Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2175286/?format=api
{ "id": 2175286, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2175286/?format=api", "project": { "id": 2, "url": "http://patchwork.ozlabs.org/api/1.0/projects/2/?format=api", "name": "Linux PPC development", "link_name": "linuxppc-dev", "list_id": "linuxppc-dev.lists.ozlabs.org", "list_email": "linuxppc-dev@lists.ozlabs.org", "web_url": "https://github.com/linuxppc/wiki/wiki", "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git", "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/" }, "msgid": "<20251217172505.112398-2-ssrish@linux.ibm.com>", "date": "2025-12-17T17:25:00", "name": "[v2,1/6] pseries/plpks: fix kernel-doc comment inconsistencies", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "07a8e8ac2b7b1fefa192725b6ee7c4ad0d5cb4a9", "submitter": { "id": 90762, "url": "http://patchwork.ozlabs.org/api/1.0/people/90762/?format=api", "name": "Srish Srinivasan", "email": "ssrish@linux.ibm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20251217172505.112398-2-ssrish@linux.ibm.com/mbox/", "series": [ { "id": 485734, "url": "http://patchwork.ozlabs.org/api/1.0/series/485734/?format=api", "date": "2025-12-17T17:24:59", "name": "Extend \"trusted\" keys to support a new trust source named the PowerVM Key Wrapping Module (PKWM)", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/485734/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2175286/checks/", "tags": {}, "headers": { "Return-Path": "\n <linuxppc-dev+bounces-14845-incoming=patchwork.ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=TRlRriX0;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=112.213.38.117; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-14845-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)", "lists.ozlabs.org;\n arc=none smtp.remote-ip=148.163.156.1", "lists.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=linux.ibm.com", "lists.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=TRlRriX0;\n\tdkim-atps=neutral", "lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com\n (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com;\n envelope-from=ssrish@linux.ibm.com; receiver=lists.ozlabs.org)" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1 raw public key)\n server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dWgg449Vxz1y0P\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 18 Dec 2025 04:25:36 +1100 (AEDT)", "from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4dWgg20kTyz30V1;\n\tThu, 18 Dec 2025 04:25:34 +1100 (AEDT)", "from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com\n [148.163.156.1])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4dWgg10smRz304l\n\tfor <linuxppc-dev@lists.ozlabs.org>; Thu, 18 Dec 2025 04:25:32 +1100 (AEDT)", "from pps.filterd (m0353729.ppops.net [127.0.0.1])\n\tby mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id\n 5BHAboHh022697;\n\tWed, 17 Dec 2025 17:25:19 GMT", "from pps.reinject (localhost [127.0.0.1])\n\tby mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4b0ytvea88-1\n\t(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n\tWed, 17 Dec 2025 17:25:19 +0000 (GMT)", "from m0353729.ppops.net (m0353729.ppops.net [127.0.0.1])\n\tby pps.reinject (8.18.1.12/8.18.0.8) with ESMTP id 5BHHIndq003108;\n\tWed, 17 Dec 2025 17:25:19 GMT", "from ppma22.wdc07v.mail.ibm.com\n (5c.69.3da9.ip4.static.sl-reverse.com [169.61.105.92])\n\tby mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 4b0ytvea81-1\n\t(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n\tWed, 17 Dec 2025 17:25:18 +0000 (GMT)", "from pps.filterd (ppma22.wdc07v.mail.ibm.com [127.0.0.1])\n\tby ppma22.wdc07v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id\n 5BHG4Y5R012835;\n\tWed, 17 Dec 2025 17:25:17 GMT", "from smtprelay06.fra02v.mail.ibm.com ([9.218.2.230])\n\tby ppma22.wdc07v.mail.ibm.com (PPS) with ESMTPS id 4b1juybrup-1\n\t(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);\n\tWed, 17 Dec 2025 17:25:17 +0000", "from smtpav01.fra02v.mail.ibm.com (smtpav01.fra02v.mail.ibm.com\n [10.20.54.100])\n\tby smtprelay06.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id\n 5BHHPDZW18809090\n\t(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);\n\tWed, 17 Dec 2025 17:25:13 GMT", "from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with ESMTP id 322FF20043;\n\tWed, 17 Dec 2025 17:25:13 +0000 (GMT)", "from smtpav01.fra02v.mail.ibm.com (unknown [127.0.0.1])\n\tby IMSVA (Postfix) with ESMTP id C668620040;\n\tWed, 17 Dec 2025 17:25:09 +0000 (GMT)", "from li-fc74f8cc-3279-11b2-a85c-ef5828687581.ibm.com.com (unknown\n [9.124.211.226])\n\tby smtpav01.fra02v.mail.ibm.com (Postfix) with ESMTP;\n\tWed, 17 Dec 2025 17:25:09 +0000 (GMT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1765992334;\n\tcv=none;\n b=WreiZWGS1zRTzjJpAbDjh+X+IsK0XrFbr8vbJLSw2dnIJRBqTr6UBEXuXTybHJlQyG86U1GC0Pfts7oJtgYuGi3RCBS5iKx0G98XV6UizUtNmgKjtKvQiSeCsYzJ/r24ipuEvKKa445wwkHtnWmda/I+VrmzX65eXYM6tjESc7YZh2h2xnMhmYlpWGdL9+QVjVg1SauE/88XAMlrKBGHW7tNBSe+fiXal4Jf0m9fbkj4LwR0YwFCj992IpwGxrkM3ee0Xv7FUfcht77NGI8KPqlltvx3vtVDQ16cPljm9kbVdgnImsM84rzk00Bhy5R4OXW8Zu23rW+UjbRneugV6g==", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1765992334; c=relaxed/relaxed;\n\tbh=zRuVMP8fy62QWWdddDjnySGr6oOB4PJyRbIstZEBTFU=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=D5eqmArr98ywXmOeGl1i8zXoIidkroWD947SPCz+/be/y8GQXBwuZ/nGFrq5u0vgJmPKM9raOV+1vt++6H1Na6HMqCMZnxxT0T8VsyGXf9vmyw3dhLMDXpoTw2ZapSeIg6kd38sN+OEv+gCtDjTSmK/0qwdzb2/gYPf103aHh5FfUGqr0CcImDxsms8e+k7ENOabi9pkhergHshvpTH+jD8KZDKLKyP7qgjQfddz0pHFXJrAkR22xsDBo3XMF0C9c9o9dm3I8HoUoGdJ7bhL0q80b5FHfxD/UkOsjmSJ1nrMH4lPhMNjnAeoNPPcB9UTjLSqPDo40c9L2hykVXGB9Q==", "ARC-Authentication-Results": "i=1; lists.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=linux.ibm.com;\n dkim=pass (2048-bit key;\n unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256\n header.s=pp1 header.b=TRlRriX0; dkim-atps=neutral;\n spf=pass (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com;\n envelope-from=ssrish@linux.ibm.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=linux.ibm.com", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc\n\t:content-transfer-encoding:date:from:in-reply-to:message-id\n\t:mime-version:references:subject:to; s=pp1; bh=zRuVMP8fy62QWWddd\n\tDjnySGr6oOB4PJyRbIstZEBTFU=; b=TRlRriX0lbT7tx9/wSWZkkk4RqAyHkl+A\n\tx+DJPWrGDj5w9j9aFaJDQlz+2kzHxiH9LiE/SVpKoBC7DCuS4eG++98E6YtWojOL\n\tW5g1/0ko+GNQ02KcbvE+QOysf7gTe39TSQ95ROiuGM03o55tMji27YOSQBZxECFh\n\tm4y7QzNSf0rWlE6O0JsWdr6l8rpYhHn+BT4NdRHaY6PDS0AqZbEngWd9bMvo66uo\n\t4Wmn7M0Mx613EJdAuMXK/R6UjnDkOhfuT4YK3Fh7HDWWVaGJxCZAPg/FwWv0Clhp\n\tAlPFDWz8DeGyBiODslYKzgUFj2BdDLaQMg3F+LU3pvpCuqFcmjkFQ==", "From": "Srish Srinivasan <ssrish@linux.ibm.com>", "To": "linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,\n linuxppc-dev@lists.ozlabs.org", "Cc": "maddy@linux.ibm.com, mpe@ellerman.id.au, npiggin@gmail.com,\n christophe.leroy@csgroup.eu, James.Bottomley@HansenPartnership.com,\n jarkko@kernel.org, zohar@linux.ibm.com, nayna@linux.ibm.com,\n rnsastry@linux.ibm.com, linux-kernel@vger.kernel.org,\n linux-security-module@vger.kernel.org, ssrish@linux.ibm.com", "Subject": "[PATCH v2 1/6] pseries/plpks: fix kernel-doc comment inconsistencies", "Date": "Wed, 17 Dec 2025 22:55:00 +0530", "Message-ID": "<20251217172505.112398-2-ssrish@linux.ibm.com>", "X-Mailer": "git-send-email 