diff options
Diffstat (limited to 'target/linux/ipq806x/patches-4.4/019-3-nvmem-Add-flag-to-export-NVMEM-to-root-only.patch')
-rw-r--r-- | target/linux/ipq806x/patches-4.4/019-3-nvmem-Add-flag-to-export-NVMEM-to-root-only.patch | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/target/linux/ipq806x/patches-4.4/019-3-nvmem-Add-flag-to-export-NVMEM-to-root-only.patch b/target/linux/ipq806x/patches-4.4/019-3-nvmem-Add-flag-to-export-NVMEM-to-root-only.patch new file mode 100644 index 0000000000..77136eab72 --- /dev/null +++ b/target/linux/ipq806x/patches-4.4/019-3-nvmem-Add-flag-to-export-NVMEM-to-root-only.patch @@ -0,0 +1,101 @@ +From 811b0d6538b9f26f3eb0f90fe4e6118f2480ec6f Mon Sep 17 00:00:00 2001 +From: Andrew Lunn <andrew@lunn.ch> +Date: Fri, 26 Feb 2016 20:59:18 +0100 +Subject: nvmem: Add flag to export NVMEM to root only + +Legacy AT24, AT25 EEPROMs are exported in sys so that only root can +read the contents. The EEPROMs may contain sensitive information. Add +a flag so the provide can indicate that NVMEM should also restrict +access to root only. + +Signed-off-by: Andrew Lunn <andrew@lunn.ch> +Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/nvmem/core.c | 57 ++++++++++++++++++++++++++++++++++++++++-- + include/linux/nvmem-provider.h | 1 + + 2 files changed, 56 insertions(+), 2 deletions(-) + +--- a/drivers/nvmem/core.c ++++ b/drivers/nvmem/core.c +@@ -161,6 +161,53 @@ static const struct attribute_group *nvm + NULL, + }; + ++/* default read/write permissions, root only */ ++static struct bin_attribute bin_attr_rw_root_nvmem = { ++ .attr = { ++ .name = "nvmem", ++ .mode = S_IWUSR | S_IRUSR, ++ }, ++ .read = bin_attr_nvmem_read, ++ .write = bin_attr_nvmem_write, ++}; ++ ++static struct bin_attribute *nvmem_bin_rw_root_attributes[] = { ++ &bin_attr_rw_root_nvmem, ++ NULL, ++}; ++ ++static const struct attribute_group nvmem_bin_rw_root_group = { ++ .bin_attrs = nvmem_bin_rw_root_attributes, ++}; ++ ++static const struct attribute_group *nvmem_rw_root_dev_groups[] = { ++ &nvmem_bin_rw_root_group, ++ NULL, ++}; ++ ++/* read only permission, root only */ ++static struct bin_attribute bin_attr_ro_root_nvmem = { ++ .attr = { ++ .name = "nvmem", ++ .mode = S_IRUSR, ++ }, ++ .read = bin_attr_nvmem_read, ++}; ++ ++static struct bin_attribute *nvmem_bin_ro_root_attributes[] = { ++ &bin_attr_ro_root_nvmem, ++ NULL, ++}; ++ ++static const struct attribute_group nvmem_bin_ro_root_group = { ++ .bin_attrs = nvmem_bin_ro_root_attributes, ++}; ++ ++static const struct attribute_group *nvmem_ro_root_dev_groups[] = { ++ &nvmem_bin_ro_root_group, ++ NULL, ++}; ++ + static void nvmem_release(struct device *dev) + { + struct nvmem_device *nvmem = to_nvmem_device(dev); +@@ -355,8 +402,14 @@ struct nvmem_device *nvmem_register(cons + nvmem->read_only = of_property_read_bool(np, "read-only") | + config->read_only; + +- nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups : +- nvmem_rw_dev_groups; ++ if (config->root_only) ++ nvmem->dev.groups = nvmem->read_only ? ++ nvmem_ro_root_dev_groups : ++ nvmem_rw_root_dev_groups; ++ else ++ nvmem->dev.groups = nvmem->read_only ? ++ nvmem_ro_dev_groups : ++ nvmem_rw_dev_groups; + + device_initialize(&nvmem->dev); + +--- a/include/linux/nvmem-provider.h ++++ b/include/linux/nvmem-provider.h +@@ -23,6 +23,7 @@ struct nvmem_config { + const struct nvmem_cell_info *cells; + int ncells; + bool read_only; ++ bool root_only; + }; + + #if IS_ENABLED(CONFIG_NVMEM) |