Commit 800161bd authored by Mika Westerberg's avatar Mika Westerberg Committed by Greg Kroah-Hartman
Browse files

thunderbolt: Correct access permissions for active NVM contents



Firmware upgrade tools that decide which NVM image should be uploaded to
the Thunderbolt controller need to access active parts of the NVM even
if they are not run as root. The information in active NVM is not
considered security critical so we can use the default permissions set
by the NVMem framework.

Writing the NVM image is still left as root only operation.

While there mark the active NVM as read-only in the filesystem.
Reported-by: default avatarYehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: default avatarAndreas Noever <andreas.noever@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 6463a457
...@@ -281,9 +281,11 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id, ...@@ -281,9 +281,11 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id,
if (active) { if (active) {
config.name = "nvm_active"; config.name = "nvm_active";
config.reg_read = tb_switch_nvm_read; config.reg_read = tb_switch_nvm_read;
config.read_only = true;
} else { } else {
config.name = "nvm_non_active"; config.name = "nvm_non_active";
config.reg_write = tb_switch_nvm_write; config.reg_write = tb_switch_nvm_write;
config.root_only = true;
} }
config.id = id; config.id = id;
...@@ -292,7 +294,6 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id, ...@@ -292,7 +294,6 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id,
config.size = size; config.size = size;
config.dev = &sw->dev; config.dev = &sw->dev;
config.owner = THIS_MODULE; config.owner = THIS_MODULE;
config.root_only = true;
config.priv = sw; config.priv = sw;
return nvmem_register(&config); return nvmem_register(&config);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment