oU1E0ckx3-nGLdwyDNq6whNiiXUu_k33 X-Proofpoint-GUID: tFkblVUtpxANZT4s6F0h26dlWwpPwuEC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 phishscore=0 impostorscore=0 bulkscore=0 adultscore=0 suspectscore=0 mlxscore=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430657282436947?= X-GMAIL-MSGID: =?utf-8?q?1757430657282436947?= From: Russell Currey Add helper function to get the PLPKS password length. This will be used in a later patch to support passing the password between kernels over kexec. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch v5: Drop plpks_get_password() since we no longer need to expose it. --- arch/powerpc/include/asm/plpks.h | 5 +++++ arch/powerpc/platforms/pseries/plpks.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 0c49969b0864..757313e00521 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -171,6 +171,11 @@ u32 plpks_get_maxlargeobjectsize(void); */ u64 plpks_get_signedupdatealgorithms(void); +/** + * Returns the length of the PLPKS password in bytes. + */ +u16 plpks_get_passwordlen(void); + #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 01ae919b4497..671a10acaebf 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -359,6 +359,11 @@ u64 plpks_get_signedupdatealgorithms(void) return signedupdatealgorithms; } +u16 plpks_get_passwordlen(void) +{ + return ospasswordlength; +} + bool plpks_is_available(void) { int rc; From patchwork Fri Feb 10 08:03:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55308 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821785wrn; Fri, 10 Feb 2023 00:08:51 -0800 (PST) X-Google-Smtp-Source: AK7set81q9UNcSFYbOZauJBa28nDN5rJiQDoRw2kRmXhru2NTeL42qrb921V32PjV2dw3Cwn7DWx X-Received: by 2002:a17:906:4710:b0:870:7b:94db with SMTP id y16-20020a170906471000b00870007b94dbmr14009246ejq.28.1676016530933; Fri, 10 Feb 2023 00:08:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016530; cv=none; d=google.com; s=arc-20160816; b=OngucgRawnkP5nxVjh2uT8m4d16iHXG+GkOFh1uuac2LGlAzzWK/yy1c1JL0hiAiHn h++Ceomin3vP6XUXEPNpXD8NZ3dwCbPYe50wQOXrE3ixFB2Uh/sXBE9KBRTDnYsg6NHN kq//60gfmvctnziQCuNj78TB7iCorN97PjClVK0YBStUNlUhWxsUkc1wYC/wQVHH81gp bXQw46gwIzuQgm4i4zM0phFJPyIw1E/m4apKgRSi+RGN3yhVuFmAvJMwbCVaHgDpUYge 3Yhw8kg6ldOcLOD8DCopy4umGfQ8JHo18d1ROUsNNJtAMHWp8vU7dFkquICLPN5IS7O9 OM+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zSEZrMlK5XdvgnzG74xZ/ZPh+mM8+8y+gjBHHLL40qM=; b=r6dDTtEVLsGiF2N32usm6zE6pimVw7ATjsGMA1lByZojHyZPRN0wuIb6Pdi2ISDfWW HkEeo59GgX6T51t76t0x/hVbwh66CMVwsX5RJHTj7J0txFIysXegxAJSuvIywC2h1JP+ k84B0k0Rt9gMqzOKNPMq6wMnRKgINOnGiXERwLRbMYvbMYQJ4LQZZf7RZntb9Elq5sQp lEDDl0Yrzz5cgpVhm6ItZJIvE3Do4c9wUifOJxLzQRb++F7/RlNzpEZr2aQoXtFbCgC3 ByZOsu1MeKuY4Z6hpFSE5t3n9/hZipV5thJx1z9Gn4W/PGfBxnfpyD0a+SnSbos3olaC /wLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=HafP76kc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p25-20020a056402075900b0049e267d9398si4277919edy.327.2023.02.10.00.08.27; Fri, 10 Feb 2023 00:08:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=HafP76kc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231752AbjBJIGO (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231599AbjBJIFE (ORCPT ); Fri, 10 Feb 2023 03:05:04 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3470881849; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7hGwP006814; Fri, 10 Feb 2023 08:04:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=zSEZrMlK5XdvgnzG74xZ/ZPh+mM8+8y+gjBHHLL40qM=; b=HafP76kcZgiCBadFYK7iBCh0TMvmNEAX/Tu3eKDheSuevQ0hRqHLUCiUcF0YcRYvbEd8 2AHYLaGUt4skkGwxX2tgDNzBOmw36J+c25YM/Lkm+fvzmKXcNyjGip5kRkaYbppUb5Mh 02ovzSxaV7yHvWnbk38Z/KqNYi0gS88BR88oWC2j1P2SgYClnP8UItpZho9wiNzvXvuQ mi6LEn+KjscHv1ve4e1GHXWOC1sbWVmDoFe5q8B8jB1y3nVQMEKguCzyaKCQXKRD/m5s WcubVfWQ/cd5CJlmYMZm/wa/etQywdgqyPEfxF6YJ8IuZUqfnznjr51WV6T8YYvmR4gK Bg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhr3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7jIOU014131; Fri, 10 Feb 2023 08:04:28 GMT Received: from ppma05fra.de.ibm.com (6c.4a.5195.ip4.static.sl-reverse.com [149.81.74.108]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhph-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from pps.filterd (ppma05fra.de.ibm.com [127.0.0.1]) by ppma05fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319M5HkL017256; Fri, 10 Feb 2023 08:04:26 GMT Received: from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230]) by ppma05fra.de.ibm.com (PPS) with ESMTPS id 3nhf06w4au-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84NqG23593382 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:23 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 31BB620040; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2A3842004D; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id E8BAA609C3; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 23/26] powerpc/pseries: Pass PLPKS password on kexec Date: Fri, 10 Feb 2023 19:03:58 +1100 Message-Id: <20230210080401.345462-24-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: UyQQHUI7rD3uf3eYxFOd24zj4LWhQWo_ X-Proofpoint-ORIG-GUID: ZZOfsixlVGk2DcgzlSCRD_Rb34zmUUX- X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430709709793067?= X-GMAIL-MSGID: =?utf-8?q?1757430709709793067?= From: Russell Currey Before interacting with the PLPKS, we ask the hypervisor to generate a password for the current boot, which is then required for most further PLPKS operations. If we kexec into a new kernel, the new kernel will try and fail to generate a new password, as the password has already been set. Pass the password through to the new kernel via the device tree, in /chosen/ibm,plpks-pw. Check for the presence of this property before trying to generate a new password - if it exists, use the existing password and remove it from the device tree. This only works with the kexec_file_load() syscall, not the older kexec_load() syscall, however if you're using Secure Boot then you want to be using kexec_file_load() anyway. Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch) Fix error handling on fdt_path_offset() call (ruscur) v5: Fix DT property name in commit message (npiggin) Clear prop in FDT during init to prevent password exposure (mpe) Rework to remove ifdefs from C code (npiggin) v6: Rebase on top of 7294194b47e994753a86eee8cf1c61f3f36458a3 and fc546faa559538fb312c77e055243ece18ab3288 Whitespace (stefanb) Use more const (stefanb) Get rid of FDT extra space allocation for node overhead, as it shouldn't be necessary (ruscur) Note kexec_file_load() restriction in commit message --- arch/powerpc/include/asm/plpks.h | 14 ++++++ arch/powerpc/kernel/prom.c | 4 ++ arch/powerpc/kexec/file_load_64.c | 18 +++++--- arch/powerpc/platforms/pseries/plpks.c | 61 ++++++++++++++++++++++++++ 4 files changed, 92 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h index 757313e00521..23b77027c916 100644 --- a/arch/powerpc/include/asm/plpks.h +++ b/arch/powerpc/include/asm/plpks.h @@ -176,6 +176,20 @@ u64 plpks_get_signedupdatealgorithms(void); */ u16 plpks_get_passwordlen(void); +/** + * Called in early init to retrieve and clear the PLPKS password from the DT. + */ +void plpks_early_init_devtree(void); + +/** + * Populates the FDT with the PLPKS password to prepare for kexec. + */ +int plpks_populate_fdt(void *fdt); +#else // CONFIG_PSERIES_PLPKS +static inline bool plpks_is_available(void) { return false; } +static inline u16 plpks_get_passwordlen(void) { BUILD_BUG(); } +static inline void plpks_early_init_devtree(void) { } +static inline int plpks_populate_fdt(void *fdt) { BUILD_BUG(); } #endif // CONFIG_PSERIES_PLPKS #endif // _ASM_POWERPC_PLPKS_H diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c index 4f1c920aa13e..8a13b378770f 100644 --- a/arch/powerpc/kernel/prom.c +++ b/arch/powerpc/kernel/prom.c @@ -56,6 +56,7 @@ #include #include #include +#include #include @@ -893,6 +894,9 @@ void __init early_init_devtree(void *params) powerpc_firmware_features |= FW_FEATURE_PS3_POSSIBLE; #endif + /* If kexec left a PLPKS password in the DT, get it and clear it */ + plpks_early_init_devtree(); + tm_init(); DBG(" <- early_init_devtree()\n"); diff --git a/arch/powerpc/kexec/file_load_64.c b/arch/powerpc/kexec/file_load_64.c index 52085751f5f4..8a9469e1ce71 100644 --- a/arch/powerpc/kexec/file_load_64.c +++ b/arch/powerpc/kexec/file_load_64.c @@ -27,6 +27,7 @@ #include #include #include +#include struct umem_info { u64 *buf; /* data buffer for usable-memory property */ @@ -977,12 +978,17 @@ static unsigned int cpu_node_size(void) */ unsigned int kexec_extra_fdt_size_ppc64(struct kimage *image) { - unsigned int cpu_nodes, extra_size; + unsigned int cpu_nodes, extra_size = 0; struct device_node *dn; u64 usm_entries; + // Budget some space for the password blob. There's already extra space + // for the key name + if (plpks_is_available()) + extra_size += (unsigned int)plpks_get_passwordlen(); + if (image->type != KEXEC_TYPE_CRASH) - return 0; + return extra_size; /* * For kdump kernel, account for linux,usable-memory and @@ -992,9 +998,7 @@ unsigned int kexec_extra_fdt_size_ppc64(struct kimage *image) if (drmem_lmb_size()) { usm_entries = ((memory_hotplug_max() / drmem_lmb_size()) + (2 * (resource_size(&crashk_res) / drmem_lmb_size()))); - extra_size = (unsigned int)(usm_entries * sizeof(u64)); - } else { - extra_size = 0; + extra_size += (unsigned int)(usm_entries * sizeof(u64)); } /* @@ -1233,6 +1237,10 @@ int setup_new_fdt_ppc64(const struct kimage *image, void *fdt, } } + // If we have PLPKS active, we need to provide the password to the new kernel + if (plpks_is_available()) + ret = plpks_populate_fdt(fdt); + out: kfree(rmem); kfree(umem); diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 671a10acaebf..cdf09e5bd741 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -16,6 +16,9 @@ #include #include #include +#include +#include +#include #include #include #include @@ -128,6 +131,12 @@ static int plpks_gen_password(void) u8 *password, consumer = PLPKS_OS_OWNER; int rc; + // If we booted from kexec, we could be reusing an existing password already + if (ospassword) { + pr_debug("Password of length %u already in use\n", ospasswordlength); + return 0; + } + // The password must not cross a page boundary, so we align to the next power of 2 password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) @@ -621,6 +630,58 @@ int plpks_read_bootloader_var(struct plpks_var *var) return plpks_read_var(PLPKS_BOOTLOADER_OWNER, var); } +int plpks_populate_fdt(void *fdt) +{ + int chosen_offset = fdt_path_offset(fdt, "/chosen"); + + if (chosen_offset < 0) { + pr_err("Can't find chosen node: %s\n", + fdt_strerror(chosen_offset)); + return chosen_offset; + } + + return fdt_setprop(fdt, chosen_offset, "ibm,plpks-pw", ospassword, ospasswordlength); +} + +// Once a password is registered with the hypervisor it cannot be cleared without +// rebooting the LPAR, so to keep using the PLPKS across kexec boots we need to +// recover the previous password from the FDT. +// +// There are a few challenges here. We don't want the password to be visible to +// users, so we need to clear it from the FDT. This has to be done in early boot. +// Clearing it from the FDT would make the FDT's checksum invalid, so we have to +// manually cause the checksum to be recalculated. +void __init plpks_early_init_devtree(void) +{ + void *fdt = initial_boot_params; + int chosen_node = fdt_path_offset(fdt, "/chosen"); + const u8 *password; + int len; + + if (chosen_node < 0) + return; + + password = fdt_getprop(fdt, chosen_node, "ibm,plpks-pw", &len); + if (len <= 0) { + pr_debug("Couldn't find ibm,plpks-pw node.