You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 lines
2.8 KiB
102 lines
2.8 KiB
8 years ago
|
From 811b0d6538b9f26f3eb0f90fe4e6118f2480ec6f Mon Sep 17 00:00:00 2001
|
||
|
From: Andrew Lunn <andrew@lunn.ch>
|
||
|
Date: Fri, 26 Feb 2016 20:59:18 +0100
|
||
|
Subject: nvmem: Add flag to export NVMEM to root only
|
||
|
|
||
|
Legacy AT24, AT25 EEPROMs are exported in sys so that only root can
|
||
|
read the contents. The EEPROMs may contain sensitive information. Add
|
||
|
a flag so the provide can indicate that NVMEM should also restrict
|
||
|
access to root only.
|
||
|
|
||
|
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
|
||
|
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
|
||
|
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
---
|
||
|
drivers/nvmem/core.c | 57 ++++++++++++++++++++++++++++++++++++++++--
|
||
|
include/linux/nvmem-provider.h | 1 +
|
||
|
2 files changed, 56 insertions(+), 2 deletions(-)
|
||
|
|
||
|
--- a/drivers/nvmem/core.c
|
||
|
+++ b/drivers/nvmem/core.c
|
||
|
@@ -161,6 +161,53 @@ static const struct attribute_group *nvm
|
||
|
NULL,
|
||
|
};
|
||
|
|
||
|
+/* default read/write permissions, root only */
|
||
|
+static struct bin_attribute bin_attr_rw_root_nvmem = {
|
||
|
+ .attr = {
|
||
|
+ .name = "nvmem",
|
||
|
+ .mode = S_IWUSR | S_IRUSR,
|
||
|
+ },
|
||
|
+ .read = bin_attr_nvmem_read,
|
||
|
+ .write = bin_attr_nvmem_write,
|
||
|
+};
|
||
|
+
|
||
|
+static struct bin_attribute *nvmem_bin_rw_root_attributes[] = {
|
||
|
+ &bin_attr_rw_root_nvmem,
|
||
|
+ NULL,
|
||
|
+};
|
||
|
+
|
||
|
+static const struct attribute_group nvmem_bin_rw_root_group = {
|
||
|
+ .bin_attrs = nvmem_bin_rw_root_attributes,
|
||
|
+};
|
||
|
+
|
||
|
+static const struct attribute_group *nvmem_rw_root_dev_groups[] = {
|
||
|
+ &nvmem_bin_rw_root_group,
|
||
|
+ NULL,
|
||
|
+};
|
||
|
+
|
||
|
+/* read only permission, root only */
|
||
|
+static struct bin_attribute bin_attr_ro_root_nvmem = {
|
||
|
+ .attr = {
|
||
|
+ .name = "nvmem",
|
||
|
+ .mode = S_IRUSR,
|
||
|
+ },
|
||
|
+ .read = bin_attr_nvmem_read,
|
||
|
+};
|
||
|
+
|
||
|
+static struct bin_attribute *nvmem_bin_ro_root_attributes[] = {
|
||
|
+ &bin_attr_ro_root_nvmem,
|
||
|
+ NULL,
|
||
|
+};
|
||
|
+
|
||
|
+static const struct attribute_group nvmem_bin_ro_root_group = {
|
||
|
+ .bin_attrs = nvmem_bin_ro_root_attributes,
|
||
|
+};
|
||
|
+
|
||
|
+static const struct attribute_group *nvmem_ro_root_dev_groups[] = {
|
||
|
+ &nvmem_bin_ro_root_group,
|
||
|
+ NULL,
|
||
|
+};
|
||
|
+
|
||
|
static void nvmem_release(struct device *dev)
|
||
|
{
|
||
|
struct nvmem_device *nvmem = to_nvmem_device(dev);
|
||
|
@@ -355,8 +402,14 @@ struct nvmem_device *nvmem_register(cons
|
||
|
nvmem->read_only = of_property_read_bool(np, "read-only") |
|
||
|
config->read_only;
|
||
|
|
||
|
- nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups :
|
||
|
- nvmem_rw_dev_groups;
|
||
|
+ if (config->root_only)
|
||
|
+ nvmem->dev.groups = nvmem->read_only ?
|
||
|
+ nvmem_ro_root_dev_groups :
|
||
|
+ nvmem_rw_root_dev_groups;
|
||
|
+ else
|
||
|
+ nvmem->dev.groups = nvmem->read_only ?
|
||
|
+ nvmem_ro_dev_groups :
|
||
|
+ nvmem_rw_dev_groups;
|
||
|
|
||
|
device_initialize(&nvmem->dev);
|
||
|
|
||
|
--- a/include/linux/nvmem-provider.h
|
||
|
+++ b/include/linux/nvmem-provider.h
|
||
|
@@ -23,6 +23,7 @@ struct nvmem_config {
|
||
|
const struct nvmem_cell_info *cells;
|
||
|
int ncells;
|
||
|
bool read_only;
|
||
|
+ bool root_only;
|
||
|
};
|
||
|
|
||
|
#if IS_ENABLED(CONFIG_NVMEM)
|