Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../integrity/platform_certs/load_powerpc.c | 26 ++-
1 file changed, 20 insertions(+), 6 deletions(-)
diff --git a/security/integrity/platform_certs/load_powerpc.c
b/security/integrity/platform_certs/load_powerpc.c
index
to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Refresh config values in plpks_get_usedspace() (ajd)
Validate the config
Ellerman
Reviewed-by: Russell Currey
Reviewed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Include new patch
---
arch/powerpc/include/asm/secvar.h| 9 +++--
arch/powerpc/kernel/secvar-sysfs.c | 8
arch/powerpc/platforms/powernv/opal
implementation at present, and
the config directory will not be created if no attributes are set.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Remove unnecessary "secvar:" prefix from error messages (ajd)
Merge config
From: Russell Currey
Move plpks.h from platforms/pseries/ to include/asm/. This is necessary
for later patches to make use of the PLPKS from code in other subsystems.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../powerpc/{platforms/pseries
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New
Kuppusamy
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs.c
b/arch/powerpc/kernel/secvar-sysfs.c
index 9b6be63b7b36..ca3df3f7156c 100644
--- a/arch
From: Russell Currey
The secvar format string and object size sysfs files are both ASCII
text, and should use sysfs_emit(). No functional change.
Suggested-by: Greg Kroah-Hartman
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v2: New patch (gregkh)
---
arch/powerpc
to the user.
Handle the timeout case separately and return ETIMEDOUT if triggered.
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Reported-by: Benjamin Gray
Signed-off-by: Andrew Donnellan
Tested-by: Russell Currey
Reviewed-by: Russell Currey
that size).
Reported-by: Benjamin Gray
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Signed-off-by: Andrew Donnellan
Reviewed-by: Russell Currey
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
v4
dd them later and update the docs.
Use sysfs_emit() instead of sprintf() for all sysfs strings
Change the size of the sysfs binary attributes to include the 8-byte
flags header, preventing truncation of large writes.
Andrew Donnellan (8):
powerpc/pseries: Fix handling of PLPKS object f
pace via sysfs"), but the return code of
secvar_sysfs_load() was never checked so this issue never mattered.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v5: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-
On Tue, 2023-01-31 at 13:54 +1100, Andrew Donnellan wrote:
> > > +{
> > > + // The max object size reported by the hypervisor is
> > > accurate for the
> > > + // object itself, but we use the first 8 bytes of data on
> > > write as the
>
strong objection, it could go either way.
>
> > + goto err;
> > + }
> > +
> > + // This string is made up by us - the hypervisor doesn't
> > provide us
> > + // with a format string in the way that OPAL firmwa
clarify in the commit message of the next revision.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
r secure boot).
I think the comment confuses more than it clarifies, I'll remove it.
As you say, read_var() should work fine with component == NULL, though
write_var() checks it. The only rule I can find in the spec is that
signed update calls *must* set the component to NULL. I'm seeking
clarification on that.
> > +EXPORT_SYMBOL(plpks_signed_update_var);
>
> Sorry I missed it before -- can this be a _GPL export?
Indeed it should be - actually, I should check if I can get rid of the
export completely...
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
/flexible_array.cocci.
Cc: Nathan Lynch
Cc: Leonardo Bras
Cc: linux-harden...@vger.kernel.org
Link: https://github.com/KSPP/linux/issues/21
Link: https://github.com/KSPP/linux/issues/79
Signed-off-by: Andrew Donnellan
---
arch/powerpc/include/asm/rtas-types.h | 4 ++--
1 file changed, 2 insertions(+), 2
a power of
two, the alignment is also guaranteed to be at least the respective
size.
Is this wrong?
Andrew
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
-by: Benjamin Gray
This seems like a sensible idea.
Nitpick below, otherwise it looks like you have changed over all 21
call sites and the new helpers look better.