\n"); + return; + } + + ospassword = memblock_alloc_raw(len, SMP_CACHE_BYTES); + if (!ospassword) { + pr_err("Error allocating memory for password.\n"); + goto out; + } + + memcpy(ospassword, password, len); + ospasswordlength = (u16)len; + +out: + fdt_nop_property(fdt, chosen_node, "ibm,plpks-pw"); + // Since we've cleared the password, we must update the FDT checksum + early_init_dt_verify(fdt); +} + static __init int pseries_plpks_init(void) { int rc; From patchwork Fri Feb 10 08:03:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55297 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821160wrn; Fri, 10 Feb 2023 00:07:26 -0800 (PST) X-Google-Smtp-Source: AK7set9HpperzB9/mZN5TKLr/MLVF6ISpVZsJTVdxKDnDFFpmkjC2YFawIGKmCEU4jrnKuUBHUl5 X-Received: by 2002:a17:906:9142:b0:881:23a:aba5 with SMTP id y2-20020a170906914200b00881023aaba5mr15358699ejw.11.1676016445855; Fri, 10 Feb 2023 00:07:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016445; cv=none; d=google.com; s=arc-20160816; b=q4kxoXktr712MoNcFb75HlzsDa+eyoXVTZez6bDWWyVN1gVEQWedYk3Ksq+XMvOMPi sDg1N3iu+XDYFr5l41NukhqE6VM9/FI8160wpqt930LmrsVr+v4OYz2lBO9K79hYsu1h I9nlC4q60wy/03CQrM0SDEPGwaj/aceKMohpKL30cWt4zxy7dgSYKai6QY3BkBjl0ITr qxc219QgOoHMFvzfvK+1IVTD08UZ1KCmDnVUCSnsgYSnE2ShOhhgiIEu3gv8uvkUcbzL Np/QD7GMLrGkSRcL1r4+ODsXo6HyNGhXTlQmbGlH9AQvRGLhOF1KNZPSZD2QCJtgoMC5 psBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=I+D+A0QX2wfbmGLLDSk3cjMZ4HQslRdu7FKsqXL1w74=; b=fFUNZL9KlOmjDMArEM6b8ObGF9TDfIeSmcwFlFbeYaXZh37wzmcWDcabkPKxkZrWM1 T5kYtw5ynTewR8naSZW3MRc23c9E6M4gHNeqZew4qqclDN+//nq2NtVf4dxOEImpn62j HfKrrtIKMKPUjrUZIdf7TJoogo9rHsCASOcIB9Q0akdqR+3+2GOSNTDQ8i5E+AzgGEaJ 0pe1RFtDZGr7TzVuSaSS+v8SPMoKtHZs9JBn0ExlbZR9s/vomGri/HsWhtkzrwiaMHL4 pvLAFVLZfsB1fecUSe4ZoowKtQla5/UllP2cPekL3FCnvZi8sVH33RaxxhkMI3mWj8Zv r7/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="D/nAOklO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fe19-20020a1709072a5300b0087783864543si5450074ejc.591.2023.02.10.00.07.03; Fri, 10 Feb 2023 00:07:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="D/nAOklO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231590AbjBJIF4 (ORCPT + 99 others); Fri, 10 Feb 2023 03:05:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231634AbjBJIFU (ORCPT ); Fri, 10 Feb 2023 03:05:20 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DCFE80759; Fri, 10 Feb 2023 00:04:38 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7wlVR014392; Fri, 10 Feb 2023 08:04:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=I+D+A0QX2wfbmGLLDSk3cjMZ4HQslRdu7FKsqXL1w74=; b=D/nAOklOhpQJdolVDh4CJL4KJSTHbFbEdIz9bmBqWbwCTF6D7C6H7U2rFuu6q2hThlQV Kot59p+GsjLxk4nDDz5AScdsto+QXOqJS7HCGq+D5dMrYnfEapEr48s7378lPoPvGC+Q R/7+OVEgQ4QkFHTDHRblaIWOnV95ETjQIk37rYBgTEv/YuCODgZUUCzK+LZjlkQJonu8 Wyi65tWDHpcDmPJxIdJjXiH4TKvCp6eY5rIT6xD1aqfz1blvbKdcLDP4HYJxa16X7szv KToeUB/dsHBONfRw7clXwgyhbIQvCPyqA76ZIeEkMsl3zLV8cUw40AekX59eR162pbun 4w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5h3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:30 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A8335s000679; Fri, 10 Feb 2023 08:04:29 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5ff-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:29 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319NQ54N020277; Fri, 10 Feb 2023 08:04:27 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3nhf06w3vx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from smtpav07.fra02v.mail.ibm.com (smtpav07.fra02v.mail.ibm.com [10.20.54.106]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84O1S47972840 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:24 GMT Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3842820040; Fri, 10 Feb 2023 08:04:24 +0000 (GMT) Received: from smtpav07.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 278F920043; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav07.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id F3AD8609C4; Fri, 10 Feb 2023 19:04:15 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 24/26] powerpc/pseries: Implement secvars for dynamic secure boot Date: Fri, 10 Feb 2023 19:03:59 +1100 Message-Id: <20230210080401.345462-25-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: kyumNLgpHDMQYxLSnJq4X9WtX_jt334d X-Proofpoint-GUID: 8MDylHFPynForbFAwTDKmUMUaSP077Qm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 phishscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 mlxscore=0 suspectscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430620359655961?= X-GMAIL-MSGID: =?utf-8?q?1757430620359655961?