From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:46772 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751348AbdIPB2v (ORCPT ); Fri, 15 Sep 2017 21:28:51 -0400 Subject: Patch "thunderbolt: Allow clearing the key" has been added to the 4.13-stable tree To: yehezkel.bernat@intel.com, gregkh@linuxfoundation.org, mika.westerberg@linux.intel.com Cc: , From: Date: Fri, 15 Sep 2017 18:28:47 -0700 Message-ID: <1505525327112232@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled thunderbolt: Allow clearing the key to the 4.13-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: thunderbolt-allow-clearing-the-key.patch and it can be found in the queue-4.13 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From e545f0d8a54a9594fe604d67d80ca6fddf72ca59 Mon Sep 17 00:00:00 2001 From: "Bernat, Yehezkel" Date: Tue, 15 Aug 2017 08:19:20 +0300 Subject: thunderbolt: Allow clearing the key From: Bernat, Yehezkel commit e545f0d8a54a9594fe604d67d80ca6fddf72ca59 upstream. If secure authentication of a devices fails, either because the device already has another key uploaded, or there is some other error sending challenge to the device, and the user only wants to approve the device just once (without a new key being uploaded to the device) the current implementation does not allow this because the key cannot be cleared once set even if we allow it to be changed. Make this scenario possible and allow clearing the key by writing empty string to the key sysfs file. Signed-off-by: Yehezkel Bernat Acked-by: Mika Westerberg Signed-off-by: Greg Kroah-Hartman --- Documentation/ABI/testing/sysfs-bus-thunderbolt | 2 ++ drivers/thunderbolt/switch.c | 15 +++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) --- a/Documentation/ABI/testing/sysfs-bus-thunderbolt +++ b/Documentation/ABI/testing/sysfs-bus-thunderbolt @@ -45,6 +45,8 @@ Contact: thunderbolt-software@lists.01.o Description: When a devices supports Thunderbolt secure connect it will have this attribute. Writing 32 byte hex string changes authorization to use the secure connection method instead. + Writing an empty string clears the key and regular connection + method can be used again. What: /sys/bus/thunderbolt/devices/.../device Date: Sep 2017 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -807,8 +807,11 @@ static ssize_t key_store(struct device * struct tb_switch *sw = tb_to_switch(dev); u8 key[TB_SWITCH_KEY_SIZE]; ssize_t ret = count; + bool clear = false; - if (hex2bin(key, buf, sizeof(key))) + if (!strcmp(buf, "\n")) + clear = true; + else if (hex2bin(key, buf, sizeof(key))) return -EINVAL; if (mutex_lock_interruptible(&switch_lock)) @@ -818,9 +821,13 @@ static ssize_t key_store(struct device * ret = -EBUSY; } else { kfree(sw->key); - sw->key = kmemdup(key, sizeof(key), GFP_KERNEL); - if (!sw->key) - ret = -ENOMEM; + if (clear) { + sw->key = NULL; + } else { + sw->key = kmemdup(key, sizeof(key), GFP_KERNEL); + if (!sw->key) + ret = -ENOMEM; + } } mutex_unlock(&switch_lock); Patches currently in stable-queue which might be from yehezkel.bernat@intel.com are queue-4.13/thunderbolt-make-key-root-only-accessible.patch queue-4.13/thunderbolt-remove-superfluous-check.patch queue-4.13/thunderbolt-allow-clearing-the-key.patch