On Thu, Jun 29, 2017 at 9:19 PM, Mika Westerberg
<mika.westerb...@linux.intel.com> wrote:
> Firmware upgrade tools that decide which NVM image should be uploaded to
> the Thunderbolt controller need to access active parts of the NVM even
> if they are not run as root. The information in active NVM is not
> considered security critical so we can use the default permissions set
> by the NVMem framework.
>
> Writing the NVM image is still left as root only operation.
>
> While there mark the active NVM as read-only in the filesystem.
>
> Reported-by: Yehezkel Bernat <yehezkel.ber...@intel.com>
> Signed-off-by: Mika Westerberg <mika.westerb...@linux.intel.com>
Sorry for the late reply (I'm on vacation :P).
Signed-off-by: Andreas Noever <andreas.noe...@gmail.com>
> ---
> Hi,
>
> This applies on top of my Thunderbolt patches in Greg's char-misc-next
> branch.
>
> Thanks.
>
> drivers/thunderbolt/switch.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
> index ab3e8f410444..40219a706309 100644
> --- a/drivers/thunderbolt/switch.c
> +++ b/drivers/thunderbolt/switch.c
> @@ -281,9 +281,11 @@ static struct nvmem_device *register_nvmem(struct
> tb_switch *sw, int id,
> if (active) {
> config.name = "nvm_active";
> config.reg_read = tb_switch_nvm_read;
> + config.read_only = true;
> } else {
> config.name = "nvm_non_active";
> config.reg_write = tb_switch_nvm_write;
> + config.root_only = true;
> }
>
> config.id = id;
> @@ -292,7 +294,6 @@ static struct nvmem_device *register_nvmem(struct
> tb_switch *sw, int id,
> config.size = size;
> config.dev = &sw->dev;
> config.owner = THIS_MODULE;
> - config.root_only = true;
> config.priv = sw;
>
> return nvmem_register(&config);
> --
> 2.11.0
>