= From: Russell Currey The pseries platform can support dynamic secure boot (i.e. secure boot using user-defined keys) using variables contained with the PowerVM LPAR Platform KeyStore (PLPKS). Using the powerpc secvar API, expose the relevant variables for pseries dynamic secure boot through the existing secvar filesystem layout. The relevant variables for dynamic secure boot are signed in the keystore, and can only be modified using the H_PKS_SIGNED_UPDATE hcall. Object labels in the keystore are encoded using ucs2 format. With our fixed variable names we don't have to care about encoding outside of the necessary byte padding. When a user writes to a variable, the first 8 bytes of data must contain the signed update flags as defined by the hypervisor. When a user reads a variable, the first 4 bytes of data contain the policies defined for the object. Limitations exist due to the underlying implementation of sysfs binary attributes, as is the case for the OPAL secvar implementation - partial writes are unsupported and writes cannot be larger than PAGE_SIZE. (Even when using bin_attributes, which can be larger than a single page, sysfs only gives us one page's worth of write buffer at a time, and the hypervisor does not expose an interface for partial writes.) Co-developed-by: Nayna Jain Signed-off-by: Nayna Jain Co-developed-by: Andrew Donnellan Signed-off-by: Andrew Donnellan Signed-off-by: Russell Currey --- v2: Remove unnecessary config vars from sysfs and document the others, thanks to review from Greg. If we end up needing to expose more, we can add them later and update the docs. Use sysfs_emit() instead of sprintf(), thanks to Greg. Change the size of the sysfs binary attributes to include the 8-byte flags header, preventing truncation of large writes. v3: plpks_set_variable(): pass var to plpks_signed_update_var() as a pointer (mpe) Update copyright date (ajd) Consistent comment style (ajd) Change device_initcall() to machine_arch_initcall(pseries...) so we don't try to load on powernv and kill the machine (mpe) Add config attributes into plpks_secvar_ops (mpe) Get rid of PLPKS_SECVAR_COUNT macro (mpe) Reworded descriptions in ABI documentation (mpe) Switch to using secvar_ops->var_names rather than secvar_ops->get_next() (ajd/mpe) Optimise allocation/copying of buffers (mpe) Elaborate the comment documenting the "format" string (mpe) Return -EIO on errors in the read case (mpe) Add "grubdbx" variable (Sudhakar Kuppusamy) Use utf8s_to_utf16s() rather than our own "UCS-2" conversion code (mpe) Change uint64_t to u64 (mpe) Fix SB_VERSION data length (ruscur) Stop prepending policy data on read (ruscur) Enforce max format length on format string (not strictly needed, but makes the length limit clear) (ajd) Update include of plpks.h to reflect new path (ruscur) Consistent constant naming scheme (ruscur) v4: Return set_secvar_ops() return code Pass buffer size to plpks_secvar_format() (stefanb, npiggin) Add missing null check (stefanb) Add comment to commit message explaining PAGE_SIZE write limit (joel) v5: Add comment explaining why we use "key_len - 1" (npiggin) Use strlen(var.name) instead of hardcoding 10 as length of "SB_VERSION" (npiggin) Improve comments about use of SB_VERSION and format string (npiggin) Change "+ 8" to "+ sizeof(u64)" when accounting for flags size in working out file's max size (npiggin) Compile plpks-secvar.c based on CONFIG_PPC_SECURE_BOOT, not CONFIG_PPC_SECVAR_SYSFS, as the secvar backend is needed for loading keys into keyrings even if the sysfs interface is disabled (ajd) v6: Update date in ABI docs (stefanb) Get rid of 1 byte kzalloc (npiggin) --- Documentation/ABI/testing/sysfs-secvar | 75 +++++- arch/powerpc/platforms/pseries/Makefile | 4 +- arch/powerpc/platforms/pseries/plpks-secvar.c | 218 ++++++++++++++++++ 3 files changed, 294 insertions(+), 3 deletions(-) create mode 100644 arch/powerpc/platforms/pseries/plpks-secvar.c diff --git a/Documentation/ABI/testing/sysfs-secvar b/Documentation/ABI/testing/sysfs-secvar index feebb8c57294..857cf12b0904 100644 --- a/Documentation/ABI/testing/sysfs-secvar +++ b/Documentation/ABI/testing/sysfs-secvar @@ -18,6 +18,14 @@ Description: A string indicating which backend is in use by the firmware. This determines the format of the variable and the accepted format of variable updates. + On powernv/OPAL, this value is provided by the OPAL firmware + and is expected to be "ibm,edk2-compat-v1". + + On pseries/PLPKS, this is generated by the kernel based on the + version number in the SB_VERSION variable in the keystore, and + has the form "ibm,plpks-sb-v", or + "ibm,plpks-sb-unknown" if there is no SB_VERSION variable. + What: /sys/firmware/secvar/vars/ Date: August 2019 Contact: Nayna Jain @@ -34,7 +42,7 @@ Description: An integer representation of the size of the content of the What: /sys/firmware/secvar/vars//data Date: August 2019 -Contact: Nayna Jain h +Contact: Nayna Jain Description: A read-only file containing the value of the variable. The size of the file represents the maximum size of the variable data. @@ -44,3 +52,68 @@ Contact: Nayna Jain Description: A write-only file that is used to submit the new value for the variable. The size of the file represents the maximum size of the variable data that can be written. + +What: /sys/firmware/secvar/config +Date: February 2023 +Contact: Nayna Jain +Description: This optional directory contains read-only config attributes as + defined by the secure variable implementation. All data is in + ASCII format. The directory is only created if the backing + implementation provides variables to populate it, which at + present is only PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/version +Date: February 2023 +Contact: Nayna Jain +Description: Config version as reported by the hypervisor in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/max_object_size +Date: February 2023 +Contact: Nayna Jain +Description: Maximum allowed size of objects in the keystore in bytes, + represented in ASCII decimal format. + + This is not necessarily the same as the max size that can be + written to an update file as writes can contain more than + object data, you should use the size of the update file for + that purpose. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/total_size +Date: February 2023 +Contact: Nayna Jain +Description: Total size of the PLPKS in bytes, represented in ASCII decimal + format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/used_space +Date: February 2023 +Contact: Nayna Jain +Description: Current space consumed by the key store, in bytes, represented + in ASCII decimal format. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/supported_policies +Date: February 2023 +Contact: Nayna Jain +Description: Bitmask of supported policy flags by the hypervisor, + represented as an 8 byte hexadecimal ASCII string. Consult the + hypervisor documentation for what these flags are. + + Currently only provided by PLPKS on the pseries platform. + +What: /sys/firmware/secvar/config/signed_update_algorithms +Date: February 2023 +Contact: Nayna Jain +Description: Bitmask of flags indicating which algorithms the hypervisor + supports for signed update of objects, represented as a 16 byte + hexadecimal ASCII string. Consult the hypervisor documentation + for what these flags mean. + + Currently only provided by PLPKS on the pseries platform. diff --git a/arch/powerpc/platforms/pseries/Makefile b/arch/powerpc/platforms/pseries/Makefile index 92310202bdd7..20a0f3c3fe04 100644 --- a/arch/powerpc/platforms/pseries/Makefile +++ b/arch/powerpc/platforms/pseries/Makefile @@ -27,8 +27,8 @@ obj-$(CONFIG_PAPR_SCM) += papr_scm.o obj-$(CONFIG_PPC_SPLPAR) += vphn.o obj-$(CONFIG_PPC_SVM) += svm.o obj-$(CONFIG_FA_DUMP) += rtas-fadump.o -obj-$(CONFIG_PSERIES_PLPKS) += plpks.o - +obj-$(CONFIG_PSERIES_PLPKS) += plpks.o +obj-$(CONFIG_PPC_SECURE_BOOT) += plpks-secvar.o obj-$(CONFIG_SUSPEND) += suspend.o obj-$(CONFIG_PPC_VAS) += vas.o vas-sysfs.o diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c b/arch/powerpc/platforms/pseries/plpks-secvar.c new file mode 100644 index 000000000000..98d0f2b31e0d --- /dev/null +++ b/arch/powerpc/platforms/pseries/plpks-secvar.c @@ -0,0 +1,218 @@ +// SPDX-License-Identifier: GPL-2.0-only + +// Secure variable implementation using the PowerVM LPAR Platform KeyStore (PLPKS) +// +// Copyright 2022, 2023 IBM Corporation +// Authors: Russell Currey +// Andrew Donnellan +// Nayna Jain + +#define pr_fmt(fmt) "secvar: "fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// Config attributes for sysfs +#define PLPKS_CONFIG_ATTR(name, fmt, func) \ + static ssize_t name##_show(struct kobject *kobj, \ + struct kobj_attribute *attr, \ + char *buf) \ + { \ + return sysfs_emit(buf, fmt, func()); \ + } \ + static struct kobj_attribute attr_##name = __ATTR_RO(name) + +PLPKS_CONFIG_ATTR(version, "%u\n", plpks_get_version); +PLPKS_CONFIG_ATTR(max_object_size, "%u\n", plpks_get_maxobjectsize); +PLPKS_CONFIG_ATTR(total_size, "%u\n", plpks_get_totalsize); +PLPKS_CONFIG_ATTR(used_space, "%u\n", plpks_get_usedspace); +PLPKS_CONFIG_ATTR(supported_policies, "%08x\n", plpks_get_supportedpolicies); +PLPKS_CONFIG_ATTR(signed_update_algorithms, "%016llx\n", plpks_get_signedupdatealgorithms); + +static const struct attribute *config_attrs[] = { + &attr_version.attr, + &attr_max_object_size.attr, + &attr_total_size.attr, + &attr_used_space.attr, + &attr_supported_policies.attr, + &attr_signed_update_algorithms.attr, + NULL, +}; + +static u32 get_policy(const char *name) +{ + if ((strcmp(name, "db") == 0) || + (strcmp(name, "dbx") == 0) || + (strcmp(name, "grubdb") == 0) || + (strcmp(name, "grubdbx") == 0) || + (strcmp(name, "sbat") == 0)) + return (PLPKS_WORLDREADABLE | PLPKS_SIGNEDUPDATE); + else + return PLPKS_SIGNEDUPDATE; +} + +static const char * const plpks_var_names[] = { + "PK", + "KEK", + "db", + "dbx", + "grubdb", + "grubdbx", + "sbat", + "moduledb", + "trustedcadb", + NULL, +}; + +static int plpks_get_variable(const char *key, u64 key_len, u8 *data, + u64 *data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + + // We subtract 1 from key_len because we don't need to include the + // null terminator at the end of the string + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + var.os = PLPKS_VAR_LINUX; + if (data) { + var.data = data; + var.datalen = *data_size; + } + rc = plpks_read_os_var(&var); + + if (rc) + goto err; + + *data_size = var.datalen; + +err: + kfree(var.name); + if (rc && rc != -ENOENT) { + pr_err("Failed to read variable '%s': %d\n", key, rc); + // Return -EIO since userspace probably doesn't care about the + // specific error + rc = -EIO; + } + return rc; +} + +static int plpks_set_variable(const char *key, u64 key_len, u8 *data, + u64 data_size) +{ + struct plpks_var var = {0}; + int rc = 0; + u64 flags; + + // Secure variables need to be prefixed with 8 bytes of flags. + // We only want to perform the write if we have at least one byte of data. + if (data_size <= sizeof(flags)) + return -EINVAL; + + // We subtract 1 from key_len because we don't need to include the + // null terminator at the end of the string + var.name = kcalloc(key_len - 1, sizeof(wchar_t), GFP_KERNEL); + if (!var.name) + return -ENOMEM; + rc = utf8s_to_utf16s(key, key_len - 1, UTF16_LITTLE_ENDIAN, (wchar_t *)var.name, + key_len - 1); + if (rc < 0) + goto err; + var.namelen = rc * 2; + + memcpy(&flags, data, sizeof(flags)); + + var.datalen = data_size - sizeof(flags); + var.data = data + sizeof(flags); + var.os = PLPKS_VAR_LINUX; + var.policy = get_policy(key); + + // Unlike in the read case, the plpks error code can be useful to + // userspace on write, so we return it rather than just -EIO + rc = plpks_signed_update_var(&var, flags); + +err: + kfree(var.name); + return rc; +} + +// PLPKS dynamic secure boot doesn't give us a format string in the same way OPAL does. +// Instead, report the format using the SB_VERSION variable in the keystore. +// The string is made up by us, and takes the form "ibm,plpks-sb-v" (or "ibm,plpks-sb-unknown" +// if the SB_VERSION variable doesn't exist). Hypervisor defines the SB_VERSION variable as a +// "1 byte unsigned integer value". +static ssize_t plpks_secvar_format(char *buf, size_t bufsize) +{ + struct plpks_var var = {0}; + ssize_t ret; + u8 version; + + var.component = NULL; + // Only the signed variables have null bytes in their names, this one doesn't + var.name = "SB_VERSION"; + var.namelen = strlen(var.name); + var.datalen = 1; + var.data = &version; + + // Unlike the other vars, SB_VERSION is owned by firmware instead of the OS + ret = plpks_read_fw_var(&var); + if (ret) { + if (ret == -ENOENT) { + ret = snprintf(buf, bufsize, "ibm,plpks-sb-unknown"); + } else { + pr_err("Error %ld reading SB_VERSION from firmware\n", ret); + ret = -EIO; + } + goto err; + } + + ret = snprintf(buf, bufsize, "ibm,plpks-sb-v%hhu", version); + +err: + kfree(var.data); + return ret; +} + +static int plpks_max_size(u64 *max_size) +{ + // The max object size reported by the hypervisor is accurate for the + // object itself, but we use the first 8 bytes of data on write as the + // signed update flags, so the max size a user can write is larger. + *max_size = (u64)plpks_get_maxobjectsize() + sizeof(u64); + + return 0; +} + + +static const struct secvar_operations plpks_secvar_ops = { + .get = plpks_get_variable, + .set = plpks_set_variable, + .format = plpks_secvar_format, + .max_size = plpks_max_size, + .config_attrs = config_attrs, + .var_names = plpks_var_names, +}; + +static int plpks_secvar_init(void) +{ + if (!plpks_is_available()) + return -ENODEV; + + return set_secvar_ops(&plpks_secvar_ops); +} +machine_device_initcall(pseries, plpks_secvar_init); From patchwork Fri Feb 10 08:04:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55309 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp822037wrn; Fri, 10 Feb 2023 00:09:35 -0800 (PST) X-Google-Smtp-Source: AK7set/N9Xmn4WzfB648g4uKJdA3snPunRK9z9BA2RpCCTxNhxK9Q5jl29VzDgvyohHdydg7USJ2 X-Received: by 2002:a50:d084:0:b0:4aa:c7ed:b965 with SMTP id v4-20020a50d084000000b004aac7edb965mr16355278edd.9.1676016575646; Fri, 10 Feb 2023 00:09:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016575; cv=none; d=google.com; s=arc-20160816; b=RhKdSEY/k1KtnVmI/GSeeep6kbvTBzOColHqO9DEeVEyk6eiBagC3Cfrp/Gqjmrq2z e+tVWjEcN3Zoh9qF6XhqDNMl6U/sUYkDMXRr3zmIaD6GpG61lIp/sCderbVVRJuqdBLf 9X1dNTxFfz7FSPbjHPgtU+E/ysWfRQKtFIBMXUV91o1Co/17DsTEY1uAWkQQKBzc0aRC UX9c6P6fjKIEIG1+2fB2S+tapJHsIFP24iq3vJQQD9lr7EwjnUb6j0ibu5P/cqIKAjQs +6tVLHCLecgip2Fbk9T2Wxy9pjtKuQHRAhqPwXnJ2AVG38JMvK1PLBkxXhF4syq4w8f5 xomw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WMu/Zb3Iphqdf5G/sJin/L6+0Yox6l6Bi4TmsUaD9TQ=; b=Os4P9NQGZ7BrhEVM2Nkcitnoy1wOV0mYSJvBFSZVDPDg98N1seAqFk6QbIOI7yaLj9 1y8flFb5cQ31MRrHX+tFCfxDQ/OxDTi0opWO3Hj0V+/jDL9Z8a5tnVBMNI3kGzW5Va21 k8d95oKv+mEq0rHUm2kZ+hGvA6xaXEROeI+m3zUhgr74HjNiZZhddX7Ro9QpRqfmBRmf ywcyGAzSUHJzPrd14nDaNu1u8zjUk/1AsfzLtn2RBanAzxAuQFw/zxXC1hTk78mYyjDM tJouezVl27oMEr825oM5VSBYes7/1qkP8m0noqjPm/ponfQxoxHBGuysVvnSNMA4ZCiF bbaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UCmJaO45; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z8-20020aa7cf88000000b004ab41ef87c3si1724423edx.442.2023.02.10.00.09.09; Fri, 10 Feb 2023 00:09:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=UCmJaO45; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231739AbjBJIGM (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47114 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231601AbjBJIFE (ORCPT ); Fri, 10 Feb 2023 03:05:04 -0500 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 729C08184F; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7hHQB006819; Fri, 10 Feb 2023 08:04:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=WMu/Zb3Iphqdf5G/sJin/L6+0Yox6l6Bi4TmsUaD9TQ=; b=UCmJaO45nvIV0W7EGfHgNcSql7sDe54v/Kae5Fgm3Us/NNB4pzFW3hr8v/55lVZcwzBT ROUGF8PG0sdHepscyGv41DUv87aEH7zdbb8mtA7FmjruKaHbkpHwYp/GLZ7qq3Lh4gP5 VVpSGecC3Pbz1Ps7Qj+yCYN5ppeGbR/Gj45ULJTWCHpWQI/7kPNw29AIrx5x2YMIKqr/ secn9BhgN/0RdDIa+m3yRnSXIjJxgGhtbyH1WZNs8zSAd0E1mFnWrfj1TA9yMWyTCIMg Z82n0rRraEXdmWSGlRY05aBxRVhqsXidzwokW4KpJVUGNriIGmz7bZxDQ+k6j7Dl5DL4 XQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhqv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A7lVKx022488; Fri, 10 Feb 2023 08:04:27 GMT Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnhsjrhp4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:27 +0000 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319J2h8U016244; Fri, 10 Feb 2023 08:04:25 