Commit 36560efe authored by Mark Pearson's avatar Mark Pearson Committed by Hans de Goede

platform/x86: think-lmi: certificate support clean ups

Complete some clean-ups as reqested from the last review as follow-ups
 - Remove certificate from structure as no need to store it any more
 - Clean up return code handling
 - Moved freeing of signature to before admin object released (issue
   seen in testing when unloading module)
 - Minor code flow improvements
Signed-off-by: default avatarMark Pearson <markpearson@lenovo.com>
Link: https://lore.kernel.org/r/20220321180624.4761-1-markpearson@lenovo.comReviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
parent 31231092
...@@ -740,16 +740,8 @@ static ssize_t certificate_store(struct kobject *kobj, ...@@ -740,16 +740,8 @@ static ssize_t certificate_store(struct kobject *kobj,
if (!tlmi_priv.certificate_support) if (!tlmi_priv.certificate_support)
return -EOPNOTSUPP; return -EOPNOTSUPP;
new_cert = kstrdup(buf, GFP_KERNEL);
if (!new_cert)
return -ENOMEM;
/* Strip out CR if one is present */
strip_cr(new_cert);
/* If empty then clear installed certificate */ /* If empty then clear installed certificate */
if (new_cert[0] == '\0') { /* Clear installed certificate */ if ((buf[0] == '\0') || (buf[0] == '\n')) { /* Clear installed certificate */
kfree(new_cert);
/* Check that signature is set */ /* Check that signature is set */
if (!setting->signature || !setting->signature[0]) if (!setting->signature || !setting->signature[0])
return -EACCES; return -EACCES;
...@@ -763,14 +755,16 @@ static ssize_t certificate_store(struct kobject *kobj, ...@@ -763,14 +755,16 @@ static ssize_t certificate_store(struct kobject *kobj,
ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str); ret = tlmi_simple_call(LENOVO_CLEAR_BIOS_CERT_GUID, auth_str);
kfree(auth_str); kfree(auth_str);
if (ret)
return ret;
kfree(setting->certificate); return ret ?: count;
setting->certificate = NULL;
return count;
} }
new_cert = kstrdup(buf, GFP_KERNEL);
if (!new_cert)
return -ENOMEM;
/* Strip out CR if one is present */
strip_cr(new_cert);
if (setting->cert_installed) { if (setting->cert_installed) {
/* Certificate is installed so this is an update */ /* Certificate is installed so this is an update */
if (!setting->signature || !setting->signature[0]) { if (!setting->signature || !setting->signature[0]) {
...@@ -792,21 +786,14 @@ static ssize_t certificate_store(struct kobject *kobj, ...@@ -792,21 +786,14 @@ static ssize_t certificate_store(struct kobject *kobj,
auth_str = kasprintf(GFP_KERNEL, "%s,%s", auth_str = kasprintf(GFP_KERNEL, "%s,%s",
new_cert, setting->password); new_cert, setting->password);
} }
if (!auth_str) { kfree(new_cert);
kfree(new_cert); if (!auth_str)
return -ENOMEM; return -ENOMEM;
}
ret = tlmi_simple_call(guid, auth_str); ret = tlmi_simple_call(guid, auth_str);
kfree(auth_str); kfree(auth_str);
if (ret) {
kfree(new_cert);
return ret;
}
kfree(setting->certificate); return ret ?: count;
setting->certificate = new_cert;
return count;
} }
static struct kobj_attribute auth_certificate = __ATTR_WO(certificate); static struct kobj_attribute auth_certificate = __ATTR_WO(certificate);
...@@ -1194,6 +1181,10 @@ static void tlmi_release_attr(void) ...@@ -1194,6 +1181,10 @@ static void tlmi_release_attr(void)
kset_unregister(tlmi_priv.attribute_kset); kset_unregister(tlmi_priv.attribute_kset);
/* Free up any saved signatures */
kfree(tlmi_priv.pwd_admin->signature);
kfree(tlmi_priv.pwd_admin->save_signature);
/* Authentication structures */ /* Authentication structures */
sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group); sysfs_remove_group(&tlmi_priv.pwd_admin->kobj, &auth_attr_group);
kobject_put(&tlmi_priv.pwd_admin->kobj); kobject_put(&tlmi_priv.pwd_admin->kobj);
...@@ -1210,11 +1201,6 @@ static void tlmi_release_attr(void) ...@@ -1210,11 +1201,6 @@ static void tlmi_release_attr(void)
} }
kset_unregister(tlmi_priv.authentication_kset); kset_unregister(tlmi_priv.authentication_kset);
/* Free up any saved certificates/signatures */
kfree(tlmi_priv.pwd_admin->certificate);
kfree(tlmi_priv.pwd_admin->signature);
kfree(tlmi_priv.pwd_admin->save_signature);
} }
static int tlmi_sysfs_init(void) static int tlmi_sysfs_init(void)
......
...@@ -63,7 +63,6 @@ struct tlmi_pwd_setting { ...@@ -63,7 +63,6 @@ struct tlmi_pwd_setting {
int index; /*Used for HDD and NVME auth */ int index; /*Used for HDD and NVME auth */
enum level_option level; enum level_option level;
bool cert_installed; bool cert_installed;
char *certificate;
char *signature; char *signature;
char *save_signature; char *save_signature;
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment