summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMika Westerberg <mika.westerberg@linux.intel.com>2017-06-29 14:19:50 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2017-07-17 16:55:08 +0300
commit800161bd0209a8db77f66af283c379ff8d58d88d (patch)
treebf8ed2c9a581723f5879443fd0b35331649a24fe
parent6463a4571ceefc43908df4b016d8d5d8b8e85357 (diff)
downloadlinux-800161bd0209a8db77f66af283c379ff8d58d88d.tar.xz
thunderbolt: Correct access permissions for active NVM contents
Firmware upgrade tools that decide which NVM image should be uploaded to the Thunderbolt controller need to access active parts of the NVM even if they are not run as root. The information in active NVM is not considered security critical so we can use the default permissions set by the NVMem framework. Writing the NVM image is still left as root only operation. While there mark the active NVM as read-only in the filesystem. Reported-by: Yehezkel Bernat <yehezkel.bernat@intel.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: Andreas Noever <andreas.noever@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/thunderbolt/switch.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c
index ab3e8f410444..40219a706309 100644
--- a/drivers/thunderbolt/switch.c
+++ b/drivers/thunderbolt/switch.c
@@ -281,9 +281,11 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id,
if (active) {
config.name = "nvm_active";
config.reg_read = tb_switch_nvm_read;
+ config.read_only = true;
} else {
config.name = "nvm_non_active";
config.reg_write = tb_switch_nvm_write;
+ config.root_only = true;
}
config.id = id;
@@ -292,7 +294,6 @@ static struct nvmem_device *register_nvmem(struct tb_switch *sw, int id,
config.size = size;
config.dev = &sw->dev;
config.owner = THIS_MODULE;
- config.root_only = true;
config.priv = sw;
return nvmem_register(&config);