Reviewed-by: Andrew Donnellan
> -int read_debugfs_file(char *debugfs_file, int *result)
> +int read_debugfs_int(const char *d
int read_sysfs_file(char *fpath, char *result, size_t result_size)
> {
> char path[PATH_MAX] = "/sys/";
> - int rc = -1, fd;
>
> strncat(path, fpath, PATH_MAX - strlen(path) - 1);
>
> - if ((fd = open(path, O_RDONLY)) < 0)
> - return rc;
> -
> - rc = read(fd, result, result_size);
> -
> - close(fd);
> -
> - if (rc < 0)
> - return rc;
> -
> - return 0;
> + return read_file(path, result, result_size, NULL);
> }
>
> int read_debugfs_file(char *debugfs_file, int *result)
> {
> - int rc = -1, fd;
> + int err;
> char path[PATH_MAX];
> - char value[16];
> + char value[16] = {0};
>
> strcpy(path, "/sys/kernel/debug/");
> strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
>
> - if ((fd = open(path, O_RDONLY)) < 0)
> - return rc;
> -
> - if ((rc = read(fd, value, sizeof(value))) < 0)
> - return rc;
> + if ((err = read_file(path, value, sizeof(value) - 1, NULL)))
> + return err;
>
> - value[15] = 0;
> *result = atoi(value);
> - close(fd);
>
> return 0;
> }
>
> int write_debugfs_file(char *debugfs_file, int result)
> {
> - int rc = -1, fd;
> char path[PATH_MAX];
> char value[16];
>
> strcpy(path, "/sys/kernel/debug/");
> strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
>
> - if ((fd = open(path, O_WRONLY)) < 0)
> - return rc;
> -
> snprintf(value, 16, "%d", result);
>
> - if ((rc = write(fd, value, strlen(value))) < 0)
> - return rc;
> -
> - close(fd);
> -
> - return 0;
> + return write_file(path, value, strlen(value));
> }
>
> static long perf_event_open(struct perf_event_attr *hw_event, pid_t
> pid,
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
ecvar_format() doesn't return "ibm,secvar-backend", it searches
for the device tree node named "ibm,secvar-backend", then reads and
returns the contents of the property "format" under that node.
The expected content of the format property is "ibm,edk2-compat-v1".
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
return of_remove_property(of_chosen, prop);
>
> Why do you remove the property afterward?
Because otherwise the password will be sitting around in /proc/device-
tree for the world to go and read.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
Signed-off-by: Andrew Donnellan
---
v3: Change uint64_t type to u64 (mpe)
v4: Return immediately if node is NULL (gjoyce)
---
arch/powerpc/include/asm/secvar.h| 1 +
arch/powerpc/kernel/secvar-sysfs.c | 17 +++
arch/powerpc/platforms/powernv/opal-secvar.c | 22
Kuppusamy
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs.c
b/arch/powerpc/kernel/secvar-sysfs.c
index 6dd9b4f6f87c..33d1797851ba 100644
--- a/arch
o NULL and var->datalen will be populated. Update header file
to document this.
Suggested-by: Michael Ellerman
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (mpe)
---
arch/powerpc/include/asm/plpks.h | 12
arch/powerpc/platforms/pseries/plp
From: Russell Currey
A few improvements to load_powerpc.c:
- include integrity.h for the pr_fmt()
- move all error reporting out of get_cert_list()
- use ERR_PTR() to better preserve error detail
- don't use pr_err() for missing keys
Signed-off-by: Russell Currey
Signed-off-by: Andrew
.
However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.
Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch
---
arch/powerpc
-off-by: Andrew Donnellan
---
v3: New patch
v4: Fix compile when CONFIG_PSERIES_PLPKS=n (snowpatch)
Fix error handling on fdt_path_offset() call (ruscur)
---
arch/powerpc/kexec/file_load_64.c | 18 ++
arch/powerpc/platforms/pseries/plpks.c | 18 +-
2
of write buffer at a time, and the
hypervisor does not expose an interface for partial writes.)
