From 800161bd0209a8db77f66af283c379ff8d58d88d Mon Sep 17 00:00:00 2001 From: Mika Westerberg Date: Thu, 29 Jun 2017 14:19:50 +0300 Subject: thunderbolt: Correct access permissions for active NVM contents Firmware upgrade tools that decide which NVM image should be uploaded to the Thunderbolt controller need to access active parts of the NVM even if they are not run as root. The information in active NVM is not considered security critical so we can use the default permissions set by the NVMem framework. Writing the NVM image is still left as root only operation. While there mark the active NVM as read-only in the filesystem. Reported-by: Yehezkel Bernat Signed-off-by: Mika Westerberg Signed-off-by: Andreas Noever Signed-off-by: Greg Kroah-Hartman --- drivers/thunderbolt/switch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'drivers/thunderbolt/switch.c') diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index ab3e8f410444..40219a706309 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -281,9 +281,11 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id, if (active) { config.name = "nvm_active"; config.reg_read = tb_switch_nvm_read; + config.read_only = true; } else { config.name = "nvm_non_active"; config.reg_write = tb_switch_nvm_write; + config.root_only = true; } config.id = id; @@ -292,7 +294,6 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id, config.size = size; config.dev = &sw->dev; config.owner = THIS_MODULE; - config.root_only = true; config.priv = sw; return nvmem_register(&config); -- cgit v1.2.1 From 7c39ffe7a821dfd1f801627e1813f7c025e4c918 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig Date: Tue, 18 Jul 2017 15:30:05 +0200 Subject: thunderbolt: use uuid_t instead of uuid_be Switch thunderbolt to the new uuid type. Signed-off-by: Christoph Hellwig Reviewed-by: Amir Goldstein Reviewed-by: Andy Shevchenko Acked-by: Mika Westerberg --- drivers/thunderbolt/switch.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'drivers/thunderbolt/switch.c') diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index ab3e8f410444..c6f41b7d38b0 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -30,7 +30,7 @@ static DEFINE_IDA(nvm_ida); struct nvm_auth_status { struct list_head list; - uuid_be uuid; + uuid_t uuid; u32 status; }; @@ -47,7 +47,7 @@ static struct nvm_auth_status *__nvm_get_auth_status(const struct tb_switch *sw) struct nvm_auth_status *st; list_for_each_entry(st, &nvm_auth_status_cache, list) { - if (!uuid_be_cmp(st->uuid, *sw->uuid)) + if (uuid_equal(&st->uuid, sw->uuid)) return st; } @@ -1460,7 +1460,7 @@ struct tb_sw_lookup { struct tb *tb; u8 link; u8 depth; - const uuid_be *uuid; + const uuid_t *uuid; }; static int tb_switch_match(struct device *dev, void *data) @@ -1517,7 +1517,7 @@ struct tb_switch *tb_switch_find_by_link_depth(struct tb *tb, u8 link, u8 depth) * Returned switch has reference count increased so the caller needs to * call tb_switch_put() when done with the switch. */ -struct tb_switch *tb_switch_find_by_uuid(struct tb *tb, const uuid_be *uuid) +struct tb_switch *tb_switch_find_by_uuid(struct tb *tb, const uuid_t *uuid) { struct tb_sw_lookup lookup; struct device *dev; -- cgit v1.2.1