2.52.0", "In-Reply-To": "<20251217172505.112398-1-ssrish@linux.ibm.com>", "References": "<20251217172505.112398-1-ssrish@linux.ibm.com>", "X-Mailing-List": "linuxppc-dev@lists.ozlabs.org", "List-Id": "<linuxppc-dev.lists.ozlabs.org>", "List-Help": "<mailto:linuxppc-dev+help@lists.ozlabs.org>", "List-Owner": "<mailto:linuxppc-dev+owner@lists.ozlabs.org>", "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>", "List-Archive": "<https://lore.kernel.org/linuxppc-dev/>,\n <https://lists.ozlabs.org/pipermail/linuxppc-dev/>", "List-Subscribe": "<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>", "List-Unsubscribe": "<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>", "Precedence": "list", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-TM-AS-GCONF": "00", "X-Proofpoint-Spam-Details-Enc": "AW1haW4tMjUxMjEzMDAyMyBTYWx0ZWRfX0ZUTsAsQ1Evb\n dPQN4QQpcdFtyeB7k/C5dM8TbO7UjIPw5FR1uKyQR1fo4Rgp5w/l2ylzyJ/AYXFowhudJYjM9F/\n 6xRNszYmBSTBH2biG9OdEKzpAy3gf0mmxQtMUxv6FcGchqLPcfX8I3Pel6nFP9wU4Q/KEYikD+t\n UaCVEQmCZwKCi9BiYBLUrxYqZMOu5RyJxLxTBSEk3nIL0MLUsPfJbuIRT6Ezkk29T09dBBaVLOO\n O+9zhLty+KG7Nlu8j4LLiSlbrjO3F+Pf4ACla4o5iTdyHGQKjRxUOKUSYwwLin7eMR0KI1qOKv7\n iAeShr8W9UVufr04I+ec89BU8G9OdmiI0/aib4QqzypJJTwqaQ4a47vPFgZZL2Vwiq7ze5zqpY8\n 97Vum7EVBFfp3encxYnZF6APDA3mkQ==", "X-Proofpoint-ORIG-GUID": "g_m3xiV8Q5zCTRMQTztysynByXHDkWWv", "X-Authority-Analysis": "v=2.4 cv=QtRTHFyd c=1 sm=1 tr=0 ts=6942e77f cx=c_pps\n a=5BHTudwdYE3Te8bg5FgnPg==:117 a=5BHTudwdYE3Te8bg5FgnPg==:17\n a=wP3pNCr1ah4A:10 a=VkNPw1HP01LnGYTKEx00:22 a=VnNF1IyMAAAA:8\n a=_jD9v-G-JNOk7KggL9IA:9 a=tQW_-zY1P7yUjf7c:21", "X-Proofpoint-GUID": "JFkRIscgwCTiemAxp6RSqKbCNbCU3Gq5", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49\n definitions=2025-12-17_03,2025-12-16_05,2025-10-01_01", "X-Proofpoint-Spam-Details": "rule=outbound_notspam policy=outbound score=0\n phishscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 spamscore=0\n priorityscore=1501 bulkscore=0 suspectscore=0 impostorscore=0 clxscore=1015\n classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0\n reason=mlx scancount=1 engine=8.19.0-2510240000 definitions=main-2512130023", "X-Spam-Status": "No, score=-0.7 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,\n\tRCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,\n\tSPF_PASS autolearn=disabled version=4.0.1 OzLabs 8", "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org" }, "content": "Fix issues with comments for all the applicable functions to be\nconsistent with kernel-doc format. Move them before the function\ndefinition as opposed to the function prototype.\n\nSigned-off-by: Srish Srinivasan <ssrish@linux.ibm.com>\n---\n arch/powerpc/include/asm/plpks.h | 77 ------\n arch/powerpc/platforms/pseries/plpks.c | 328 ++++++++++++++++++++++++-\n 2 files changed, 318 insertions(+), 87 deletions(-)", "diff": "diff --git a/arch/powerpc/include/asm/plpks.h b/arch/powerpc/include/asm/plpks.h\nindex 7a84069759b0..f303922bf622 100644\n--- a/arch/powerpc/include/asm/plpks.h\n+++ b/arch/powerpc/include/asm/plpks.h\n@@ -67,122 +67,45 @@ struct plpks_var_name_list {\n \tstruct plpks_var_name varlist[];\n };\n \n-/**\n- * Updates the authenticated variable. It expects NULL as the component.\n- */\n int plpks_signed_update_var(struct plpks_var *var, u64 flags);\n \n-/**\n- * Writes the specified var and its data to PKS.\n- * Any caller of PKS driver should present a valid component type for\n- * their variable.\n- */\n int plpks_write_var(struct plpks_var var);\n \n-/**\n- * Removes the specified var and its data from PKS.\n- */\n int plpks_remove_var(char *component, u8 varos,\n \t\t struct plpks_var_name vname);\n \n-/**\n- * Returns the data for the specified os variable.\n- *\n- * Caller must allocate a buffer in var->data with length in var->datalen.\n- * If no buffer is provided, var->datalen will be populated with the object's\n- * size.\n- */\n int plpks_read_os_var(struct plpks_var *var);\n \n-/**\n- * Returns the data for the specified firmware variable.\n- *\n- * Caller must allocate a buffer in var->data with length in var->datalen.\n- * If no buffer is provided, var->datalen will be populated with the object's\n- * size.\n- */\n int plpks_read_fw_var(struct plpks_var *var);\n \n-/**\n- * Returns the data for the specified bootloader variable.\n- *\n- * Caller must allocate a buffer in var->data with length in var->datalen.\n- * If no buffer is provided, var->datalen will be populated with the object's\n- * size.\n- */\n int plpks_read_bootloader_var(struct plpks_var *var);\n \n-/**\n- * Returns if PKS is available on this LPAR.\n- */\n bool plpks_is_available(void);\n \n-/**\n- * Returns version of the Platform KeyStore.\n- */\n u8 plpks_get_version(void);\n \n-/**\n- * Returns hypervisor storage overhead per object, not including the size of\n- * the object or label. Only valid for config version >= 2\n- */\n u16 plpks_get_objoverhead(void);\n \n-/**\n- * Returns maximum password size. Must be >= 32 bytes\n- */\n u16 plpks_get_maxpwsize(void);\n \n-/**\n- * Returns maximum object size supported by Platform KeyStore.\n- */\n u16 plpks_get_maxobjectsize(void);\n \n-/**\n- * Returns maximum object label size supported by Platform KeyStore.\n- */\n u16 plpks_get_maxobjectlabelsize(void);\n \n-/**\n- * Returns total size of the configured Platform KeyStore.\n- */\n u32 plpks_get_totalsize(void);\n \n-/**\n- * Returns used space from the total size of the Platform KeyStore.\n- */\n u32 plpks_get_usedspace(void);\n \n-/**\n- * Returns bitmask of policies supported by the hypervisor.\n- */\n u32 plpks_get_supportedpolicies(void);\n \n-/**\n- * Returns maximum byte size of a single object supported by the hypervisor.\n- * Only valid for config version >= 3\n- */\n u32 plpks_get_maxlargeobjectsize(void);\n \n-/**\n- * Returns bitmask of signature algorithms supported for signed updates.\n- * Only valid for config version >= 3\n- */\n u64 plpks_get_signedupdatealgorithms(void);\n \n-/**\n- * Returns the length of the PLPKS password in bytes.\n- */\n u16 plpks_get_passwordlen(void);\n \n-/**\n- * Called in early init to retrieve and clear the PLPKS password from the DT.\n- */\n void plpks_early_init_devtree(void);\n \n-/**\n- * Populates the FDT with the PLPKS password to prepare for kexec.\n- */\n int plpks_populate_fdt(void *fdt);\n #else // CONFIG_PSERIES_PLPKS\n static inline bool plpks_is_available(void) { return false; }\ndiff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c\nindex b1667ed05f98..03722fabf9c3 100644\n--- a/arch/powerpc/platforms/pseries/plpks.c\n+++ b/arch/powerpc/platforms/pseries/plpks.c\n@@ -312,40 +312,107 @@ static int _plpks_get_config(void)\n \treturn rc;\n }\n \n+/**\n+ * plpks_get_version() - Get the version of the PLPKS config structure.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the PLPKS config structure version and saves it in a file local static\n+ * version variable.\n+ *\n+ * Returns: On success the saved PLPKS config structure version is returned, 0\n+ * if not.\n+ */\n u8 plpks_get_version(void)\n {\n \treturn version;\n }\n \n+/**\n+ * plpks_get_objoverhead() - Get the hypervisor storage overhead per object.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the per object hypervisor storage overhead in bytes into the local\n+ * static objoverhead variable, excluding the size of the object or the label.\n+ * This value can be treated as valid only when the PLPKS config structure\n+ * version >= 2.\n+ *\n+ * Returns: If PLPKS config structure version >= 2 then the storage overhead is\n+ * returned, 0 otherwise.\n+ */\n u16 plpks_get_objoverhead(void)\n {\n \treturn objoverhead;\n }\n \n+/**\n+ * plpks_get_maxpwsize() - Get the maximum password size.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the maximum password size and checks if it is 32 bytes at the least\n+ * before storing it in the local static maxpwsize variable.