From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755238AbcA1Pm6 (ORCPT ); Thu, 28 Jan 2016 10:42:58 -0500 Received: from vps0.lunn.ch ([178.209.37.122]:44783 "EHLO vps0.lunn.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755043AbcA1Pmy (ORCPT ); Thu, 28 Jan 2016 10:42:54 -0500 From: Andrew Lunn To: GregKH Cc: srinivas.kandagatla@linaro.org, maxime.ripard@free-electrons.com, wsa@the-dreams.de, broonie@kernel.org, vz@mleia.com, fd@ti.com, linux-kernel@vger.kernel.org, pantelis.antoniou@konsulko.com, bgolaszewski@baylibre.com, Andrew Lunn Subject: [PATCH 1/7] nvmem: Add flag to export NVMEM to root only Date: Thu, 28 Jan 2016 16:42:31 +0100 Message-Id: <1453995757-5051-2-git-send-email-andrew@lunn.ch> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1453995757-5051-1-git-send-email-andrew@lunn.ch> References: <1453995757-5051-1-git-send-email-andrew@lunn.ch> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Legacy AT24, AT25 EEPROMs are exported in sys so that only root can read the contents. The EEPROMs may contain sensitive information. Add a flag so the provide can indicate that NVMEM should also restrict access to root only. Signed-off-by: Andrew Lunn --- drivers/nvmem/core.c | 57 ++++++++++++++++++++++++++++++++++++++++-- include/linux/nvmem-provider.h | 1 + 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c index 6fd4e5a5ef4a..4ccf03da6467 100644 --- a/drivers/nvmem/core.c +++ b/drivers/nvmem/core.c @@ -155,6 +155,53 @@ static const struct attribute_group *nvmem_ro_dev_groups[] = { NULL, }; +/* default read/write permissions, root only */ +static struct bin_attribute bin_attr_rw_root_nvmem = { + .attr = { + .name = "nvmem", + .mode = S_IWUSR | S_IRUSR, + }, + .read = bin_attr_nvmem_read, + .write = bin_attr_nvmem_write, +}; + +static struct bin_attribute *nvmem_bin_rw_root_attributes[] = { + &bin_attr_rw_root_nvmem, + NULL, +}; + +static const struct attribute_group nvmem_bin_rw_root_group = { + .bin_attrs = nvmem_bin_rw_root_attributes, +}; + +static const struct attribute_group *nvmem_rw_root_dev_groups[] = { + &nvmem_bin_rw_root_group, + NULL, +}; + +/* read only permission, root only */ +static struct bin_attribute bin_attr_ro_root_nvmem = { + .attr = { + .name = "nvmem", + .mode = S_IRUSR, + }, + .read = bin_attr_nvmem_read, +}; + +static struct bin_attribute *nvmem_bin_ro_root_attributes[] = { + &bin_attr_ro_root_nvmem, + NULL, +}; + +static const struct attribute_group nvmem_bin_ro_root_group = { + .bin_attrs = nvmem_bin_ro_root_attributes, +}; + +static const struct attribute_group *nvmem_ro_root_dev_groups[] = { + &nvmem_bin_ro_root_group, + NULL, +}; + static void nvmem_release(struct device *dev) { struct nvmem_device *nvmem = to_nvmem_device(dev); @@ -347,8 +394,14 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config) nvmem->read_only = of_property_read_bool(np, "read-only") | config->read_only; - nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups : - nvmem_rw_dev_groups; + if (config->root_only) + nvmem->dev.groups = nvmem->read_only ? + nvmem_ro_root_dev_groups : + nvmem_rw_root_dev_groups; + else + nvmem->dev.groups = nvmem->read_only ? + nvmem_ro_dev_groups : + nvmem_rw_dev_groups; device_initialize(&nvmem->dev); diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h index 0b68caff1b3c..d24fefa0c11d 100644 --- a/include/linux/nvmem-provider.h +++ b/include/linux/nvmem-provider.h @@ -23,6 +23,7 @@ struct nvmem_config { const struct nvmem_cell_info *cells; int ncells; bool read_only; + bool root_only; }; #if IS_ENABLED(CONFIG_NVMEM) -- 2.7.0