From: Greg Joyce <gjoyce@linux.vnet.ibm.com>
To: Andrew Donnellan <ajd@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org
Cc: sudhakar@linux.ibm.com, bgray@linux.ibm.com,
erichte@linux.ibm.com, gregkh@linuxfoundation.org,
nayna@linux.ibm.com, linux-kernel@vger.kernel.org,
zohar@linux.ibm.com, gjoyce@linux.ibm.com, ruscur@russell.cc,
gcwilson@linux.ibm.com
Subject: Re: [PATCH v3 05/24] powerpc/secvar: Handle max object size in the consumer
Date: Thu, 19 Jan 2023 15:18:33 -0600 [thread overview]
Message-ID: <a991c60c5c10a37cc0385663705e8b39d8e23c09.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20230118061049.1006141-6-ajd@linux.ibm.com>
On Wed, 2023-01-18 at 17:10 +1100, Andrew Donnellan wrote:
> From: Russell Currey <ruscur@russell.cc>
>
> Currently the max object size is handled in the core secvar code with
> an
> entirely OPAL-specific implementation, so create a new max_size() op
> and
> move the existing implementation into the powernv platform. Should
> be
> no functional change.
>
> Signed-off-by: Russell Currey <ruscur@russell.cc>
> Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
>
> ---
>
> v3: Change uint64_t type to u64 (mpe)
> ---
> arch/powerpc/include/asm/secvar.h | 1 +
> arch/powerpc/kernel/secvar-sysfs.c | 17 +++--------------
> arch/powerpc/platforms/powernv/opal-secvar.c | 19
> +++++++++++++++++++
> 3 files changed, 23 insertions(+), 14 deletions(-)
>
> diff --git a/arch/powerpc/include/asm/secvar.h
> b/arch/powerpc/include/asm/secvar.h
> index 8b6475589120..b2cb9bb7c540 100644
> --- a/arch/powerpc/include/asm/secvar.h
> +++ b/arch/powerpc/include/asm/secvar.h
> @@ -20,6 +20,7 @@ struct secvar_operations {
> int (*get_next)(const char *key, u64 *key_len, u64 keybufsize);
> int (*set)(const char *key, u64 key_len, u8 *data, u64
> data_size);
> ssize_t (*format)(char *buf);
> + int (*max_size)(u64 *max_size);
> };
>
> #ifdef CONFIG_PPC_SECURE_BOOT
> diff --git a/arch/powerpc/kernel/secvar-sysfs.c
> b/arch/powerpc/kernel/secvar-sysfs.c
> index d3858eedd72c..031ef37bca99 100644
> --- a/arch/powerpc/kernel/secvar-sysfs.c
> +++ b/arch/powerpc/kernel/secvar-sysfs.c
> @@ -128,27 +128,16 @@ static struct kobj_type secvar_ktype = {
> static int update_kobj_size(void)
> {
>
> - struct device_node *node;
> u64 varsize;
> - int rc = 0;
> + int rc = secvar_ops->max_size(&varsize);
>
> - node = of_find_compatible_node(NULL, NULL, "ibm,secvar-
> backend");
> - if (!of_device_is_available(node)) {
> - rc = -ENODEV;
> - goto out;
> - }
> -
> - rc = of_property_read_u64(node, "max-var-size", &varsize);
> if (rc)
> - goto out;
> + return rc;
>
> data_attr.size = varsize;
> update_attr.size = varsize;
>
> -out:
> - of_node_put(node);
> -
> - return rc;
> + return 0;
> }
>
> static int secvar_sysfs_load(void)
> diff --git a/arch/powerpc/platforms/powernv/opal-secvar.c
> b/arch/powerpc/platforms/powernv/opal-secvar.c
> index 623c6839e66c..c9b9fd3730df 100644
> --- a/arch/powerpc/platforms/powernv/opal-secvar.c
> +++ b/arch/powerpc/platforms/powernv/opal-secvar.c
> @@ -122,11 +122,30 @@ static ssize_t opal_secvar_format(char *buf)
> return rc;
> }
>
> +static int opal_secvar_max_size(u64 *max_size)
> +{
> + int rc;
> + struct device_node *node;
> +
> + node = of_find_compatible_node(NULL, NULL, "ibm,secvar-
> backend");
I assume that node could be NULL and this code relies on
of_device_is_available() and of_node_put() checking for a NULL node
pointer? Would it be safer just to return -ENODEV if node is NULL?