\n+ *\n+ * Returns: On success the maximum password size is returned, 0 if not.\n+ */\n u16 plpks_get_maxpwsize(void)\n {\n \treturn maxpwsize;\n }\n \n+/**\n+ * plpks_get_maxobjectsize() - Get the maximum object size supported by the\n+ * PLPKS.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the maximum object size into the file local static maxobjsize variable.\n+ *\n+ * Returns: On success the maximum object size is returned, 0 if not.\n+ */\n u16 plpks_get_maxobjectsize(void)\n {\n \treturn maxobjsize;\n }\n \n+/**\n+ * plpks_get_maxobjectlabelsize() - Get the maximum object label size supported\n+ * by the PLPKS.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the maximum object label size into the local static maxobjlabelsize\n+ * variable.\n+ *\n+ * Returns: On success the maximum object label size is returned, 0 if not.\n+ */\n u16 plpks_get_maxobjectlabelsize(void)\n {\n \treturn maxobjlabelsize;\n }\n \n+/**\n+ * plpks_get_totalsize() - Get the total size of the PLPKS that is configured.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the total size of the PLPKS that is configured for the LPAR into the\n+ * file local static totalsize variable.\n+ *\n+ * Returns: On success the total size of the PLPKS configured is returned, 0 if\n+ * not.\n+ */\n u32 plpks_get_totalsize(void)\n {\n \treturn totalsize;\n }\n \n+/**\n+ * plpks_get_usedspace() - Get the used space from the total size of the PLPKS.\n+ *\n+ * Invoke the H_PKS_GET_CONFIG HCALL to refresh the latest value for the used\n+ * space as this keeps changing with the creation and removal of objects in the\n+ * PLPKS.\n+ *\n+ * Returns: On success the used space is returned, 0 if not.\n+ */\n u32 plpks_get_usedspace(void)\n {\n-\t// Unlike other config values, usedspace regularly changes as objects\n-\t// are updated, so we need to refresh.\n \tint rc = _plpks_get_config();\n \tif (rc) {\n \t\tpr_err(\"Couldn't get config, rc: %d\\n\", rc);\n@@ -354,26 +421,84 @@ u32 plpks_get_usedspace(void)\n \treturn usedspace;\n }\n \n+/**\n+ * plpks_get_supportedpolicies() - Get a bitmask of the policies supported by\n+ * the hypervisor.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads a bitmask of the policies supported by the hypervisor into the file\n+ * local static supportedpolicies variable.\n+ *\n+ * Returns: On success the bitmask of the policies supported by the hypervisor\n+ * are returned, 0 if not.\n+ */\n u32 plpks_get_supportedpolicies(void)\n {\n \treturn supportedpolicies;\n }\n \n+/**\n+ * plpks_get_maxlargeobjectsize() - Get the maximum object size supported for\n+ * PLPKS config structure version >= 3\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads the maximum object size into the local static maxlargeobjectsize\n+ * variable for PLPKS config structure version >= 3. This was introduced\n+ * starting with PLPKS config structure version 3 to allow for objects of\n+ * size >= 64K.\n+ *\n+ * Returns: If PLPKS config structure version >= 3 then the new maximum object\n+ * size is returned, 0 if not.\n+ */\n u32 plpks_get_maxlargeobjectsize(void)\n {\n \treturn maxlargeobjectsize;\n }\n \n+/**\n+ * plpks_get_signedupdatealgorithms() - Get a bitmask of the signature\n+ * algorithms supported for signed updates.\n+ *\n+ * Successful execution of the H_PKS_GET_CONFIG HCALL during initialization\n+ * reads a bitmask of the signature algorithms supported for signed updates into\n+ * the file local static signedupdatealgorithms variable. This is valid only\n+ * when the PLPKS config structure version >= 3.\n+ *\n+ * Returns: On success the bitmask of the signature algorithms supported for\n+ * signed updates is returned, 0 if not.\n+ */\n u64 plpks_get_signedupdatealgorithms(void)\n {\n \treturn signedupdatealgorithms;\n }\n \n+/**\n+ * plpks_get_passwordlen() - Get the length of the PLPKS password in bytes.\n+ *\n+ * The H_PKS_GEN_PASSWORD HCALL makes the hypervisor generate a random password\n+ * for the specified consumer, apply that password to the PLPKS and return it to\n+ * the caller. In this process, the password length for the OS consumer is\n+ * stored in the local static ospasswordlength variable.\n+ *\n+ * Returns: On success the password length for the OS consumer in bytes is\n+ * returned, 0 if not.\n+ */\n u16 plpks_get_passwordlen(void)\n {\n \treturn ospasswordlength;\n }\n \n+/**\n+ * plpks_is_available() - Get the PLPKS availability status for the LPAR.\n+ *\n+ * The availability of PLPKS is inferred based upon the successful execution of\n+ * the H_PKS_GET_CONFIG HCALL provided the firmware supports this feature. The\n+ * H_PKS_GET_CONFIG HCALL reads the configuration and status information related\n+ * to the PLPKS. The configuration structure provides a version number to inform\n+ * the caller of the supported features.\n+ *\n+ * Returns: true is returned if PLPKS is available, false if not.\n+ */\n bool plpks_is_available(void)\n {\n \tint rc;\n@@ -425,6 +550,35 @@ static int plpks_confirm_object_flushed(struct label *label,\n \treturn pseries_status_to_err(rc);\n }\n \n+/**\n+ * plpks_signed_update_var() - Update the specified authenticated variable.\n+ * @var: authenticated variable to be updated\n+ * @flags: signed update request operation flags\n+ *\n+ * The H_PKS_SIGNED_UPDATE HCALL performs a signed update to an object in the\n+ * PLPKS. The object must have the signed update policy flag set.\n+ *\n+ * Possible reasons for the returned errno values:\n+ *\n+ * -ENXIO\tif PLPKS is not supported\n+ * -EIO\t\tif PLPKS access is blocked due to the LPAR's state\n+ *\t\tif PLPKS modification is blocked due to the LPAR's state\n+ *\t\tif an error occurred while processing the request\n+ * -EINVAL\tif invalid authorization parameter\n+ *\t\tif invalid object label parameter\n+ *\t\tif invalid object label len parameter\n+ *\t\tif invalid or unsupported policy declaration\n+ *\t\tif invalid signed update flags\n+ *\t\tif invalid input data parameter\n+ *\t\tif invalid input data len parameter\n+ *\t\tif invalid continue token parameter\n+ * -EPERM\tif access is denied\n+ * -ENOMEM\tif there is inadequate memory to perform the operation\n+ * -EBUSY\tif unable to handle the request or long running operation\n+ *\t\tinitiated, retry later\n+ *\n+ * Returns: On success 0 is returned, a negative errno if not.\n+ */\n int plpks_signed_update_var(struct plpks_var *var, u64 flags)\n {\n \tunsigned long retbuf[PLPAR_HCALL9_BUFSIZE] = {0};\n@@ -481,6 +635,33 @@ int plpks_signed_update_var(struct plpks_var *var, u64 flags)\n \treturn rc;\n }\n \n+/**\n+ * plpks_write_var() - Write the specified variable and its data to PLPKS.\n+ * @var: variable to be written into the PLPKS\n+ *\n+ * The H_PKS_WRITE_OBJECT HCALL writes an object into the PLPKS. The caller must\n+ * provide a valid component type for the variable, and the signed update policy\n+ * flag must not be set.\n+ *\n+ * Possible reasons for the returned errno values:\n+ *\n+ * -ENXIO\tif PLPKS is not supported\n+ * -EIO\t\tif PLPKS access is blocked due to the LPAR's state\n+ *\t\tif PLPKS modification is blocked due to the LPAR's state\n+ *\t\tif an error occurred while processing the request\n+ * -EINVAL\tif invalid authorization parameter\n+ *\t\tif invalid object label parameter\n+ *\t\tif invalid object label len parameter\n+ *\t\tif invalid or unsupported policy declaration\n+ *\t\tif invalid input data parameter\n+ *\t\tif invalid input data len parameter\n+ * -EPERM\tif access is denied\n+ * -ENOMEM\tif unable to store the requested object in the space available\n+ * -EBUSY\tif unable to handle the request\n+ * -EEXIST\tif the object label already exists\n+ *\n+ * Returns: On success 0 is returned, a negative errno if not.