<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/arch/powerpc/kernel/secvar-sysfs.c, branch v6.16</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>powerpc/secvar: Constify 'struct bin_attribute'</title>
<updated>2025-02-21T08:20:32+00:00</updated>
<author>
<name>Thomas Weißschuh</name>
<email>linux@weissschuh.net</email>
</author>
<published>2024-12-16T04:07:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=982d13db108c9a30b98d1eb3445011dbc5616532'/>
<id>982d13db108c9a30b98d1eb3445011dbc5616532</id>
<content type='text'>
The sysfs core now allows instances of 'struct bin_attribute' to be
moved into read-only memory. Make use of that to protect them against
accidental or malicious modifications.

Signed-off-by: Thomas Weißschuh &lt;linux@weissschuh.net&gt;
Link: https://lore.kernel.org/r/20241216-sysfs-const-bin_attr-powerpc-v1-2-bbed8906f476@weissschuh.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The sysfs core now allows instances of 'struct bin_attribute' to be
moved into read-only memory. Make use of that to protect them against
accidental or malicious modifications.

Signed-off-by: Thomas Weißschuh &lt;linux@weissschuh.net&gt;
Link: https://lore.kernel.org/r/20241216-sysfs-const-bin_attr-powerpc-v1-2-bbed8906f476@weissschuh.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Mark __init functions as such</title>
<updated>2025-02-21T08:20:31+00:00</updated>
<author>
<name>Thomas Weißschuh</name>
<email>linux@weissschuh.net</email>
</author>
<published>2024-12-16T04:07:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=10f10210f674a79b1214abae58077475f5de81b3'/>
<id>10f10210f674a79b1214abae58077475f5de81b3</id>
<content type='text'>
The setup functions are only called during the init phase of the kernel.
They can be discarded and their memory reused after that.

Signed-off-by: Thomas Weißschuh &lt;linux@weissschuh.net&gt;
Link: https://lore.kernel.org/r/20241216-sysfs-const-bin_attr-powerpc-v1-1-bbed8906f476@weissschuh.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The setup functions are only called during the init phase of the kernel.
They can be discarded and their memory reused after that.

Signed-off-by: Thomas Weißschuh &lt;linux@weissschuh.net&gt;
Link: https://lore.kernel.org/r/20241216-sysfs-const-bin_attr-powerpc-v1-1-bbed8906f476@weissschuh.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc: Constify struct kobj_type</title>
<updated>2024-09-05T12:25:36+00:00</updated>
<author>
<name>Huang Xiaojia</name>
<email>huangxiaojia2@huawei.com</email>
</author>
<published>2024-08-26T15:09:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7509c23770054fdaffd966926462248d44a323c1'/>
<id>7509c23770054fdaffd966926462248d44a323c1</id>
<content type='text'>
'struct kobj_type' is not modified. It is only used in
kobject_init_and_add()/kobject_init() which takes
a 'const struct kobj_type *ktype' parameter.

Constifying this structure moves some data to a read-only section,
so increase over all security.

On a x86_64, compiled with ppc64 defconfig:
Before:
======
   text	   data	    bss	    dec	    hex	filename
   7145	    606	      0	   7751	   1e47	arch/powerpc/kernel/cacheinfo.o
   3663	    384	     16	   4063	    fdf	arch/powerpc/kernel/secvar-sysfs.o

After:
======
   text    data     bss     dec     hex filename
   7193	    558	      0	   7751	   1e47	arch/powerpc/kernel/cacheinfo.o
   3663	    384	     16	   4063	    fdf	arch/powerpc/kernel/secvar-sysfs.o

Signed-off-by: Huang Xiaojia &lt;huangxiaojia2@huawei.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://msgid.link/20240826150957.3500237-1-huangxiaojia2@huawei.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
'struct kobj_type' is not modified. It is only used in
kobject_init_and_add()/kobject_init() which takes
a 'const struct kobj_type *ktype' parameter.

Constifying this structure moves some data to a read-only section,
so increase over all security.

On a x86_64, compiled with ppc64 defconfig:
Before:
======
   text	   data	    bss	    dec	    hex	filename
   7145	    606	      0	   7751	   1e47	arch/powerpc/kernel/cacheinfo.o
   3663	    384	     16	   4063	    fdf	arch/powerpc/kernel/secvar-sysfs.o

After:
======
   text    data     bss     dec     hex filename
   7193	    558	      0	   7751	   1e47	arch/powerpc/kernel/cacheinfo.o
   3663	    384	     16	   4063	    fdf	arch/powerpc/kernel/secvar-sysfs.o

Signed-off-by: Huang Xiaojia &lt;huangxiaojia2@huawei.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://msgid.link/20240826150957.3500237-1-huangxiaojia2@huawei.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Don't print error on ENOENT when reading variables</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Andrew Donnellan</name>
<email>ajd@linux.ibm.com</email>
</author>
<published>2023-02-10T08:03:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=c96db155ebc6be868d5dde1b5caf6879c181cda4'/>
<id>c96db155ebc6be868d5dde1b5caf6879c181cda4</id>
<content type='text'>
If attempting to read the size or data attributes of a  non-existent
variable (which will be possible after a later patch to expose the PLPKS
via the secvar interface), don't spam the kernel log with error messages.
Only print errors for return codes that aren't ENOENT.

Reported-by: Sudhakar Kuppusamy &lt;sudhakar@linux.ibm.com&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-14-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If attempting to read the size or data attributes of a  non-existent
variable (which will be possible after a later patch to expose the PLPKS
via the secvar interface), don't spam the kernel log with error messages.
Only print errors for return codes that aren't ENOENT.