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma04fra.de.ibm.com (PPS) with ESMTPS id 3nhf06w3vw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:25 +0000 Received: from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com [10.20.54.100]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84M9G31523290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:22 GMT Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF03820040; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2BFCF2004B; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 15538609C2; Fri, 10 Feb 2023 19:04:16 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 25/26] integrity/powerpc: Improve error handling & reporting when loading certs Date: Fri, 10 Feb 2023 19:04:00 +1100 Message-Id: <20230210080401.345462-26-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Em6Yri6B21nTAEyUorthCqs09ILSRYOM X-Proofpoint-ORIG-GUID: 7Iv5FbqKSN2l7pMBiH0sVq6x69BUo64f X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 bulkscore=0 suspectscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 clxscore=1015 mlxlogscore=999 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430756834652813?= X-GMAIL-MSGID: =?utf-8?q?1757430756834652813?= From: Russell Currey A few improvements to load_powerpc.c: - include integrity.h for the pr_fmt() - move all error reporting out of get_cert_list() - use ERR_PTR() to better preserve error detail - don't use pr_err() for missing keys Reviewed-by: Mimi Zohar Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan --- v3: New patch --- .../integrity/platform_certs/load_powerpc.c | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index 1e4f80a4e71c..dee51606d5f4 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -14,9 +14,15 @@ #include #include #include "keyring_handler.h" +#include "../integrity.h" /* * Get a certificate list blob from the named secure variable. + * + * Returns: + * - a pointer to a kmalloc'd buffer containing the cert list on success + * - NULL if the key does not exist + * - an ERR_PTR on error */ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) { @@ -25,19 +31,19 @@ static __init void *get_cert_list(u8 *key, unsigned long keylen, u64 *size) rc = secvar_ops->get(key, keylen, NULL, size); if (rc) { - pr_err("Couldn't get size: %d\n", rc); - return NULL; + if (rc == -ENOENT) + return NULL; + return ERR_PTR(rc); } db = kmalloc(*size, GFP_KERNEL); if (!db) - return NULL; + return ERR_PTR(-ENOMEM); rc = secvar_ops->get(key, keylen, db, size); if (rc) { kfree(db); - pr_err("Error reading %s var: %d\n", key, rc); - return NULL; + return ERR_PTR(rc); } return db; @@ -69,7 +75,11 @@ static int __init load_powerpc_certs(void) */ db = get_cert_list("db", 3, &dbsize); if (!db) { - pr_err("Couldn't get db list from firmware\n"); + pr_info("Couldn't get db list from firmware\n"); + } else if (IS_ERR(db)) { + rc = PTR_ERR(db); + pr_err("Error reading db from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:db", db, dbsize, get_handler_for_db); @@ -81,6 +91,10 @@ static int __init load_powerpc_certs(void) dbx = get_cert_list("dbx", 4, &dbxsize); if (!dbx) { pr_info("Couldn't get dbx list from firmware\n"); + } else if (IS_ERR(dbx)) { + rc = PTR_ERR(dbx); + pr_err("Error reading dbx from firmware: %d\n", rc); + return rc; } else { rc = parse_efi_signature_list("powerpc:dbx", dbx, dbxsize, get_handler_for_dbx); From patchwork Fri Feb 10 08:04:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 55299 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp821268wrn; Fri, 10 Feb 2023 00:07:38 -0800 (PST) X-Google-Smtp-Source: AK7set/ccuQk/JfKbMAhqQe7G61N1fA05xLxiKelYm7jIZUahhlshjQEbjbZAXkMzKDyAbXsQY6m X-Received: by 2002:a17:906:dc9:b0:888:33a:e359 with SMTP id p9-20020a1709060dc900b00888033ae359mr14733163eji.38.1676016458648; Fri, 10 Feb 2023 00:07:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676016458; cv=none; d=google.com; s=arc-20160816; b=solkvAqwqfeXzlckuKq5tSe4JIcTLnuuiFbiDjiJEu7WakKFkehFw42tVfh1sULcf4 7jca+CaXmtdZnb+jZ6D6b835PfJivKDe3Haet4avHFcC7yJmtoBbrc4NJmsZ5/MkoRVt nYhn2dkYlNyJrd/g0iCA1GVs29Mxd8Lk++fidmsh8XzZV/enFnWnVlPZ3BvcT1SIXlBB cI/NxiEPsszjMlfCZdvbOZFawZn6XWPqTskLHV+iMSV0yYPTP4SyG3HT7gO8+84T35me H3epRgzMnz0Cv8CPyRGZBh7lViWzvwJxhDdQwQQDqxgbz9B+3MXEZTeusJTbCbgdMuGC OISQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=rrTNg83lJ7wakaXXcijVCkkIStFN8UYyTvaL1kZX0qY=; b=acWgF6+H6yHyxkneYJaH3QdBYQsGSwUojs1fZ5f1bVI6HNJH2Ul43+0XTGK2oEmH5B UDumw9VROymtI3ZlUCl4vGKtdQowFMUj3z4G6SHoFHThpO/+3jVzWzdcnGMZAsI5VuWr SvVNmUMV3A/98T9I2RK1bIXiZWaF+UY3NQ/nY+8ij/Ok98dVB1croJbOfnVuqEpOv9g+ tkH5fUEF9SEoMQXtfkrvN2q9D2p/FWgRMyChmhL904yIihhrM7hNXZeTYtIniNpsqSaw Lj2l7EuKYirDAYs4oO1hEXawqZqF/eBbXgSEtIVdDi0eNxoQy3Go5PhOiGg9spIJjq+J di2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="LGpHkk/u"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mx11-20020a1709065a0b00b008776a3205ffsi3686434ejc.38.2023.02.10.00.07.15; Fri, 10 Feb 2023 00:07:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b="LGpHkk/u"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231683AbjBJIGC (ORCPT + 99 others); Fri, 10 Feb 2023 03:06:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231622AbjBJIFO (ORCPT ); Fri, 10 Feb 2023 03:05:14 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDA7481854; Fri, 10 Feb 2023 00:04:37 -0800 (PST) Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31A7wePn014028; Fri, 10 Feb 2023 