\n+ */\n int plpks_write_var(struct plpks_var var)\n {\n \tunsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };\n@@ -520,6 +701,30 @@ int plpks_write_var(struct plpks_var var)\n \treturn rc;\n }\n \n+/**\n+ * plpks_remove_var() - Remove the specified variable and its data from PLPKS.\n+ * @component: metadata prefix in the object label metadata structure\n+ * @varos: metadata OS flags in the object label metadata structure\n+ * @vname: object label for the object that needs to be removed\n+ *\n+ * The H_PKS_REMOVE_OBJECT HCALL removes an object from the PLPKS. The removal\n+ * is independent of the policy bits that are set.\n+ *\n+ * Possible reasons for the returned errno values:\n+ *\n+ * -ENXIO\tif PLPKS is not supported\n+ * -EIO\t\tif PLPKS access is blocked due to the LPAR's state\n+ *\t\tif PLPKS modification is blocked due to the LPAR's state\n+ *\t\tif an error occurred while processing the request\n+ * -EINVAL\tif invalid authorization parameter\n+ *\t\tif invalid object label parameter\n+ *\t\tif invalid object label len parameter\n+ * -EPERM\tif access is denied\n+ * -ENOENT\tif the requested object was not found\n+ * -EBUSY\tif unable to handle the request\n+ *\n+ * Returns: On success 0 is returned, a negative errno if not.\n+ */\n int plpks_remove_var(char *component, u8 varos, struct plpks_var_name vname)\n {\n \tunsigned long retbuf[PLPAR_HCALL_BUFSIZE] = { 0 };\n@@ -619,21 +824,119 @@ static int plpks_read_var(u8 consumer, struct plpks_var *var)\n \treturn rc;\n }\n \n+/**\n+ * plpks_read_os_var() - Fetch the data for the specified variable that is\n+ * owned by the OS consumer.\n+ * @var: variable to be read from the PLPKS\n+ *\n+ * The consumer or the owner of the object is the os kernel. The\n+ * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must\n+ * allocate the buffer var->data and specify the length for this buffer in\n+ * var->datalen. If no buffer is provided, var->datalen will be populated with\n+ * the requested object's size.\n+ *\n+ * Possible reasons for the returned errno values:\n+ *\n+ * -ENXIO\tif PLPKS is not supported\n+ * -EIO\t\tif PLPKS access is blocked due to the LPAR's state\n+ *\t\tif an error occurred while processing the request\n+ * -EINVAL\tif invalid authorization parameter\n+ *\t\tif invalid object label parameter\n+ *\t\tif invalid object label len parameter\n+ *\t\tif invalid output data parameter\n+ *\t\tif invalid output data len parameter\n+ * -EPERM\tif access is denied\n+ * -ENOENT\tif the requested object was not found\n+ * -EFBIG\tif the requested object couldn't be\n+ *\t\tstored in the buffer provided\n+ * -EBUSY\tif unable to handle the request\n+ *\n+ * Returns: On success 0 is returned, a negative errno if not.\n+ */\n int plpks_read_os_var(struct plpks_var *var)\n {\n \treturn plpks_read_var(PLPKS_OS_OWNER, var);\n }\n \n+/**\n+ * plpks_read_fw_var() - Fetch the data for the specified variable that is\n+ * owned by the firmware consumer.\n+ * @var: variable to be read from the PLPKS\n+ *\n+ * The consumer or the owner of the object is the firmware. The\n+ * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must\n+ * allocate the buffer var->data and specify the length for this buffer in\n+ * var->datalen. If no buffer is provided, var->datalen will be populated with\n+ * the requested object's size.