Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4126053ybg;
        Fri, 25 Oct 2019 13:44:50 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzL+H4Nv+0IYjvBT/ibv0P4JwtKyJxphdH3QLQvPVqw8s5NmCXuzpNQznc+1YAyvV9GS79L
X-Received: by 2002:a50:eacc:: with SMTP id u12mr6224255edp.290.1572036289968;
        Fri, 25 Oct 2019 13:44:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1572036289; cv=none;
        d=google.com; s=arc-20160816;
        b=URQ65ijE6ZwTGDbJde+0y/pqEO0pfEShfMf9XUB25N4tysYUrSBoXlSZuhZ7KL9stK
         e5mEf9+ixi3M8F3bmyFvuJH2Lr3K/GFAjb6hvHWp/YcvozJAeiK5V23jwqTgu7SIi6hi
         wSOKAbQ9cKiwjt7xrgZfdlCKXfD05OCFy6HWjAIiMzWVvZcDQgCuJ7Dw0GyTIfhcnz9v
         1yLFjEWXcgVtFsLr5WNcz6gvgEFVXzXJYeUFA0xYX3cr8Z21kFdEQqTh1jM6xyqPWTqp
         JKTFT03mYLZWSuimbJs7FpEMcJMsAvFs3p1PVm8EFVD9ZRWp03HaPEIsJxtyn2EjFxeZ
         wI/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter;
        bh=mDtsbMP5W8btp+nJtJmQtm2nuJFrzi43DMY3lfGFnJc=;
        b=zwGXCS2RR7pdF9HsryqLnUP4TwSXg99pvkBq3Ri4p4PwrclsEalT8ITkQDsn+AQ9A7
         UhN4KzcWakpNsX9FxjDkfgvWRq5Jz1ApOEZ+Urf4jgb6zNOYmK+XcRl6GSM2R+zHS1B3
         YLy3d7RJRTQ2/vpRCZARFd9t0hGDUrnVdHSwXrpj2PiVTrMILhRVJl/qocxNvzClHEhP
         5WTfAHQGiBH3gZxPRbJJqt8unjUt8hL5Bz8MLK9vRQZvzqeJZQqItwmLVzEp9kZYFl2L
         R0IyjaPqmsZ+tjNU/mfdfiabPINSJZA2MrwLUhcvS9bGUVG0hQRn/zOpCP5CDmdSLG/U
         AiSg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=kABBg7Hl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u16si2039954edi.310.2019.10.25.13.44.26;
        Fri, 25 Oct 2019 13:44:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b=kABBg7Hl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2503291AbfJYP6h (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Fri, 25 Oct 2019 11:58:37 -0400
Received: from linux.microsoft.com ([13.77.154.182]:38066 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727498AbfJYP6g (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 25 Oct 2019 11:58:36 -0400
Received: from [10.137.112.108] (unknown [131.107.174.108])
        by linux.microsoft.com (Postfix) with ESMTPSA id 7E95520F3BFE;
        Fri, 25 Oct 2019 08:58:35 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7E95520F3BFE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1572019115;
        bh=mDtsbMP5W8btp+nJtJmQtm2nuJFrzi43DMY3lfGFnJc=;
        h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
        b=kABBg7HlsBpqfTHU9o2+an0n4inUsxoZjaZzDmIGp8F8253XbcMvLk5ROEwdiW1Dn
         ChrAO8aE69Xb1E9/nvTlUCVews4YvFtS08oTVK8Mmhx70fjewuy4Mdfiibe6Xt2s0S
         XnAuwWItO77AHH67U+wY4k9dr/fDqdApVcaCEB2o=
Subject: Re: [PATCH v5 2/4] powerpc: expose secure variables to userspace via
 sysfs
To:     Nayna Jain <nayna@linux.ibm.com>, linuxppc-dev@ozlabs.org,
        linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org
Cc:     linux-kernel@vger.kernel.org,
        Michael Ellerman <mpe@ellerman.id.au>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Jeremy Kerr <jk@ozlabs.org>,
        Matthew Garret <matthew.garret@nebula.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Claudio Carvalho <cclaudio@linux.ibm.com>,
        George Wilson <gcwilson@linux.ibm.com>,
        Elaine Palmer <erpalmer@us.ibm.com>,
        Eric Ricther <erichte@linux.ibm.com>,
        Oliver O'Halloran <oohall@gmail.com>
References: <20191025004729.4452-1-nayna@linux.ibm.com>
 <20191025004729.4452-3-nayna@linux.ibm.com>
From:   Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Message-ID: <33275df6-9ee8-989f-9857-20946fb64b25@linux.microsoft.com>
Date:   Fri, 25 Oct 2019 08:58:35 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <20191025004729.4452-3-nayna@linux.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/24/19 5:47 PM, Nayna Jain wrote:

