nvmem: Add flag to export NVMEM to root only

Legacy AT24, AT25 EEPROMs are exported in sys so that only root can read the contents. The EEPROMs may contain sensitive information. Add a flag so the provide can indicate that NVMEM should also restrict access to root only. Signed-off-by: Andrew Lunn <andrew@lunn.ch> Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Andrew Lunn <andrew@lunn.ch> 2016-02-26 14:59:18 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-03-01 19:55:48 -0500
commit: 811b0d6538b9f26f3eb0f90fe4e6118f2480ec6f (patch)
tree: 3f4a38c17e58e4011702fd5cbc73c22b22dbd488
parent: 1bb850a1b7f68b66361e658e334f9fdf8231f17d (diff)
2 files changed, 56 insertions, 2 deletions
diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index de14fae6f7f6..b03690bc8f09 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -161,6 +161,53 @@ static const struct attribute_group *nvmem_ro_dev_groups[] = {
        NULL,
 };
+/* default read/write permissions, root only */
+static struct bin_attribute bin_attr_rw_root_nvmem = {
+        .attr   = {
+                .name   = "nvmem",
+                .mode   = S_IWUSR | S_IRUSR,
+        },
+        .read   = bin_attr_nvmem_read,
+        .write  = bin_attr_nvmem_write,
+};
+static struct bin_attribute *nvmem_bin_rw_root_attributes[] = {
+        &bin_attr_rw_root_nvmem,
+        NULL,
+};
+static const struct attribute_group nvmem_bin_rw_root_group = {
+        .bin_attrs      = nvmem_bin_rw_root_attributes,
+};
+static const struct attribute_group *nvmem_rw_root_dev_groups[] = {
+        &nvmem_bin_rw_root_group,
+        NULL,
+};
+/* read only permission, root only */
+static struct bin_attribute bin_attr_ro_root_nvmem = {
+        .attr   = {
+                .name   = "nvmem",
+                .mode   = S_IRUSR,
+        },
+        .read   = bin_attr_nvmem_read,
+};
+static struct bin_attribute *nvmem_bin_ro_root_attributes[] = {
+        &bin_attr_ro_root_nvmem,
+        NULL,
+};
+static const struct attribute_group nvmem_bin_ro_root_group = {
+        .bin_attrs      = nvmem_bin_ro_root_attributes,
+};
+static const struct attribute_group *nvmem_ro_root_dev_groups[] = {
+        &nvmem_bin_ro_root_group,
+        NULL,
+};
 static void nvmem_release(struct device *dev)
 {
        struct nvmem_device *nvmem = to_nvmem_device(dev);
@@ -355,8 +402,14 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
        nvmem->read_only = of_property_read_bool(np, "read-only") |
                           config->read_only;
-        nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups :
+        if (config->root_only)
-                                               nvmem_rw_dev_groups;
+                nvmem->dev.groups = nvmem->read_only ?
+                        nvmem_ro_root_dev_groups :
+                        nvmem_rw_root_dev_groups;
+        else
+                nvmem->dev.groups = nvmem->read_only ?
+                        nvmem_ro_dev_groups :
+                        nvmem_rw_dev_groups;
        device_initialize(&nvmem->dev);
diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h
index 0b68caff1b3c..d24fefa0c11d 100644
--- a/include/linux/nvmem-provider.h
+++ b/include/linux/nvmem-provider.h
@@ -23,6 +23,7 @@ struct nvmem_config {
        const struct nvmem_cell_info    *cells;
        int                     ncells;
        bool                    read_only;
+        bool                    root_only;
 };
 #if IS_ENABLED(CONFIG_NVMEM)
author	Andrew Lunn <andrew@lunn.ch>	2016-02-26 14:59:18 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2016-03-01 19:55:48 -0500
commit	811b0d6538b9f26f3eb0f90fe4e6118f2480ec6f (patch)
tree	3f4a38c17e58e4011702fd5cbc73c22b22dbd488
parent	1bb850a1b7f68b66361e658e334f9fdf8231f17d (diff)

diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c index de14fae6f7f6..b03690bc8f09 100644 --- a/drivers/nvmem/core.c +++ b/drivers/nvmem/core.c
@@ -161,6 +161,53 @@ static const struct attribute_group *nvmem_ro_dev_groups[] = {
161	NULL,	161	NULL,
162	};	162	};
163		163
		164	/* default read/write permissions, root only */
		165	static struct bin_attribute bin_attr_rw_root_nvmem = {
		166	.attr = {
		167	.name = "nvmem",
		168	.mode = S_IWUSR \| S_IRUSR,
		169	},
		170	.read = bin_attr_nvmem_read,
		171	.write = bin_attr_nvmem_write,
		172	};
		173
		174	static struct bin_attribute *nvmem_bin_rw_root_attributes[] = {
		175	&bin_attr_rw_root_nvmem,
		176	NULL,
		177	};
		178
		179	static const struct attribute_group nvmem_bin_rw_root_group = {
		180	.bin_attrs = nvmem_bin_rw_root_attributes,
		181	};
		182
		183	static const struct attribute_group *nvmem_rw_root_dev_groups[] = {
		184	&nvmem_bin_rw_root_group,
		185	NULL,
		186	};
		187
		188	/* read only permission, root only */
		189	static struct bin_attribute bin_attr_ro_root_nvmem = {
		190	.attr = {
		191	.name = "nvmem",
		192	.mode = S_IRUSR,
		193	},
		194	.read = bin_attr_nvmem_read,
		195	};
		196
		197	static struct bin_attribute *nvmem_bin_ro_root_attributes[] = {
		198	&bin_attr_ro_root_nvmem,
		199	NULL,
		200	};
		201
		202	static const struct attribute_group nvmem_bin_ro_root_group = {
		203	.bin_attrs = nvmem_bin_ro_root_attributes,
		204	};
		205
		206	static const struct attribute_group *nvmem_ro_root_dev_groups[] = {
		207	&nvmem_bin_ro_root_group,
		208	NULL,
		209	};
		210
164	static void nvmem_release(struct device *dev)	211	static void nvmem_release(struct device *dev)
165	{	212	{
166	struct nvmem_device *nvmem = to_nvmem_device(dev);	213	struct nvmem_device *nvmem = to_nvmem_device(dev);
@@ -355,8 +402,14 @@ struct nvmem_device nvmem_register(const struct nvmem_config config)
355	nvmem->read_only = of_property_read_bool(np, "read-only") \|	402	nvmem->read_only = of_property_read_bool(np, "read-only") \|
356	config->read_only;	403	config->read_only;
357		404
358	nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups :	405	if (config->root_only)
359	nvmem_rw_dev_groups;	406	nvmem->dev.groups = nvmem->read_only ?
		407	nvmem_ro_root_dev_groups :
		408	nvmem_rw_root_dev_groups;
		409	else
		410	nvmem->dev.groups = nvmem->read_only ?
		411	nvmem_ro_dev_groups :
		412	nvmem_rw_dev_groups;
360		413
361	device_initialize(&nvmem->dev);	414	device_initialize(&nvmem->dev);
362		415


diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h index 0b68caff1b3c..d24fefa0c11d 100644 --- a/include/linux/nvmem-provider.h +++ b/include/linux/nvmem-provider.h
@@ -23,6 +23,7 @@ struct nvmem_config {
23	const struct nvmem_cell_info *cells;	23	const struct nvmem_cell_info *cells;
24	int ncells;	24	int ncells;
25	bool read_only;	25	bool read_only;
		26	bool root_only;
26	};	27	};
27		28
28	#if IS_ENABLED(CONFIG_NVMEM)	29	#if IS_ENABLED(CONFIG_NVMEM)