* [PATCH v3] console_common: get_first_active: respect security policy
@ 2025-10-29 8:35 Fabian Pflug
0 siblings, 0 replies; only message in thread
From: Fabian Pflug @ 2025-10-29 8:35 UTC (permalink / raw)
To: barebox; +Cc: Fabian Pflug
If the console input is deactivated through a security policy, then
there is no need to iterate over the current consoles, as none should
have a STDIN.
Since this stretches the definition of active, the function is renamed
to console_get_first_interactive to make it clearer, what it does.
Signed-off-by: Fabian Pflug <f.pflug@pengutronix.de>
---
v2:
Fix in console common instead of working around it in startup.c
v3:
Renamed to console_get_first_interactive
arch/arm/mach-omap/xload.c | 2 +-
arch/powerpc/mach-mpc85xx/fdt.c | 2 +-
commands/loadb.c | 2 +-
commands/loadxy.c | 4 ++--
common/console_common.c | 10 ++++++++--
common/startup.c | 2 +-
include/console.h | 4 ++--
7 files changed, 16 insertions(+), 10 deletions(-)
diff --git a/arch/arm/mach-omap/xload.c b/arch/arm/mach-omap/xload.c
index e632b53788..d0d8c564b5 100644
--- a/arch/arm/mach-omap/xload.c
+++ b/arch/arm/mach-omap/xload.c
@@ -181,7 +181,7 @@ static void *omap_serial_boot(void){
return NULL;
}
- cdev = console_get_first_active();
+ cdev = console_get_first_interactive();
if (!cdev) {
printf("failed to get console\n");
return NULL;
diff --git a/arch/powerpc/mach-mpc85xx/fdt.c b/arch/powerpc/mach-mpc85xx/fdt.c
index de0114ad64..ee43627d8c 100644
--- a/arch/powerpc/mach-mpc85xx/fdt.c
+++ b/arch/powerpc/mach-mpc85xx/fdt.c
@@ -75,7 +75,7 @@ static int fdt_stdout_setup(struct device_node *blob)
goto error;
}
- cdev = console_get_first_active();
+ cdev = console_get_first_interactive();
if (cdev)
sprintf(sername, "serial%d", cdev->dev->id);
else
diff --git a/commands/loadb.c b/commands/loadb.c
index 140d3743f6..15e844ea69 100644
--- a/commands/loadb.c
+++ b/commands/loadb.c
@@ -628,7 +628,7 @@ static int do_load_serial_bin(int argc, char *argv[])
return -ENODEV;
}
} else {
- cdev = console_get_first_active();
+ cdev = console_get_first_interactive();
if (!cdev) {
printf("No console device with STDIN and STDOUT\n");
return -ENODEV;
diff --git a/commands/loadxy.c b/commands/loadxy.c
index e2d1a11a2c..dd9a3b8b4b 100644
--- a/commands/loadxy.c
+++ b/commands/loadxy.c
@@ -61,7 +61,7 @@ static int do_loady(int argc, char *argv[])
if (cname)
cdev = console_get_by_name(cname);
else
- cdev = console_get_first_active();
+ cdev = console_get_first_interactive();
if (!cdev) {
printf("%s:No console device %s with STDIN and STDOUT\n",
argv[0], cname ? cname : "default");
@@ -151,7 +151,7 @@ static int do_loadx(int argc, char *argv[])
if (cname)
cdev = console_get_by_name(cname);
else
- cdev = console_get_first_active();
+ cdev = console_get_first_interactive();
if (!cdev) {
printf("%s:No console device %s with STDIN and STDOUT",
argv[0], cname ? cname : "default");
diff --git a/common/console_common.c b/common/console_common.c
index 5b7a64c99c..ba9fd746c0 100644
--- a/common/console_common.c
+++ b/common/console_common.c
@@ -23,6 +23,7 @@
#include <linux/math64.h>
#include <linux/sizes.h>
#include <linux/overflow.h>
+#include <security/config.h>
#ifndef CONFIG_CONSOLE_NONE
@@ -327,10 +328,15 @@ EXPORT_SYMBOL(console_get_by_name);
* @return console device which is registered with CONSOLE_STDIN and
* CONSOLE_STDOUT
*/
-struct console_device *console_get_first_active(void)
+struct console_device *console_get_first_interactive(void)
{
struct console_device *cdev;
const unsigned char active = CONSOLE_STDIN | CONSOLE_STDOUT;
+
+ /* if no console input is allows, then we can't have STDIN on any. */
+ if (!IS_ALLOWED(SCONFIG_CONSOLE_INPUT))
+ return NULL;
+
/*
* Assumption to have BOTH CONSOLE_STDIN AND STDOUT in the
* same output console
@@ -342,7 +348,7 @@ struct console_device *console_get_first_active(void)
return NULL;
}
-EXPORT_SYMBOL(console_get_first_active);
+EXPORT_SYMBOL(console_get_first_interactive);
struct console_device *of_console_get_by_alias(const char *alias)
{
diff --git a/common/startup.c b/common/startup.c
index 4313435f05..82ff45096b 100644
--- a/common/startup.c
+++ b/common/startup.c
@@ -188,7 +188,7 @@ enum autoboot_state do_autoboot_countdown(void)
if (autoboot_state != AUTOBOOT_UNKNOWN)
return autoboot_state;
- if (!console_get_first_active() &&
+ if (!console_get_first_interactive() &&
global_autoboot_state != AUTOBOOT_ABORT &&
global_autoboot_state != AUTOBOOT_HALT) {
printf("\nNon-interactive console, booting system\n");
diff --git a/include/console.h b/include/console.h
index 590a78110d..37e127e175 100644
--- a/include/console.h
+++ b/include/console.h
@@ -199,7 +199,7 @@ bool console_allow_color(void);
extern struct list_head console_list;
#define for_each_console(console) list_for_each_entry(console, &console_list, list)
-struct console_device *console_get_first_active(void);
+struct console_device *console_get_first_interactive(void);
extern int barebox_loglevel;
static inline int barebox_set_loglevel(int loglevel)
@@ -211,7 +211,7 @@ static inline int barebox_set_loglevel(int loglevel)
#else
#define for_each_console(console) while (((void)console, 0))
-static inline struct console_device *console_get_first_active(void)
+static inline struct console_device *console_get_first_interactive(void)
{
return NULL;
}
--
2.47.3
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-29 8:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-29 8:35 [PATCH v3] console_common: get_first_active: respect security policy Fabian Pflug
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox