Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp794793rdg; Fri, 13 Oct 2023 00:53:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG/zHcCWuHUGAr5euujybgOUZ+7lxZoJ7iwLXqIrNoNCJaryaSacTjrwllb9fJ+/Bz2vJMT X-Received: by 2002:a05:6808:c3:b0:3a7:3ce0:1ad7 with SMTP id t3-20020a05680800c300b003a73ce01ad7mr25470149oic.20.1697183628701; Fri, 13 Oct 2023 00:53:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697183628; cv=none; d=google.com; s=arc-20160816; b=af42CAVNv3Osy5CCEd0ez6ZEtsUYwduoq87FMTLmL/ldX7Aa/4XqPh7qnNAl9IZXJV /1oCpyCdW18Jvji2iFIQ9cAH+sw1JaKkZ1cb8xyMtfolLt0CZNfLLWhw1mTbsrR/6CCT 30viFAfXoZtP1ZUcE6fzC+JmBJBmg9FM6UOL8CH88862ocZ/9lZ1D/A6adev+f+Gg9GI 8CD/1gVykPYLN9AbdEeb6yxUV0c564c/gdiTf50QypsGj/imnOknmRptSxgsuYe7Z75C kWIqyVY2rfwc5YIoCp0Z+zu7YIQj2R7Y+U/VtT9qiYgu59w38KP30EKvWNDhPqiJB/uG YwjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=gXBNB01UeisT6KBlYVbfz6auMQKWtIS6m6y0sOninrM=; fh=QJHGcZzQc2+NaR6+J8QkGTp+bI9cceRvmdTYDQLqgH4=; b=GinEilF9SH0NDBQ8cPnti8MHzjnpI5rRcO5yFnNVhmg3UayoVMzEB+pbyt6Rsr0r8T NPdb9h1BTuYa9SDYiFy437yomfEGG5DumCf+HEUB1p7oIwuUH5bF8UsvwMJbW6a1BTHR TOUa6Rv27jEmhqrmzfON94iSKWcRvsma0lX4b+SaNABPgC5fbpHhcykrFaeqiyE3slVV bQyk5twi7Xikw+6t+EKSaddYio8zEvxT6uH//bk9as4zUexD7i9kpj1jJTUZfjMKmZVh Km27//p6pet7WnUskr6KfYXS3dQ8yBm9HKvF0zHNnTHqTZiXvELf31RVgqLEwzztYlpX BxrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FXGdAvkP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id 38-20020a631966000000b0058a09ed5ca2si3944840pgz.313.2023.10.13.00.53.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Oct 2023 00:53:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FXGdAvkP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 89C9382663F4; Fri, 13 Oct 2023 00:53:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229870AbjJMHxc (ORCPT + 99 others); Fri, 13 Oct 2023 03:53:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42256 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229744AbjJMHxb (ORCPT ); Fri, 13 Oct 2023 03:53:31 -0400 Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9B2583 for ; Fri, 13 Oct 2023 00:53:28 -0700 (PDT) Received: by mail-vs1-xe29.google.com with SMTP id ada2fe7eead31-457819ae142so758654137.2 for ; Fri, 13 Oct 2023 00:53:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1697183608; x=1697788408; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=gXBNB01UeisT6KBlYVbfz6auMQKWtIS6m6y0sOninrM=; b=FXGdAvkPCHuS8Ogu0IteEbBYYwn1ye+kGlJz/EeI7+O3M7bIuYTLN2rKcRflvGqBnJ CXYSMNQpXdwtdiantgFCq9HDmjBpXhqRwYeAvPt0RB3I0lpVg/CIPJyBGgRCdFYk8WYz VO987P6eZ/gbVxQcKRzRkG+iNJ5eIpn2ICK2BwAQNDTgiCfqwqPbFrpLRLiL04B48zR6 Tb7hgqa83B6ZsqOK7WapNTyGI4yIeAVxC6aq1zmQ+S4vrNVZAGBbm+jLoOHspfDbaLqw uhN0HmUMuC8YHaewCROg0S2CVsi4dQlFa/2rf0s9kodo5K0NIY+fVGOqi3yrYWyLNELT PndA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697183608; x=1697788408; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gXBNB01UeisT6KBlYVbfz6auMQKWtIS6m6y0sOninrM=; b=iVH2HtZHfMaY3szstACUuuX+x55BKCcI0MOsa9BHLycWRWluvHExz86kA8ZoyisDub YDcGu28hAYVj/N+MIeUNMrolH9DTQnk0M1rHY7EDORUbDqJlUy1N7GeUUq42Wm/L/PEq 0rj2hkemAiRN/k3tiiigBckCOzunfCyNEvA4+JA3WjWEqntGx2esWiJS5YfEcW3ON1kI hj9msy5+Dk+uUburYECi2p0F0T50q0ArS9g17x5qMYQJE/rVQAl1FCAnKUtP80ieAne0 qBhn+zL5MPnY+RYsSixpILGfN/sJm+3ylBEG69n2dct+yR9l0Xq9hhqOCh+Ylkk0Vz05 mctQ== X-Gm-Message-State: AOJu0YxE4NVBb17s1hIVZ/2U0I2UBGZkMi40uS9WByuoebSzhdu9qdj5 Lec20boeps2SBDGoeaOQCOJ0/loOzDFPlQb//xtmvw== X-Received: by 2002:a05:6102:a52:b0:457:adcf:2f9e with SMTP id i18-20020a0561020a5200b00457adcf2f9emr5656509vss.24.1697183607881; Fri, 13 Oct 2023 00:53:27 -0700 (PDT) MIME-Version: 1.0 References: <20230807025343.1939-1-masahisa.kojima@linaro.org> <20230807025343.1939-5-masahisa.kojima@linaro.org> In-Reply-To: From: Sumit Garg Date: Fri, 13 Oct 2023 13:23:16 +0530 Message-ID: Subject: Re: [PATCH v8 4/5] efivarfs: automatically update super block flag To: Ilias Apalodimas Cc: Masahisa Kojima , Ard Biesheuvel , Jens Wiklander , Jan Kiszka , linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org, Johan Hovold , Randy Dunlap , Heinrich Schuchardt , Jonathan Cameron , Jeremy Kerr , linux-efi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 13 Oct 2023 00:53:45 -0700 (PDT) Hi Ilias, On Wed, 11 Oct 2023 at 22:30, Ilias Apalodimas wrote: > > Kojima-san > Apologies for the late reply, I just found some to test this. > > On Sun, 6 Aug 2023 at 19:55, Masahisa Kojima wrote: > > > > efivar operation is updated when the tee_stmm_efi module is probed. > > tee_stmm_efi module supports SetVariable runtime service, > > but user needs to manually remount the efivarfs as RW to enable > > the write access if the previous efivar operation does not support > > SerVariable and efivarfs is mounted as read-only. > > > > This commit notifies the update of efivar operation to > > efivarfs subsystem, then drops SB_RDONLY flag if the efivar > > operation supports SetVariable. > > The RO->RW transition works fine and I did manage to test basic stuff > like setting up efibootmgr options. IIUC the RW->RO should be covered > by this patchset [0] ? Yeah. > Wouldn't it be better to detect that the tee device of the supplicant > closes and use that to switch the permissions? I get why we need that > for the TPM, the entire subsystem needs to send TPM commands *before* > the supplicant dies. But this is not needed for the EFI variables > case, we could just remount the FS as RO the moment the supplicant > dies. As we discussed offline, we should have a unified approach to notify kernel TEE client drivers. So the approach implemented as part of [0] should address the needs for fTPM as well as EFI. -Sumit > > [0] https://lore.kernel.org/all/20230728134832.326467-1-sumit.garg@linaro.org/ > > Regards > /Ilias > > > > Signed-off-by: Masahisa Kojima > > --- > > drivers/firmware/efi/efi.c | 6 ++++++ > > drivers/firmware/efi/vars.c | 8 ++++++++ > > fs/efivarfs/super.c | 33 +++++++++++++++++++++++++++++++++ > > include/linux/efi.h | 8 ++++++++ > > 4 files changed, 55 insertions(+) > > > > diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c > > index 53ae25bbb6ac..d2eec5ed8e5e 100644 > > --- a/drivers/firmware/efi/efi.c > > +++ b/drivers/firmware/efi/efi.c > > @@ -32,6 +32,7 @@ > > #include > > #include > > #include > > +#include > > > > #include > > > > @@ -187,6 +188,9 @@ static const struct attribute_group efi_subsys_attr_group = { > > .is_visible = efi_attr_is_visible, > > }; > > > > +struct blocking_notifier_head efivar_ops_nh; > > +EXPORT_SYMBOL_GPL(efivar_ops_nh); > > + > > static struct efivars generic_efivars; > > static struct efivar_operations generic_ops; > > > > @@ -427,6 +431,8 @@ static int __init efisubsys_init(void) > > platform_device_register_simple("efivars", 0, NULL, 0); > > } > > > > + BLOCKING_INIT_NOTIFIER_HEAD(&efivar_ops_nh); > > + > > error = sysfs_create_group(efi_kobj, &efi_subsys_attr_group); > > if (error) { > > pr_err("efi: Sysfs attribute export failed with error %d.\n", > > diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c > > index e9dc7116daf1..f654e6f6af87 100644 > > --- a/drivers/firmware/efi/vars.c > > +++ b/drivers/firmware/efi/vars.c > > @@ -63,6 +63,7 @@ int efivars_register(struct efivars *efivars, > > const struct efivar_operations *ops) > > { > > int rv; > > + int event; > > > > if (down_interruptible(&efivars_lock)) > > return -EINTR; > > @@ -77,6 +78,13 @@ int efivars_register(struct efivars *efivars, > > > > __efivars = efivars; > > > > + if (efivar_supports_writes()) > > + event = EFIVAR_OPS_RDWR; > > + else > > + event = EFIVAR_OPS_RDONLY; > > + > > + blocking_notifier_call_chain(&efivar_ops_nh, event, NULL); > > + > > pr_info("Registered efivars operations\n"); > > rv = 0; > > out: > > diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c > > index e028fafa04f3..0f6e4d223aea 100644 > > --- a/fs/efivarfs/super.c > > +++ b/fs/efivarfs/super.c > > @@ -14,11 +14,36 @@ > > #include > > #include > > #include > > +#include > > > > #include "internal.h" > > > > LIST_HEAD(efivarfs_list); > > > > +struct efivarfs_info { > > + struct super_block *sb; > > + struct notifier_block nb; > > +}; > > + > > +static struct efivarfs_info info; > > + > > +static int efivarfs_ops_notifier(struct notifier_block *nb, unsigned long event, > > + void *data) > > +{ > > + switch (event) { > > + case EFIVAR_OPS_RDONLY: > > + info.sb->s_flags |= SB_RDONLY; > > + break; > > + case EFIVAR_OPS_RDWR: > > + info.sb->s_flags &= ~SB_RDONLY; > > + break; > > + default: > > + return NOTIFY_DONE; > > + } > > + > > + return NOTIFY_OK; > > +} > > + > > static void efivarfs_evict_inode(struct inode *inode) > > { > > clear_inode(inode); > > @@ -255,6 +280,12 @@ static int efivarfs_fill_super(struct super_block *sb, struct fs_context *fc) > > if (!root) > > return -ENOMEM; > > > > + info.sb = sb; > > + info.nb.notifier_call = efivarfs_ops_notifier; > > + err = blocking_notifier_chain_register(&efivar_ops_nh, &info.nb); > > + if (err) > > + return err; > > + > > INIT_LIST_HEAD(&efivarfs_list); > > > > err = efivar_init(efivarfs_callback, (void *)sb, true, &efivarfs_list); > > @@ -281,6 +312,8 @@ static int efivarfs_init_fs_context(struct fs_context *fc) > > > > static void efivarfs_kill_sb(struct super_block *sb) > > { > > + blocking_notifier_chain_unregister(&efivar_ops_nh, &info.nb); > > + info.sb = NULL; > > kill_litter_super(sb); > > > > if (!efivar_is_available()) > > diff --git a/include/linux/efi.h b/include/linux/efi.h > > index 603bba2d6437..17cd628b5c42 100644 > > --- a/include/linux/efi.h > > +++ b/include/linux/efi.h > > @@ -1365,6 +1365,14 @@ bool efi_config_table_is_usable(const efi_guid_t *guid, unsigned long table) > > > > umode_t efi_attr_is_visible(struct kobject *kobj, struct attribute *attr, int n); > > > > +/* > > + * efivar ops event type > > + */ > > +#define EFIVAR_OPS_RDONLY 0 > > +#define EFIVAR_OPS_RDWR 1 > > + > > +extern struct blocking_notifier_head efivar_ops_nh; > > + > > void efivars_generic_ops_register(void); > > void efivars_generic_ops_unregister(void); > > > > -- > > 2.30.2 > >