Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp957653rdg; Wed, 11 Oct 2023 10:01:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEMnBt0FXU3/CEmf4DzHcwGTlgCqSH1ZK865h6ecoJtn9DwBCsiBEhtA3fHW6UUMn0YD74d X-Received: by 2002:a05:6a00:2e96:b0:68b:c562:da65 with SMTP id fd22-20020a056a002e9600b0068bc562da65mr22394066pfb.26.1697043674528; Wed, 11 Oct 2023 10:01:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697043674; cv=none; d=google.com; s=arc-20160816; b=BOI1sALsxO7L8Mmix3zn58eSkHOTzGqE5fAkXWy1+w2JUzHCyX2Jse+cQH9sTsZ+qx EEBKcQFfjaV+pOfzPGJC/owiHB0z+vNVEcgH2du78S4BT6EeuLtvpJhVWMfCU8dwNLXP W7P2hllRw4uIDgc2u5fr35D06MZJygvHdCFSFZIZDZFp+6Hl3Qr4lTEkxg3KFFSVLBq2 VJoBgbORmVNbHs72CU+147VmbWZU9ux9qV00QD2dHY+ee6qfwe8xHW0Kq559BLNcdXGQ S7s7aAp2jf7kDs0BorIY0HZvc4h+Zb8xhf+SNjLDQPEIYpJUOBtevazjOm0OF28al0ty lpGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8sHYpk3NLm+iT6M+Vidy6ah4n5Cv4xyN+PvO+EHCwpQ=; fh=wHfsHrEVI0c+bwOnQbFO0/F3k6HCfV25sajQdlH2+KQ=; b=o7A3CW/iYd08fUzkgpLZHXVdfqxTC0kDy87VFEn2iEChtEc+KZlysP6t+xvqHwyAAp Yj94TuaQT5gyx1TupaLT/F4IngQ4nAQ3we4unjQrhygOoeZKISOSnLUKhNqZNL0UJkC1 gyeJxl1r+Q6vWCkDEqxOIl35bp3ausCOXo9EYfNzEu7hpkJ5suKMtTpCFPilg+EuVjkN FXCQ6F8o5NIuRCLBZIfj4L3TeAuCFbrjhTdZCtbDRF8gYozgaxCEDdqk12yggI52zBKH JULYg1nNLJKmai2bQnNhI8rujPsxpf4abZWOVQFzFtjtr1Q5Bk7BpWhWobEVHAgGY83U Jepg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XmXufhLL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id f3-20020a056a00228300b00690fec2f3bbsi2067496pfe.85.2023.10.11.10.01.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 10:01:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=XmXufhLL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id F0C3E8062796; Wed, 11 Oct 2023 10:01:10 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230158AbjJKRBE (ORCPT + 99 others); Wed, 11 Oct 2023 13:01:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232796AbjJKRBC (ORCPT ); Wed, 11 Oct 2023 13:01:02 -0400 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9C17B0 for ; Wed, 11 Oct 2023 10:00:58 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b9338e4695so92771fa.2 for ; Wed, 11 Oct 2023 10:00:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1697043657; x=1697648457; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8sHYpk3NLm+iT6M+Vidy6ah4n5Cv4xyN+PvO+EHCwpQ=; b=XmXufhLLZenTnmVhn78wi+KcFBUtF3Xt2LEqb2ph36YYMdJWNfbNQyzW1i6/kyu3s9 Gc9Z78aofuAJ3wVkY+yyRM6jz3kg9IjJrpvB/ieci5wlZClZi92wb5vqND9X0X3tQrIv T4hV4Mjepnx0uDQs12RKCXb7sUNqRonmEWwPT3p3xvcHpPGVK7/LLDGTndbNKyAETBtT kHnergEsaGH5zb0fVl5HqrN7BlNv5SkAYEsSrzYwe/WzPZf3OXKlRwilywkqvKDiAYNl Xi3gc0xRg7vTsESdFZanIhhbqiEUGNG6bRppmpPM0w8Q79sDSQ+1u+M8YLJhxGNrfuGw bKzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697043657; x=1697648457; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8sHYpk3NLm+iT6M+Vidy6ah4n5Cv4xyN+PvO+EHCwpQ=; b=lqQaoa/AQMVSjsqAB0TYUTKb7sLhY78bWqw6kg3OR1Q0ZPmOKXDSu+HrMulGvbiyyf 3JBu+R9gG++zmVr6PUMFArXO60jh0AtCfJAGGoQxuhNWkXvU1zJmnT/SPqjOw+XBjZTO 9w3tEpxB/NNB0k/is2F3oM7mAXd7mFuEK5UkJU44bY+zn1DDSp81X2dOs9IExrQwjNVX D1EY54rTKrXbZP3oPeQ1DoYjDQLpT4dPlHmnQtkJyIFlId6pF5eLETmLgLEtkDdKA5U5 PsxOs7qNuPRjy7JVkDbf+69vie3xR/YLbWegvFmYVmF44n3aghXDf4PNgYYN2g6iuRnh Sbjg== X-Gm-Message-State: AOJu0Yz9nUfZ1hbDpotaVEBjR7Q3cbiHfd6vvM6wAQgJ+VYi8wyN2KEe xozcwlu7N0aVV4p0fpPOk7tdt+fP93SkswO4j6yHlQ== X-Received: by 2002:a2e:9455:0:b0:2bc:bf29:18d3 with SMTP id o21-20020a2e9455000000b002bcbf2918d3mr19654976ljh.31.1697043656907; Wed, 11 Oct 2023 10:00:56 -0700 (PDT) MIME-Version: 1.0 References: <20230807025343.1939-1-masahisa.kojima@linaro.org> <20230807025343.1939-5-masahisa.kojima@linaro.org> In-Reply-To: <20230807025343.1939-5-masahisa.kojima@linaro.org> From: Ilias Apalodimas Date: Wed, 11 Oct 2023 10:00:20 -0700 Message-ID: Subject: Re: [PATCH v8 4/5] efivarfs: automatically update super block flag To: Masahisa Kojima Cc: Ard Biesheuvel , Jens Wiklander , Jan Kiszka , Sumit Garg , linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org, Johan Hovold , Randy Dunlap , Heinrich Schuchardt , Jonathan Cameron , Jeremy Kerr , linux-efi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 11 Oct 2023 10:01:11 -0700 (PDT) X-Spam-Level: ** Kojima-san Apologies for the late reply, I just found some to test this. On Sun, 6 Aug 2023 at 19:55, Masahisa Kojima wrote: > > efivar operation is updated when the tee_stmm_efi module is probed. > tee_stmm_efi module supports SetVariable runtime service, > but user needs to manually remount the efivarfs as RW to enable > the write access if the previous efivar operation does not support > SerVariable and efivarfs is mounted as read-only. > > This commit notifies the update of efivar operation to > efivarfs subsystem, then drops SB_RDONLY flag if the efivar > operation supports SetVariable. The RO->RW transition works fine and I did manage to test basic stuff like setting up efibootmgr options. IIUC the RW->RO should be covered by this patchset [0] ? Wouldn't it be better to detect that the tee device of the supplicant closes and use that to switch the permissions? I get why we need that for the TPM, the entire subsystem needs to send TPM commands *before* the supplicant dies. But this is not needed for the EFI variables case, we could just remount the FS as RO the moment the supplicant dies. [0] https://lore.kernel.org/all/20230728134832.326467-1-sumit.garg@linaro.org/ Regards /Ilias > > Signed-off-by: Masahisa Kojima > --- > drivers/firmware/efi/efi.c | 6 ++++++ > drivers/firmware/efi/vars.c | 8 ++++++++ > fs/efivarfs/super.c | 33 +++++++++++++++++++++++++++++++++ > include/linux/efi.h | 8 ++++++++ > 4 files changed, 55 insertions(+) > > diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c > index 53ae25bbb6ac..d2eec5ed8e5e 100644 > --- a/drivers/firmware/efi/efi.c > +++ b/drivers/firmware/efi/efi.c > @@ -32,6 +32,7 @@ > #include > #include > #include > +#include > > #include > > @@ -187,6 +188,9 @@ static const struct attribute_group efi_subsys_attr_group = { > .is_visible = efi_attr_is_visible, > }; > > +struct blocking_notifier_head efivar_ops_nh; > +EXPORT_SYMBOL_GPL(efivar_ops_nh); > + > static struct efivars generic_efivars; > static struct efivar_operations generic_ops; > > @@ -427,6 +431,8 @@ static int __init efisubsys_init(void) > platform_device_register_simple("efivars", 0, NULL, 0); > } > > + BLOCKING_INIT_NOTIFIER_HEAD(&efivar_ops_nh); > + > error = sysfs_create_group(efi_kobj, &efi_subsys_attr_group); > if (error) { > pr_err("efi: Sysfs attribute export failed with error %d.\n", > diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c > index e9dc7116daf1..f654e6f6af87 100644 > --- a/drivers/firmware/efi/vars.c > +++ b/drivers/firmware/efi/vars.c > @@ -63,6 +63,7 @@ int efivars_register(struct efivars *efivars, > const struct efivar_operations *ops) > { > int rv; > + int event; > > if (down_interruptible(&efivars_lock)) > return -EINTR; > @@ -77,6 +78,13 @@ int efivars_register(struct efivars *efivars, > > __efivars = efivars; > > + if (efivar_supports_writes()) > + event = EFIVAR_OPS_RDWR; > + else > + event = EFIVAR_OPS_RDONLY; > + > + blocking_notifier_call_chain(&efivar_ops_nh, event, NULL); > + > pr_info("Registered efivars operations\n"); > rv = 0; > out: > diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c > index e028fafa04f3..0f6e4d223aea 100644 > --- a/fs/efivarfs/super.c > +++ b/fs/efivarfs/super.c > @@ -14,11 +14,36 @@ > #include > #include > #include > +#include > > #include "internal.h" > > LIST_HEAD(efivarfs_list); > > +struct efivarfs_info { > + struct super_block *sb; > + struct notifier_block nb; > +}; > + > +static struct efivarfs_info info; > + > +static int efivarfs_ops_notifier(struct notifier_block *nb, unsigned long event, > + void *data) > +{ > + switch (event) { > + case EFIVAR_OPS_RDONLY: > + info.sb->s_flags |= SB_RDONLY; > + break; > + case EFIVAR_OPS_RDWR: > + info.sb->s_flags &= ~SB_RDONLY; > + break; > + default: > + return NOTIFY_DONE; > + } > + > + return NOTIFY_OK; > +} > + > static void efivarfs_evict_inode(struct inode *inode) > { > clear_inode(inode); > @@ -255,6 +280,12 @@ static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc) > if (!root) > return -ENOMEM; > > + info.sb = sb; > + info.nb.notifier_call = efivarfs_ops_notifier; > + err = blocking_notifier_chain_register(&efivar_ops_nh, &info.nb); > + if (err) > + return err; > + > INIT_LIST_HEAD(&efivarfs_list); > > err = efivar_init(efivarfs_callback, (void *)sb, true, &efivarfs_list); > @@ -281,6 +312,8 @@ static int efivarfs_init_fs_context(struct fs_context *fc) > > static void efivarfs_kill_sb(struct super_block *sb) > { > + blocking_notifier_chain_unregister(&efivar_ops_nh, &info.nb); > + info.sb = NULL; > kill_litter_super(sb); > > if (!efivar_is_available()) > diff --git a/include/linux/efi.h b/include/linux/efi.h > index 603bba2d6437..17cd628b5c42 100644 > --- a/include/linux/efi.h > +++ b/include/linux/efi.h > @@ -1365,6 +1365,14 @@ bool efi_config_table_is_usable(const efi_guid_t *guid, unsigned long table) > > umode_t efi_attr_is_visible(struct kobject *kobj, struct attribute *attr, int n); > > +/* > + * efivar ops event type > + */ > +#define EFIVAR_OPS_RDONLY 0 > +#define EFIVAR_OPS_RDWR 1 > + > +extern struct blocking_notifier_head efivar_ops_nh; > + > void efivars_generic_ops_register(void); > void efivars_generic_ops_unregister(void); > > -- > 2.30.2 >