Co-developed-by: Nayna Jain
Signed-off-by: Nayna Jain
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v2: Remove unnecessary config vars from sysfs
and misc cleanups]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Fix error code handling in plpks_confirm_object_flushed() (ruscur)
Pass plpks_var struct
to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Refresh config values in plpks_get_usedspace() (ajd)
Validate the config
-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index 796ed5544ee5..96a026a37285 100644
--- a/arch/powerpc/platforms
ect format is expected to be the same, so there shouldn't be any
functional differences between objects retrieved from powernv and
pseries.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
v4: Pass format buffer size (stefanb, npiggin)
---
.../integrity/plat
From: Russell Currey
Move plpks.h from platforms/pseries/ to include/asm/. This is necessary
for later patches to make use of the PLPKS from code in other subsystems.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../powerpc/{platforms/pseries
From: Russell Currey
Add helper functions to get the PLPKS password. This will be used in a
later patch to support passing the password between kernels over kexec.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/include/asm/plpks.h
From: Russell Currey
The secvar format string and object size sysfs files are both ASCII
text, and should use sysfs_emit(). No functional change.
Suggested-by: Greg Kroah-Hartman
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v2: New patch (gregkh)
---
arch/powerpc
From: Russell Currey
Move the constants defined in plpks.c to plpks.h, and standardise their
naming, so that PLPKS consumers can make use of them later on.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc
Due to sysfs constraints, when writing to a variable, we can only handle
writes of up to PAGE_SIZE.
It's possible that the maximum object size is larger than PAGE_SIZE, in
which case, print a warning on boot so that the user is aware.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New
From: Russell Currey
The code that handles the format string in secvar-sysfs.c is entirely
OPAL specific, so create a new "format" op in secvar_operations to make
the secvar code more generic. No functional change.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
--
ead, let the backend put
a NULL-terminated array of variable names into secvar_ops->var_names,
which will be used if get_next() is undefined.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (ajd/mpe)
---
arch/powerpc/include/asm/secvar.h | 4 ++
arch/powerpc/
implementation at present, and
the config directory will not be created if no attributes are set.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Remove unnecessary "secvar:" prefix from error messages (ajd)
Merge config
to the user.
Handle the timeout case separately and return ETIMEDOUT if triggered.
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Reported-by: Benjamin Gray
Signed-off-by: Andrew Donnellan
Tested-by: Russell Currey
Reviewed-by: Russell Currey
it() instead of sprintf() for all sysfs strings
Change the size of the sysfs binary attributes to include the 8-byte
flags header, preventing truncation of large writes.
Andrew Donnellan (8):
powerpc/pseries: Fix handling of PLPKS object flushing timeout
powerpc/pseries: Fix alignmen
Ellerman
Reviewed-by: Russell Currey
Reviewed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Include new patch
---
arch/powerpc/include/asm/secvar.h| 9 +++--
arch/powerpc/kernel/secvar-sysfs.c | 8
arch/powerpc/platforms/powernv/opal
not cross page boundaries
Round up the allocations of these structures/buffers to the next power of
2 to make sure this happens.
Reported-by: Benjamin Gray
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Signed-off-by: Andrew Donnellan
Reviewed-by: Russ
From: Russell Currey
The secvar code only supports one consumer at a time.
Multiple consumers aren't possible at this point in time, but we'd want
it to be obvious if it ever could happen.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
riable names
> > + // Only used if get_next() isn't provided
> > + const char * const *var_names;
>
> The other way you could go is provide a sysfs_init() ops call here,
> and export the add_var as a library function that backends can use.
True, I think I'll keep it as
On Wed, 2023-01-18 at 17:10 +1100, Andrew Donnellan wrote:
>
> struct umem_info {
> u64 *buf; /* data buffer for usable-memory
> property */
> @@ -1155,7 +1156,7 @@ int setup_new_fdt_ppc64(const struct kimage
> *image, void *fdt,
>
-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/kexec/file_load_64.c | 17 -
arch/powerpc/platforms/pseries/plpks.c | 18 +-
2 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kexec/file_load_64.c
b/arch/powerpc/kexec
implementation at present, and
the config directory will not be created if no attributes are set.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Remove unnecessary "secvar:" prefix from error messages (ajd)
Merge config
From: Russell Currey
A few improvements to load_powerpc.c:
- include integrity.h for the pr_fmt()
- move all error reporting out of get_cert_list()
- use ERR_PTR() to better preserve error detail
- don't use pr_err() for missing keys
Signed-off-by: Russell Currey
Signed-off-by: Andrew
and misc cleanups]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Fix error code handling in plpks_confirm_object_flushed() (ruscur)
Pass plpks_var struct
to the underlying implementation of sysfs binary
attributes, as is the case for the OPAL secvar implementation -
partial writes are unsupported and writes cannot be larger than PAGE_SIZE.
Co-developed-by: Nayna Jain
Signed-off-by: Nayna Jain
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew
From: Russell Currey
Add helper functions to get the PLPKS password. This will be used in a
later patch to support passing the password between kernels over kexec.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/include/asm/plpks.h
ect format is expected to be the same, so there shouldn't be any
functional differences between objects retrieved from powernv and
pseries.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../integrity/platform_certs/load_powerpc.c | 17 ++-
to support additional v3 API fields, minor fixes]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: Merge plpks fixes and signed update series with secvar series
Refresh config values in plpks_get_usedspace() (ajd)
Validate the config
o NULL and var->datalen will be populated. Update header file
to document this.
Suggested-by: Michael Ellerman
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (mpe)
---
arch/powerpc/include/asm/plpks.h | 12
arch/powerpc/platforms/pseries/plp
not cross page boundaries
Round up the allocations of these structures/buffers to the next power of
2 to make sure this happens.
Reported-by: Benjamin Gray
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Signed-off-by: Andrew Donnellan
Reviewed-by: Russ
.
However, we can't get of the separate option completely, because it will
also be used for SED Opal purposes.
Change PSERIES_PLPKS into a hidden option, which is selected by
PPC_SECURE_BOOT.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch
---
arch/powerpc
-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch/powerpc/platforms/pseries/plpks.c
index 796ed5544ee5..96a026a37285 100644
--- a/arch/powerpc/platforms
From: Russell Currey
Move the constants defined in plpks.c to plpks.h, and standardise their
naming, so that PLPKS consumers can make use of them later on.
Signed-off-by: Russell Currey
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc
Signed-off-by: Andrew Donnellan
---
v3: Change uint64_t type to u64 (mpe)
---
arch/powerpc/include/asm/secvar.h| 1 +
arch/powerpc/kernel/secvar-sysfs.c | 17 +++--
arch/powerpc/platforms/powernv/opal-secvar.c | 19 +++
3 files changed, 23
Kuppusamy
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
arch/powerpc/kernel/secvar-sysfs.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/secvar-sysfs.c
b/arch/powerpc/kernel/secvar-sysfs.c
index 68fb0b857442..2499bfd04fad 100644
--- a/arch
Due to sysfs constraints, when writing to a variable, we can only handle
writes of up to PAGE_SIZE.
It's possible that the maximum object size is larger than PAGE_SIZE, in
which case, print a warning on boot so that the user is aware.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell
ead, let the backend put
a NULL-terminated array of variable names into secvar_ops->var_names,
which will be used if get_next() is undefined.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New patch (ajd/mpe)
---
arch/powerpc/include/asm/secvar.h | 4 ++
arch/powerpc/
From: Russell Currey
Move plpks.h from platforms/pseries/ to include/asm/. This is necessary
for later patches to make use of the PLPKS from code in other subsystems.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v3: New patch
---
.../powerpc/{platforms/pseries
to the user.
Handle the timeout case separately and return ETIMEDOUT if triggered.
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Reported-by: Benjamin Gray
Signed-off-by: Andrew Donnellan
Tested-by: Russell Currey
Reviewed-by: Russell Currey
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.
Signed-off-by: Andrew Donnellan
Signed-off-by: Russell Currey
---
v3: New
From: Russell Currey
The code that handles the format string in secvar-sysfs.c is entirely
OPAL specific, so create a new "format" op in secvar_operations to make
the secvar code more generic. No functional change.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
--
Use sysfs_emit() instead of sprintf() for all sysfs strings
Change the size of the sysfs binary attributes to include the 8-byte
flags header, preventing truncation of large writes.
