Received: by 2002:a05:6358:701b:b0:131:369:b2a3 with SMTP id 27csp2957835rwo;
        Mon, 24 Jul 2023 04:16:21 -0700 (PDT)
X-Google-Smtp-Source: APBJJlEt8629lBQzyzKeBNw3DDXCyholhpre6uF8U/wyUvFcG9pMgnO5+7nb/93Yb+Niacd1UZXv
X-Received: by 2002:a17:907:7791:b0:993:eee4:e704 with SMTP id ky17-20020a170907779100b00993eee4e704mr9582626ejc.38.1690197380809;
        Mon, 24 Jul 2023 04:16:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690197380; cv=none;
        d=google.com; s=arc-20160816;
        b=VzG/Di8XdEJTlKTLmRK2E69T8ZPhAnvzSmKGxeXPaxbwIQSe0vN/V2wKDo4d3+O1By
         Qv+5qIQ3HzmLa4Tdfxf0e8QBwbqy3YI4SYSz4GQ6nmr73ddQuyEGprU6yQTWVCltzEpC
         4fN3kuaBUzfByZPPsw3ro3Oqtp/oQu5IdMuEhkoh9sAhu7OxuMUgTwvLial7fTSju6pF
         2/WkKJ3M7pZLURVg6nWMNZvOXpCLDPaDEhG8pAN7vmLLtmL/MF90KHT1qKnOyQr0jh8I
         /BeyOrLeVn2RAyH5BSIfJMLt1i5T2S2RrAbE1r+3zR0l4IfnONqaMHUTCDZRpAn84ItG
         97tw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=t3yt1Ke6aNIN/jv1ruK95LUKKim4xLKwMs6d1N9HoSc=;
        fh=OZu51iNx1LZTuircoqVQ8sgkWBrCh6kHyrUhiY57qCE=;
        b=t+SLodwvffg7RM35veEK92Ufpcz+xxWBc9lUVwKuxrErvwYyQjdJswa46q4aDFwV8o
         EcqDUq1K6iHTDLtld8Kvu7BRJI4WpjHoYUnKbNg1s75T7W+Ur6zArj9R6jEg3+BCieGu
         w1AXmbyHAuLTMuewIYGX0R5e9GohMFHYg8ws1wOigcHk5ph7LXInExeIUXWxCA2Vestd
         MKNbKf5wNO143cVKP30kbfkTFnNJD/yUpJp8DbfEo0dZGVsnObeMeB+HUI2wiz+E5u6C
         OumRyKn6EOYve0UHlMM1ytaO6FLqRyM0A+NlvQJLDg0i3isROwayLKYm7bWhGtpoov4I
         tYOg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=jFIv28Dy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id xo17-20020a170907bb9100b00992aea2c6a6si5775297ejc.977.2023.07.24.04.15.55;
        Mon, 24 Jul 2023 04:16:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=jFIv28Dy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231776AbjGXK1Y (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Mon, 24 Jul 2023 06:27:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55516 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231181AbjGXK1F (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jul 2023 06:27:05 -0400
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 291C7199D
        for <linux-kernel@vger.kernel.org>; Mon, 24 Jul 2023 03:22:22 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2b72161c6e9so65327501fa.0
        for <linux-kernel@vger.kernel.org>; Mon, 24 Jul 2023 03:22:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1690194140; x=1690798940;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=t3yt1Ke6aNIN/jv1ruK95LUKKim4xLKwMs6d1N9HoSc=;
        b=jFIv28DyvGrQUq7s7YcQS4RGDhl4fzmHSKpvLI4z2RUelm5JFFUotkTI3QRm3zolj/
         bnwaAk2lNRvUIK0ZZDSStNMIV1Hu1ajX/UKqwjLzKCdVneP4PQO0J947/QBkIHsvvCb1
         qon9fL3JSeTltaQfu5c2/Ix+sJb6AeBdKnFKZKYoWOaH05QsFt2pKvi6S/+PLolbWTLu
         M6IwSkl8E9kNB/FUJGp6pt8xljVS7IpJLpm/IxOm7cpL1A4/7rOWS+GDM8Vkq/ItgigA
         0eySTFGOFPhjLfDJdDH0L2Vl8ABW7Va4aDRWvsXJ4gSrYe3JfPD/mbYJ6yILcsSehuK0
         xB8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690194140; x=1690798940;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=t3yt1Ke6aNIN/jv1ruK95LUKKim4xLKwMs6d1N9HoSc=;
        b=OLPAJ8KTmqfoUIhloJ8nDWEXM41bPtY2Wddi/jbLL+nLL/74CCWmTUbFy3Aq7ZJjCQ
         tlZuIoxkGYrpWFSyUtzyuT1iDm45GpOdx36TPwEwXO51afkGdDzso8VQjSSA2YEZMfqR
         BMRPk4jz+KQO5EXAILbpBnUpSTw7FLsL+8nzFjNyuWitlaESxmTrOVIpVnjx8bRSiJAR
         QkP5vSZ74HtageH7RZ/3pQBmjc7mFZNXd6KONfprTh32rD0KYMDV+4WkfeMW/qXS2HMG
         QauHB2cO5R3baXJSHscMaA3MkwyDI/iiZU4IsZSCWzYljSPd5lKVxMEjIEkaWs56vOkr
         uZ1g==
X-Gm-Message-State: ABy/qLaZIRzBW8P8LOUuUoVvcx7hl/pnTHtA3uankbqMXco+LEae6HuC
        THcyKQeldbxcdf1R3gslimMOttPe3tCG/5yVLEpHfw==
X-Received: by 2002:a19:2d52:0:b0:4f8:6d9d:abe0 with SMTP id
 t18-20020a192d52000000b004f86d9dabe0mr2809263lft.33.1690194140137; Mon, 24
 Jul 2023 03:22:20 -0700 (PDT)
MIME-Version: 1.0
References: <20230622085112.1521-1-masahisa.kojima@linaro.org>
 <20230622085112.1521-5-masahisa.kojima@linaro.org> <5fe03be6-8c95-0bfa-687d-68e7ddffd97c@siemens.com>
 <ZJSZbmUz583pszny@hera> <CADQ0-X8TMQoViFW_zFCrOK6yjOqp-X8zQc6c2qsUcWZ5=Suugg@mail.gmail.com>
In-Reply-To: <CADQ0-X8TMQoViFW_zFCrOK6yjOqp-X8zQc6c2qsUcWZ5=Suugg@mail.gmail.com>
From:   Ilias Apalodimas <ilias.apalodimas@linaro.org>
Date:   Mon, 24 Jul 2023 13:21:44 +0300
Message-ID: <CAC_iWj+-h+TbuesypQ-PpwFYOUOZ-vjd2C6dWb1oSBt7jEviPQ@mail.gmail.com>
Subject: Re: [PATCH v6 4/4] efivarfs: automatically update super block flag
To:     Masahisa Kojima <masahisa.kojima@linaro.org>
Cc:     Jan Kiszka <jan.kiszka@siemens.com>,
        Ard Biesheuvel <ardb@kernel.org>,
        Jens Wiklander <jens.wiklander@linaro.org>,
        Sumit Garg <sumit.garg@linaro.org>,
        linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org,
        Johan Hovold <johan+linaro@kernel.org>,
        Jeremy Kerr <jk@ozlabs.org>, linux-efi@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Kojima-san,