08:04:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=rrTNg83lJ7wakaXXcijVCkkIStFN8UYyTvaL1kZX0qY=; b=LGpHkk/utfES1QgbsXjjnYp/1mus9L6gXLNOHl9rBaX1CqocrDQ88csmf6MTYO2UGkX9 ugFzvc78u0V6QbZEfly7BkTq5/QMwl3Js3FJir8x0LsLHuajTRE3Ma+7QEDiohy6Xrbu Vyec0PhkmCV7Sef+vIBysvSIG0VtyhgaAHWem705PYCTbYM3OQVfOL8HQZTblLW4+Ibr aRKSorh0L78FihdxBJzejmUADl7vmNExBH0/HP8MBjSQ6htIvpgQixCdkOcJEs1x3NhU LPGfcI/7nCeku1ZJ6tmA1khjK/uHSc+IBbsxy2z00QxvP9/+Glgke1Bk7LXduwp98JFO gg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5g3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:29 +0000 Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31A80uZq020556; Fri, 10 Feb 2023 08:04:28 GMT Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com [149.81.74.107]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nnj0sr5es-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:28 +0000 Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1]) by ppma03fra.de.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 319Bdsn3000395; Fri, 10 Feb 2023 08:04:26 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma03fra.de.ibm.com (PPS) with ESMTPS id 3nhf06n3uu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 10 Feb 2023 08:04:26 +0000 Received: from smtpav02.fra02v.mail.ibm.com (smtpav02.fra02v.mail.ibm.com [10.20.54.101]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31A84NtX29688152 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Feb 2023 08:04:23 GMT Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 34E722004B; Fri, 10 Feb 2023 08:04:23 +0000 (GMT) Received: from smtpav02.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2C9E32004F; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from ozlabs.au.ibm.com (unknown [9.192.253.14]) by smtpav02.fra02v.mail.ibm.com (Postfix) with ESMTP; Fri, 10 Feb 2023 08:04:22 +0000 (GMT) Received: from jarvis-ozlabs-ibm-com.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 22453609C6; Fri, 10 Feb 2023 19:04:16 +1100 (AEDT) From: Andrew Donnellan To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v6 26/26] integrity/powerpc: Support loading keys from PLPKS Date: Fri, 10 Feb 2023 19:04:01 +1100 Message-Id: <20230210080401.345462-27-ajd@linux.ibm.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230210080401.345462-1-ajd@linux.ibm.com> References: <20230210080401.345462-1-ajd@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: mhrrDLiXlOoUagyQDR59ONps7h0XfGmn X-Proofpoint-GUID: x-myQ4hbvBCWzWHMna7FIh51ivzA-EI2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-10_03,2023-02-09_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 priorityscore=1501 phishscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 spamscore=0 mlxscore=0 suspectscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302100070 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757430634080969538?= X-GMAIL-MSGID: =?utf-8?q?1757430634080969538?= From: Russell Currey Add support for loading keys from the PLPKS on pseries machines, with the "ibm,plpks-sb-v1" format. The object format is expected to be the same, so there shouldn't be any functional differences between objects retrieved on powernv or pseries. Unlike on powernv, on pseries the format string isn't contained in the device tree. Use secvar_ops->format() to fetch the format string in a generic manner, rather than searching the device tree ourselves. (The current code searches the device tree for a node compatible with "ibm,edk2-compat-v1". This patch switches to calling secvar_ops->format(), which in the case of OPAL/powernv means opal_secvar_format(), which searches the device tree for a node compatible with "ibm,secvar-backend" and checks its "format" property. These are equivalent, as skiboot creates a node with both "ibm,edk2-compat-v1" and "ibm,secvar-backend" as compatible strings.) Signed-off-by: Russell Currey Signed-off-by: Andrew Donnellan Reviewed-by: Stefan Berger --- v3: New patch v4: Pass format buffer size (stefanb, npiggin) v5: Use sizeof(buf) rather than stating the size twice (npiggin) Clarify change to DT compatible strings in commit message (zohar) Reword commit message a bit (ajd) --- .../integrity/platform_certs/load_powerpc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/security/integrity/platform_certs/load_powerpc.c b/security/integrity/platform_certs/load_powerpc.c index dee51606d5f4..b9de70b90826 100644 --- a/security/integrity/platform_certs/load_powerpc.c +++ b/security/integrity/platform_certs/load_powerpc.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include "keyring_handler.h" @@ -59,16 +58,22 @@ static int __init load_powerpc_certs(void) void *db = NULL, *dbx = NULL; u64 dbsize = 0, dbxsize = 0; int rc = 0; - struct device_node *node; + ssize_t len; + char buf[32]; if (!secvar_ops) return -ENODEV; - /* The following only applies for the edk2-compat backend. */ - node = of_find_compatible_node(NULL, NULL, "ibm,edk2-compat-v1"); - if (!node) + len = secvar_ops->format(buf, sizeof(buf)); + if (len <= 0) return -ENODEV; + // Check for known secure boot implementations from OPAL or PLPKS + if (strcmp("ibm,edk2-compat-v1", buf) && strcmp("ibm,plpks-sb-v1", buf)) { + pr_err("Unsupported secvar implementation \"%s\", not loading certs\n", buf); + return -ENODEV; + } + /* * Get db, and dbx. They might not exist, so it isn't an error if we * can't get them. @@ -103,8 +108,6 @@ static int __init load_powerpc_certs(void) kfree(dbx); } - of_node_put(node); - return rc; } late_initcall(load_powerpc_certs);