Andrew Donnellan (8):
powerpc/secvar: Clean up init error messages
powerpc/secvar: Allow b
From: Russell Currey
The secvar code only supports one consumer at a time.
Multiple consumers aren't possible at this point in time, but we'd want
it to be obvious if it ever could happen.
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
arch/powerpc/kernel/secvar-ops.c | 4
Ellerman
Reviewed-by: Russell Currey
Reviewed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
v3: Include new patch
---
arch/powerpc/include/asm/secvar.h| 9 +++--
arch/powerpc/kernel/secvar-sysfs.c | 8
arch/powerpc/platforms/powernv/opal
From: Russell Currey
The secvar format string and object size sysfs files are both ASCII
text, and should use sysfs_emit(). No functional change.
Suggested-by: Greg Kroah-Hartman
Signed-off-by: Russell Currey
Signed-off-by: Andrew Donnellan
---
v2: New patch (gregkh)
---
arch/powerpc
Change all the secvar related routines to use u64.
>
> Signed-off-by: Michael Ellerman
We're going to include this patch in the next revision of our dynamic
key management series.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
Change all the secvar related routines to use u64.
>
> Signed-off-by: Michael Ellerman
Reviewed-by: Andrew Donnellan
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
think we need that config option at all, or if we do it
> should
> not be user selectable and just enabled automatically by
> PSERIES_PLPKS.
I actually think we should get rid of both PSERIES_PLPKS_SECVAR and
PSERIES_PLPKS, and just use PPC_SECURE_BOOT / PPC_SECVAR_SYSFS.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
writing into "buf"
> directly
> in case the hcall fails or something, but the other 3 copies seem
> unnecessary.
In the general case, I don't like passing buffer pointers straight from
parameters into hcalls, since the address has to be in the linear map,
and that's a detail I'd rather hide from callers. But otherwise, yes I
think we can probably shift to having the caller allocate the buffers.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
rnv support, in which
case plpks_secvar_init() will be called unconditionally even when
booting on a powernv machine.
I can confirm that as it is, booting this on powernv qemu causes a
panic.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
On Fri, 2023-01-06 at 21:54 +1100, Michael Ellerman wrote:
> > +int plpks_signed_update_var(struct plpks_var var, u64 flags)
> > +{
>
> I don't see a reason why var is passed by value here? A pointer would
> be
> more typical.
Will change.
--
Andrew Donnellan
e
> other multi-line comments similarly old-fashioned for consistency.
Sigh, I was trying to encourage you to move into the future...
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
s up with the integrity subsystem to load keys into
kernel keyrings.
>
> > diff --git a/arch/powerpc/platforms/pseries/plpks-secvar.c
> > b/arch/powerpc/platforms/pseries/plpks-secvar.c
> > new file mode 100644
> > index ..8298f039bef4
> > --- /dev/n
ill give you anyway).
In a previous internal version, we printed a message when PAGE_SIZE <
plpks_get_maxobjectsize(), might be worth still doing that?
>
> Co-developed-by: Nayna Jain
> Signed-off-by: Nayna Jain
> Co-developed-by: Andrew Donnellan
> Signed-off-by: Andrew Donnell
> they need to.
>
> This is not being used by the OPAL secvar implementation at present,
> and
> the config directory will not be created if no attributes are set.
>
> Signed-off-by: Russell Currey
Minor comments below, but regardless:
Reviewed-by: Andrew Donnellan
> ---
>
atform. Should
> be
> no functional change.
>
> Signed-off-by: Russell Currey
LGTM
Reviewed-by: Andrew Donnellan
> ---
> arch/powerpc/include/asm/secvar.h | 1 +
> arch/powerpc/kernel/secvar-sysfs.c | 17 +++--
> arch/powerpc/platforms/powernv/opal-s
tation also says this value must be at least 255, if we sanity
> check that we don't have to worry about underflow.
Agreed, and it makes more sense for the value that we return to the
user to be the same as the number we actually get from the hypervisor.
I'll fix it in the next spin.
--
Andrew D
> friendly
> error code? If I'm reading this right, we'd be replacing any non-
> zero
> return code with -EINVAL.
Good catch, will fix.
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
igned-off-by: Russell Currey
LGTM
Reviewed-by: Andrew Donnellan
> ---
> arch/powerpc/include/asm/secvar.h | 1 +
> arch/powerpc/kernel/secvar-sysfs.c | 21 +---
> arch/powerpc/platforms/powernv/opal-secvar.c | 25
>
> 3
On Fri, 2022-12-30 at 15:20 +1100, Russell Currey wrote:
> The secvar format string and object size sysfs files are both ASCII
> text, and should use sysfs_emit(). No functional change.
>
> Suggested-by: Greg Kroah-Hartman
> Signed-off-by: Russell Currey
LGTM
Reviewed-by: A
st struct secvar_operations *secvar_ops __ro_after_init = NULL;
I think this is implicitly NULL, but it's fine to make it explicit.
Reviewed-by: Andrew Donnellan
>
> void set_secvar_ops(const struct secvar_operations *ops)
> {
> + WARN_ON_ONCE(secvar_ops);
> secvar
On Mon, 2022-12-26 at 10:51 +0800, Dong Chuanjian wrote:
> remove unnecessary void* type casting.
>
> Signed-off-by: Dong Chuanjian
[+linuxppc-dev, which was misspelled in the original email]
Acked-by: Andrew Donnellan
>
> diff --git a/drivers/misc/ocxl/context.c
> b
e don't lose information from the conversion.
>
> Signed-off-by: Russell Currey
This is indeed useful to have.
Reviewed-by: Andrew Donnellan
Tested-by: Andrew Donnellan
> ---
> arch/powerpc/platforms/pseries/plpks.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git
not cross page boundaries
Round up the allocations of these structures/buffers to the next power of
2 to make sure this happens.
Reported-by: Benjamin Gray
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Signed-off-by: Andrew Donnellan
---
arch/powerpc
-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks.c | 118 ++---
arch/powerpc/platforms/pseries/plpks.h | 58
2 files changed, 164 insertions(+), 12 deletions(-)
diff --git a/arch/powerpc/platforms/pseries/plpks.c
b/arch
message, add timeout handling]
Co-developed-by: Andrew Donnellan
Signed-off-by: Andrew Donnellan
---
arch/powerpc/include/asm/hvcall.h | 3 +-
arch/powerpc/platforms/pseries/plpks.c | 81 +++---
arch/powerpc/platforms/pseries/plpks.h | 5 ++
3 files changed, 79 insertions
to the user.
Handle the timeout case separately and return ETIMEDOUT if triggered.
Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore")
Reported-by: Benjamin Gray
Signed-off-by: Andrew Donnellan
---
arch/powerpc/platforms/pseries/plpks.c | 11 +--
1 fi
...@linux.ibm.com/
Many thanks to Russell Currey and Ben Gray for their help on this series.
Andrew Donnellan (2):
powerpc/pseries: Fix handling of PLPKS object flushing timeout
powerpc/pseries: Fix alignment of PLPKS structures and buffers
Nayna Jain (2):
powerpc/pseries: Expose PLPKS config
ful
> before we develop the next patch.
Ping - it would be helpful for us to know your thoughts on this.
Andrew
--
Andrew DonnellanOzLabs, ADL Canberra
a...@linux.ibm.com IBM Australia Limited
ions on the buffer is risky. Explicitly add a
> null
> character to the end to make it safer.
>
> Signed-off-by: Benjamin Gray
Reviewed-by: Andrew Donnellan
> ---
> tools/testing/selftests/powerpc/ptrace/core-pkey.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 dele
2a ("powerpc/pseries: define driver for Platform
> KeyStore")
> Signed-off-by: Nayna Jain
The interface spec states that, for PKS-related hcalls, H_Aborted means
"error occurred processing request" rather than something that would
specifically map to EINTR, so I think E
101 - 200 of 1009 matches
Mail list logo