> +static ssize_t size_show(struct kobject *kobj, struct kobj_attribute *attr,
> +			 char *buf)
> +{
> +	uint64_t dsize;
> +	int rc;
> +
> +	rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize);
> +	if (rc) {
> +		pr_err("Error retrieving variable size %d\n", rc);
> +		return rc;
> +	}
> +
> +	rc = sprintf(buf, "%llu\n", dsize);
> +
> +	return rc;
> +}
nit: change it to "return sprintf(buf, "%llu\n", dsize);" instead.

> +
> +static ssize_t data_read(struct file *filep, struct kobject *kobj,
> +			 struct bin_attribute *attr, char *buf, loff_t off,
> +			 size_t count)
> +{
> +	uint64_t dsize;
> +	char *data;
> +	int rc;
> +
> +	rc = secvar_ops->get(kobj->name, strlen(kobj->name) + 1, NULL, &dsize);
> +	if (rc) {
> +		pr_err("Error getting variable size %d\n", rc);
> +		return rc;
> +	}
> +	pr_debug("dsize is %llu\n", dsize);
> +
> +	data = kzalloc(dsize, GFP_KERNEL);
Is there any MAX\MIN limit on dsize that can be returned by secvar_ops?
Is it ok to not validate the dsize
> +
> +static ssize_t update_write(struct file *filep, struct kobject *kobj,
> +			    struct bin_attribute *attr, char *buf, loff_t off,
> +			    size_t count)
> +{
> +	int rc;
> +
> +	pr_debug("count is %ld\n", count);
> +	rc = secvar_ops->set(kobj->name, strlen(kobj->name)+1, buf, count);
> +	if (rc) {
> +		pr_err("Error setting the variable %s\n", kobj->name);
> +		return rc;
> +	}
> +
> +	return count;
> +}
Return value from this function can be a count (of bytes in buf?) or 
error code. Could cause confusion.
> +
> +static int secvar_sysfs_load(void)
> +{
> +	char *name;
> +	uint64_t namesize = 0;
> +	struct kobject *kobj;
> +	int rc;
> +
> +	name = kzalloc(NAME_MAX_SIZE, GFP_KERNEL);
> +	if (!name)
> +		return -ENOMEM;
> +
> +	do {
> +		rc = secvar_ops->get_next(name, &namesize, NAME_MAX_SIZE);
> +		if (rc) {
> +			if (rc != -ENOENT)
> +				pr_err("error getting secvar from firmware %d\n",
> +					rc);
> +			break;
> +		}
> +
> +		kobj = kzalloc(sizeof(*kobj), GFP_KERNEL);
> +		if (!kobj)
> +			return -ENOMEM;

Memory allocated for "name" is leaked in this case.

> +
> +		kobject_init(kobj, &secvar_ktype);
> +
> +		rc = kobject_add(kobj, &secvar_kset->kobj, "%s", name);
> +		if (rc) {
> +			pr_warn("kobject_add error %d for attribute: %s\n", rc,
> +				name);
> +			kobject_put(kobj);
> +			kobj = NULL;
> +		}
> +
> +		if (kobj)
> +			kobject_uevent(kobj, KOBJ_ADD);
> +
> +	} while (!rc);
> +
> +	kfree(name);
> +	return rc;
> +}