nvmem: Add flag to export NVMEM to root only
authorAndrew Lunn <andrew@lunn.ch>
Fri, 26 Feb 2016 19:59:18 +0000 (20:59 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 2 Mar 2016 00:55:48 +0000 (16:55 -0800)
Legacy AT24, AT25 EEPROMs are exported in sys so that only root can
read the contents. The EEPROMs may contain sensitive information. Add
a flag so the provide can indicate that NVMEM should also restrict
access to root only.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/nvmem/core.c
include/linux/nvmem-provider.h

index de14fae6f7f6ff973fad8d417a3eef3470fabfda..b03690bc8f0939a8f1afdc94efda1b3fa4309bed 100644 (file)
@@ -161,6 +161,53 @@ static const struct attribute_group *nvmem_ro_dev_groups[] = {
        NULL,
 };
 
+/* default read/write permissions, root only */
+static struct bin_attribute bin_attr_rw_root_nvmem = {
+       .attr   = {
+               .name   = "nvmem",
+               .mode   = S_IWUSR | S_IRUSR,
+       },
+       .read   = bin_attr_nvmem_read,
+       .write  = bin_attr_nvmem_write,
+};
+
+static struct bin_attribute *nvmem_bin_rw_root_attributes[] = {
+       &bin_attr_rw_root_nvmem,
+       NULL,
+};
+
+static const struct attribute_group nvmem_bin_rw_root_group = {
+       .bin_attrs      = nvmem_bin_rw_root_attributes,
+};
+
+static const struct attribute_group *nvmem_rw_root_dev_groups[] = {
+       &nvmem_bin_rw_root_group,
+       NULL,
+};
+
+/* read only permission, root only */
+static struct bin_attribute bin_attr_ro_root_nvmem = {
+       .attr   = {
+               .name   = "nvmem",
+               .mode   = S_IRUSR,
+       },
+       .read   = bin_attr_nvmem_read,
+};
+
+static struct bin_attribute *nvmem_bin_ro_root_attributes[] = {
+       &bin_attr_ro_root_nvmem,
+       NULL,
+};
+
+static const struct attribute_group nvmem_bin_ro_root_group = {
+       .bin_attrs      = nvmem_bin_ro_root_attributes,
+};
+
+static const struct attribute_group *nvmem_ro_root_dev_groups[] = {
+       &nvmem_bin_ro_root_group,
+       NULL,
+};
+
 static void nvmem_release(struct device *dev)
 {
        struct nvmem_device *nvmem = to_nvmem_device(dev);
@@ -355,8 +402,14 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
        nvmem->read_only = of_property_read_bool(np, "read-only") |
                           config->read_only;
 
-       nvmem->dev.groups = nvmem->read_only ? nvmem_ro_dev_groups :
-                                              nvmem_rw_dev_groups;
+       if (config->root_only)
+               nvmem->dev.groups = nvmem->read_only ?
+                       nvmem_ro_root_dev_groups :
+                       nvmem_rw_root_dev_groups;
+       else
+               nvmem->dev.groups = nvmem->read_only ?
+                       nvmem_ro_dev_groups :
+                       nvmem_rw_dev_groups;
 
        device_initialize(&nvmem->dev);
 
index 0b68caff1b3c55c16d194307ab1d0b070bf4c98d..d24fefa0c11d7feaa927c406d2885f3cab5bae6e 100644 (file)
@@ -23,6 +23,7 @@ struct nvmem_config {
        const struct nvmem_cell_info    *cells;
        int                     ncells;
        bool                    read_only;
+       bool                    root_only;
 };
 
 #if IS_ENABLED(CONFIG_NVMEM)