Reported-by: Sudhakar Kuppusamy &lt;sudhakar@linux.ibm.com&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-14-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Andrew Donnellan</name>
<email>ajd@linux.ibm.com</email>
</author>
<published>2023-02-10T08:03:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6d64c497a31bd888110785def44529ebb96bce49'/>
<id>6d64c497a31bd888110785def44529ebb96bce49</id>
<content type='text'>
Due to sysfs constraints, when writing to a variable, we can only handle
writes of up to PAGE_SIZE.

It's possible that the maximum object size is larger than PAGE_SIZE, in
which case, print a warning on boot so that the user is aware.

Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-13-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Due to sysfs constraints, when writing to a variable, we can only handle
writes of up to PAGE_SIZE.

It's possible that the maximum object size is larger than PAGE_SIZE, in
which case, print a warning on boot so that the user is aware.

Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-13-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Allow backend to populate static list of variable names</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Andrew Donnellan</name>
<email>ajd@linux.ibm.com</email>
</author>
<published>2023-02-10T08:03:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=50a466bf3e6f6f177dc0aeefa46a2f8927075a1d'/>
<id>50a466bf3e6f6f177dc0aeefa46a2f8927075a1d</id>
<content type='text'>
Currently, the list of variables is populated by calling
secvar_ops-&gt;get_next() repeatedly, which is explicitly modelled on the
OPAL API (including the keylen parameter).

For the upcoming PLPKS backend, we have a static list of variable names.
It is messy to fit that into get_next(), so instead, let the backend put
a NULL-terminated array of variable names into secvar_ops-&gt;var_names,
which will be used if get_next() is undefined.

Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-12-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently, the list of variables is populated by calling
secvar_ops-&gt;get_next() repeatedly, which is explicitly modelled on the
OPAL API (including the keylen parameter).

For the upcoming PLPKS backend, we have a static list of variable names.
It is messy to fit that into get_next(), so instead, let the backend put
a NULL-terminated array of variable names into secvar_ops-&gt;var_names,
which will be used if get_next() is undefined.

Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-12-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Extend sysfs to include config vars</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Russell Currey</name>
<email>ruscur@russell.cc</email>
</author>
<published>2023-02-10T08:03:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=86b6c0ae2caee9cadee1256d31b204ea54cb55c0'/>
<id>86b6c0ae2caee9cadee1256d31b204ea54cb55c0</id>
<content type='text'>
The forthcoming pseries consumer of the secvar API wants to expose a
number of config variables.  Allowing secvar implementations to provide
their own sysfs attributes makes it easy for consumers to expose what
they need to.

This is not being used by the OPAL secvar implementation at present, and
the config directory will not be created if no attributes are set.

Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Co-developed-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-11-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The forthcoming pseries consumer of the secvar API wants to expose a
number of config variables.  Allowing secvar implementations to provide
their own sysfs attributes makes it easy for consumers to expose what
they need to.

This is not being used by the OPAL secvar implementation at present, and
the config directory will not be created if no attributes are set.

Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Co-developed-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-11-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Clean up init error messages</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Andrew Donnellan</name>
<email>ajd@linux.ibm.com</email>
</author>
<published>2023-02-10T08:03:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=caefd3b77450e330845755ea57add2315fd5e4d9'/>
<id>caefd3b77450e330845755ea57add2315fd5e4d9</id>
<content type='text'>
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.

Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-10-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove unnecessary prefixes from error messages in secvar_sysfs_init()
(the file defines pr_fmt, so putting "secvar:" in every message is
unnecessary). Make capitalisation and punctuation more consistent.

Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-10-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Handle max object size in the consumer</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Russell Currey</name>
<email>ruscur@russell.cc</email>
</author>
<published>2023-02-10T08:03:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e02407944052554c1685e11e56175147d1ac56b6'/>
<id>e02407944052554c1685e11e56175147d1ac56b6</id>
<content type='text'>
Currently the max object size is handled in the core secvar code with an
entirely OPAL-specific implementation, so create a new max_size() op and
move the existing implementation into the powernv platform.  Should be
no functional change.

Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-9-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently the max object size is handled in the core secvar code with an
entirely OPAL-specific implementation, so create a new max_size() op and
move the existing implementation into the powernv platform.  Should be
no functional change.

Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-9-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
<entry>
<title>powerpc/secvar: Handle format string in the consumer</title>
<updated>2023-02-12T11:12:37+00:00</updated>
<author>
<name>Russell Currey</name>
<email>ruscur@russell.cc</email>
</author>
<published>2023-02-10T08:03:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ec2f40bd004b4b9142469282d4a6ce9afa22f9c0'/>
<id>ec2f40bd004b4b9142469282d4a6ce9afa22f9c0</id>
<content type='text'>
The code that handles the format string in secvar-sysfs.c is entirely
OPAL specific, so create a new "format" op in secvar_operations to make
the secvar code more generic.  No functional change.

Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-8-ajd@linux.ibm.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The code that handles the format string in secvar-sysfs.c is entirely
OPAL specific, so create a new "format" op in secvar_operations to make
the secvar code more generic.  No functional change.

Signed-off-by: Russell Currey &lt;ruscur@russell.cc&gt;
Signed-off-by: Andrew Donnellan &lt;ajd@linux.ibm.com&gt;
Reviewed-by: Stefan Berger &lt;stefanb@linux.ibm.com&gt;
Signed-off-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;
Link: https://lore.kernel.org/r/20230210080401.345462-8-ajd@linux.ibm.com

</pre>
</div>
</content>
</entry>
</feed>