> + if (!of_device_is_available(node)) {
> + rc = -ENODEV;
> + goto out;
> + }
> +
> + rc = of_property_read_u64(node, "max-var-size", max_size);
> +
> +out:
> + of_node_put(node);
> + return rc;
> +}
> +
> static const struct secvar_operations opal_secvar_ops = {
> .get = opal_get_variable,
> .get_next = opal_get_next_variable,
> .set = opal_set_variable,
> .format = opal_secvar_format,
> + .max_size = opal_secvar_max_size,
> };
>
> static int opal_secvar_probe(struct platform_device *pdev)
next prev parent reply other threads:[~2023-01-19 21:19 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-18 6:10 [PATCH v3 00/24] pSeries dynamic secure boot secvar interface + platform keyring loading Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 01/24] powerpc/secvar: Use u64 in secvar_operations Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 02/24] powerpc/secvar: WARN_ON_ONCE() if multiple secvar ops are set Andrew Donnellan
2023-01-19 0:59 ` Nicholas Piggin
2023-01-18 6:10 ` [PATCH v3 03/24] powerpc/secvar: Use sysfs_emit() instead of sprintf() Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 04/24] powerpc/secvar: Handle format string in the consumer Andrew Donnellan
2023-01-19 1:02 ` Nicholas Piggin
2023-01-19 1:17 ` Nicholas Piggin
2023-01-20 0:51 ` Russell Currey
2023-01-18 6:10 ` [PATCH v3 05/24] powerpc/secvar: Handle max object size " Andrew Donnellan
2023-01-19 21:18 ` Greg Joyce [this message]
2023-01-18 6:10 ` [PATCH v3 06/24] powerpc/secvar: Clean up init error messages Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 07/24] powerpc/secvar: Extend sysfs to include config vars Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 08/24] powerpc/secvar: Allow backend to populate static list of variable names Andrew Donnellan
2023-01-19 1:10 ` Nicholas Piggin
2023-01-20 6:20 ` Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 09/24] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 10/24] powerpc/secvar: Don't print error on ENOENT when reading variables Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 11/24] powerpc/pseries: Move plpks.h to include directory Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 12/24] powerpc/pseries: Move PLPKS constants to header file Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 13/24] powerpc/pseries: Fix handling of PLPKS object flushing timeout Andrew Donnellan
2023-01-19 1:15 ` Nicholas Piggin
2023-01-18 6:10 ` [PATCH v3 14/24] powerpc/pseries: Fix alignment of PLPKS structures and buffers Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 15/24] powerpc/pseries: Expose PLPKS config values, support additional fields Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 16/24] powerpc/pseries: Implement signed update for PLPKS objects Andrew Donnellan
2023-01-19 1:12 ` Nicholas Piggin
2023-01-18 6:10 ` [PATCH v3 17/24] powerpc/pseries: Log hcall return codes for PLPKS debug Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 18/24] powerpc/pseries: Make caller pass buffer to plpks_read_var() Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 19/24] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 20/24] powerpc/pseries: Add helpers to get PLPKS password Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 21/24] powerpc/pseries: Pass PLPKS password on kexec Andrew Donnellan
2023-01-18 11:52 ` Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 22/24] powerpc/pseries: Implement secvars for dynamic secure boot Andrew Donnellan
2023-01-18 13:06 ` Stefan Berger
2023-01-18 6:10 ` [PATCH v3 23/24] integrity/powerpc: Improve error handling & reporting when loading certs Andrew Donnellan
2023-01-18 6:10 ` [PATCH v3 24/24] integrity/powerpc: Support loading keys from pseries secvar Andrew Donnellan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a991c60c5c10a37cc0385663705e8b39d8e23c09.camel@linux.vnet.ibm.com \
--to=gjoyce@linux.vnet.ibm.com \
--cc=ajd@linux.ibm.com \
--cc=bgray@linux.ibm.com \
--cc=erichte@linux.ibm.com \
--cc=gcwilson@linux.ibm.com \
--cc=gjoyce@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=nayna@linux.ibm.com \
--cc=ruscur@russell.cc \
--cc=sudhakar@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).