On Mon, 24 Jul 2023 at 05:53, Masahisa Kojima
<masahisa.kojima@linaro.org> wrote:
>
> Hi Ilias, Jan,
>
> On Fri, 23 Jun 2023 at 03:56, Ilias Apalodimas
> <ilias.apalodimas@linaro.org> wrote:
> >
> > Hi Kojima-san, Jan
> >
> > On Thu, Jun 22, 2023 at 04:58:50PM +0200, Jan Kiszka wrote:
> > > On 22.06.23 10:51, Masahisa Kojima wrote:
> > > > efivar operation is updated when the tee_stmm_efi module is probed.
> > > > tee_stmm_efi module supports SetVariable runtime service,
> > > > but user needs to manually remount the efivarfs as RW to enable
> > > > the write access if the previous efivar operation does not support
> > > > SerVariable and efivarfs is mounted as read-only.
> > > >
> > > > This commit notifies the update of efivar operation to
> > > > efivarfs subsystem, then drops SB_RDONLY flag if the efivar
> > > > operation supports SetVariable.
> > >
> > > But it does not re-add it and prevents further requests to the TA (that
> > > will only cause panics there) when the daemon terminates, does it?
> >
> > It doesn't, but I think I got a better way out.  Even what you suggest won't
> > solve the problem entirely.  For the sake of context
> > - The kernel decides between the RO/RW depending on the SetVariable ptr
> > - The stmm *module* registers and swaps the RT calls -- and the ptr is now
> > valid.  Note here that the module probe function will run only if the
> > supplicant is running
> > - Once the module is inserted the filesystem will be remounted even without
> > the supplicant running, which would not trigger an oops, but an hard to
> > decipher error message from OP-TEE.
> >
> > So even if we switch the permissions back to RO when the supplicant dies,
> > someone can still remount it as RW and trigger the same error.
> >
> > Which got me thinking and staring the TEE subsystem a bit more.  The
> > supplicant is backed by a /dev file, which naturally has .open() and
> > .release() callbacks.  Why don't we leave the module perform the initial
> > setup -- e.g talk to StMM and make sure it's there, setup the necessary
> > buffers etc and defer the actual swapping of the efivar ops and the
> > filesystem permissions there?  I might 'feel' a bit weird, but as I
> > mentioned the module probe function only runs if the supplicant is running
> > anyway
>
> I think we are discussing two issues.
>

Yes

> 1) efivar ops is not restored when the tee-supplicant daemon terminates.
>
> The patch[1] sent by Sumit addresses this issue.
> Thanks to this patch, 'remove' callback of tee_stmm_efi_driver is called
> when the tee-supplicant daemon terminates, then restore the previous efivar ops
> and SB_RDONLY flag if necessary.

Ok but that didn't fix the original error Jan reported and I am not
sure about the patch status

>
> 2) cause panic when someone remounts the efivarfs as RW even if
> SetVariable is not supported.

Yes, this [0] is fixing that issue

[0] https://lore.kernel.org/linux-efi/20230609094532.562934-1-ilias.apalodimas@linaro.org/
Thanks
/Ilias
>
> [1] https://lore.kernel.org/all/20230607151435.92654-1-sumit.garg@linaro.org/
>
> Thanks,
> Masahisa Kojima
>
> >
> > Cheers
> > /Ilias
> >
> > >
> > > Jan
> > >
> > > --
> > > Siemens AG, Technology
> > > Competence Center Embedded Linux
> > >