\n+ *\n+ * Possible reasons for the returned errno values:\n+ *\n+ * -ENXIO\tif PLPKS is not supported\n+ * -EIO\t\tif PLPKS access is blocked due to the LPAR's state\n+ *\t\tif an error occurred while processing the request\n+ * -EINVAL\tif invalid authorization parameter\n+ *\t\tif invalid object label parameter\n+ *\t\tif invalid object label len parameter\n+ *\t\tif invalid output data parameter\n+ *\t\tif invalid output data len parameter\n+ * -EPERM\tif access is denied\n+ * -ENOENT\tif the requested object was not found\n+ * -EFBIG\tif the requested object couldn't be\n+ *\t\tstored in the buffer provided\n+ * -EBUSY\tif unable to handle the request\n+ *\n+ * Returns: On success 0 is returned, a negative errno if not.\n+ */\n int plpks_read_fw_var(struct plpks_var *var)\n {\n \treturn plpks_read_var(PLPKS_FW_OWNER, var);\n }\n \n+/**\n+ * plpks_read_bootloader_var() - Fetch the data for the specified variable\n+ * owned by the bootloader consumer.\n+ * @var: variable to be read from the PLPKS\n+ *\n+ * The consumer or the owner of the object is the bootloader. The\n+ * H_PKS_READ_OBJECT HCALL reads an object from the PLPKS. The caller must\n+ * allocate the buffer var->data and specify the length for this buffer in\n+ * var->datalen. If no buffer is provided, var->datalen will be populated with\n+ * the requested object's size.\n+ *\n+ * Possible reasons for the returned errno values:\n+ *\n+ * -ENXIO\tif PLPKS is not supported\n+ * -EIO\t\tif PLPKS access is blocked due to the LPAR's state\n+ *\t\tif an error occurred while processing the request\n+ * -EINVAL\tif invalid authorization parameter\n+ *\t\tif invalid object label parameter\n+ *\t\tif invalid object label len parameter\n+ *\t\tif invalid output data parameter\n+ *\t\tif invalid output data len parameter\n+ * -EPERM\tif access is denied\n+ * -ENOENT\tif the requested object was not found\n+ * -EFBIG\tif the requested object couldn't be\n+ *\t\tstored in the buffer provided\n+ * -EBUSY\tif unable to handle the request\n+ *\n+ * Returns: On success 0 is returned, a negative errno if not.\n+ */\n int plpks_read_bootloader_var(struct plpks_var *var)\n {\n \treturn plpks_read_var(PLPKS_BOOTLOADER_OWNER, var);\n }\n \n+/**\n+ * plpks_populate_fdt(): Populates the FDT with the PLPKS password to prepare\n+ * for kexec.\n+ * @fdt: pointer to the device tree blob\n+ *\n+ * Upon confirming the existence of the chosen node, invoke fdt_setprop to\n+ * populate the device tree with the PLPKS password in order to prepare for\n+ * kexec.\n+ *\n+ * Returns: On success 0 is returned, a negative value if not.\n+ */\n int plpks_populate_fdt(void *fdt)\n {\n \tint chosen_offset = fdt_path_offset(fdt, \"/chosen\");\n@@ -647,14 +950,19 @@ int plpks_populate_fdt(void *fdt)\n \treturn fdt_setprop(fdt, chosen_offset, \"ibm,plpks-pw\", ospassword, ospasswordlength);\n }\n \n-// Once a password is registered with the hypervisor it cannot be cleared without\n-// rebooting the LPAR, so to keep using the PLPKS across kexec boots we need to\n-// recover the previous password from the FDT.\n-//\n-// There are a few challenges here. We don't want the password to be visible to\n-// users, so we need to clear it from the FDT. This has to be done in early boot.\n-// Clearing it from the FDT would make the FDT's checksum invalid, so we have to\n-// manually cause the checksum to be recalculated.\n+/**\n+ * plpks_early_init_devtree() - Retrieves and clears the PLPKS password from the\n+ * DT in early init.\n+ *\n+ * Once a password is registered with the hypervisor it cannot be cleared\n+ * without rebooting the LPAR, so to keep using the PLPKS across kexec boots we\n+ * need to recover the previous password from the FDT.\n+ *\n+ * There are a few challenges here. We don't want the password to be visible to\n+ * users, so we need to clear it from the FDT. This has to be done in early\n+ * boot. Clearing it from the FDT would make the FDT's checksum invalid, so we\n+ * have to manually cause the checksum to be recalculated.\n+ */\n void __init plpks_early_init_devtree(void)\n {\n \tvoid *fdt = initial_boot_params;\n", "prefixes": [ "v2", "1/6" ] }