From: Dave Jiang <dave.jiang@intel.com>
To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev
Cc: dan.j.williams@intel.com, ira.weiny@intel.com,
vishal.l.verma@intel.com, alison.schofield@intel.com,
Jonathan.Cameron@huawei.com, dave@stgolabs.net
Subject: [PATCH v3 17/18] libnvdimm: Introduce CONFIG_NVDIMM_SECURITY_TEST flag
Date: Tue, 08 Nov 2022 10:27:00 -0700 [thread overview]
Message-ID: <166792842000.3767969.18296572896453551207.stgit@djiang5-desk3.ch.intel.com> (raw)
In-Reply-To: <166792815961.3767969.2621677491424623673.stgit@djiang5-desk3.ch.intel.com>
nfit_test overrode the security_show() sysfs attribute function in nvdimm
dimm_devs in order to allow testing of security unlock. With the
introduction of CXL security commands, the trick to override
security_show() becomes significantly more complicated. By introdcing a
security flag CONFIG_NVDIMM_SECURITY_TEST, libnvdimm can just toggle the
check via a compile option. In addition the original override can can be
removed from tools/testing/nvdimm/.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
drivers/nvdimm/Kconfig | 13 +++++++++++++
drivers/nvdimm/dimm_devs.c | 9 ++++++++-
drivers/nvdimm/security.c | 4 ++++
tools/testing/nvdimm/Kbuild | 1 -
tools/testing/nvdimm/dimm_devs.c | 30 ------------------------------
5 files changed, 25 insertions(+), 32 deletions(-)
delete mode 100644 tools/testing/nvdimm/dimm_devs.c
diff --git a/drivers/nvdimm/Kconfig b/drivers/nvdimm/Kconfig
index 5a29046e3319..0a13c53c926f 100644
--- a/drivers/nvdimm/Kconfig
+++ b/drivers/nvdimm/Kconfig
@@ -114,4 +114,17 @@ config NVDIMM_TEST_BUILD
core devm_memremap_pages() implementation and other
infrastructure.
+config NVDIMM_SECURITY_TEST
+ bool "Nvdimm security test code toggle"
+ depends on NVDIMM_KEYS
+ help
+ Debug flag for security testing when using nfit_test or cxl_test
+ modules in tools/testing/.
+
+ Select Y if using nfit_test or cxl_test for security testing.
+ Accidentally selecting this option when not using cxl_test
+ introduces 1 mailbox request to the CXL device to get security
+ status for DIMM unlock operation or sysfs attribute "security"
+ read.
+
endif
diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
index c7c980577491..1fc081dcf631 100644
--- a/drivers/nvdimm/dimm_devs.c
+++ b/drivers/nvdimm/dimm_devs.c
@@ -349,11 +349,18 @@ static ssize_t available_slots_show(struct device *dev,
}
static DEVICE_ATTR_RO(available_slots);
-__weak ssize_t security_show(struct device *dev,
+ssize_t security_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
struct nvdimm *nvdimm = to_nvdimm(dev);
+ /*
+ * For the test version we need to poll the "hardware" in order
+ * to get the updated status for unlock testing.
+ */
+ if (IS_ENABLED(CONFIG_NVDIMM_SECURITY_TEST))
+ nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
+
if (test_bit(NVDIMM_SECURITY_OVERWRITE, &nvdimm->sec.flags))
return sprintf(buf, "overwrite\n");
if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 92af4c3ca0d3..12a3926f4289 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -177,6 +177,10 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
|| !nvdimm->sec.flags)
return -EIO;
+ /* While nfit_test does not need this, cxl_test does */
+ if (IS_ENABLED(CONFIG_NVDIMM_SECURITY_TEST))
+ nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
+
/* No need to go further if security is disabled */
if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
return 0;
diff --git a/tools/testing/nvdimm/Kbuild b/tools/testing/nvdimm/Kbuild
index 5eb5c23b062f..8153251ea389 100644
--- a/tools/testing/nvdimm/Kbuild
+++ b/tools/testing/nvdimm/Kbuild
@@ -79,7 +79,6 @@ libnvdimm-$(CONFIG_BTT) += $(NVDIMM_SRC)/btt_devs.o
libnvdimm-$(CONFIG_NVDIMM_PFN) += $(NVDIMM_SRC)/pfn_devs.o
libnvdimm-$(CONFIG_NVDIMM_DAX) += $(NVDIMM_SRC)/dax_devs.o
libnvdimm-$(CONFIG_NVDIMM_KEYS) += $(NVDIMM_SRC)/security.o
-libnvdimm-y += dimm_devs.o
libnvdimm-y += libnvdimm_test.o
libnvdimm-y += config_check.o
diff --git a/tools/testing/nvdimm/dimm_devs.c b/tools/testing/nvdimm/dimm_devs.c
deleted file mode 100644
index 57bd27dedf1f..000000000000
--- a/tools/testing/nvdimm/dimm_devs.c
+++ /dev/null
@@ -1,30 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/* Copyright Intel Corp. 2018 */
-#include <linux/init.h>
-#include <linux/module.h>
-#include <linux/moduleparam.h>
-#include <linux/nd.h>
-#include "pmem.h"
-#include "pfn.h"
-#include "nd.h"
-#include "nd-core.h"
-
-ssize_t security_show(struct device *dev,
- struct device_attribute *attr, char *buf)
-{
- struct nvdimm *nvdimm = to_nvdimm(dev);
-
- /*
- * For the test version we need to poll the "hardware" in order
- * to get the updated status for unlock testing.
- */
- nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
-
- if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
- return sprintf(buf, "disabled\n");
- if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags))
- return sprintf(buf, "unlocked\n");
- if (test_bit(NVDIMM_SECURITY_LOCKED, &nvdimm->sec.flags))
- return sprintf(buf, "locked\n");
- return -ENOTTY;
-}
next prev parent reply other threads:[~2022-11-08 17:27 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-08 17:25 [PATCH v3 00/18] Introduce security commands for CXL pmem device Dave Jiang
2022-11-08 17:25 ` [PATCH v3 01/18] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-11-08 17:25 ` [PATCH v3 02/18] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 03/18] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 04/18] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 05/18] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 06/18] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 07/18] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 08/18] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-11-11 10:31 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 09/18] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 10/18] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 11/18] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-11-11 10:33 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 12/18] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-11-11 10:37 ` Jonathan Cameron
2022-11-14 18:15 ` Dave Jiang
2022-11-08 17:26 ` [PATCH v3 13/18] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-11-11 10:39 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 14/18] cxl/pmem: add id attribute to CXL based nvdimm Dave Jiang
2022-11-11 10:39 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 15/18] tools/testing/cxl: add mechanism to lock mem device for testing Dave Jiang
2022-11-11 10:40 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 16/18] cxl/pmem: add provider name to cxl pmem dimm attribute group Dave Jiang
2022-11-11 10:41 ` Jonathan Cameron
2022-11-08 17:27 ` Dave Jiang [this message]
2022-11-11 10:43 ` [PATCH v3 17/18] libnvdimm: Introduce CONFIG_NVDIMM_SECURITY_TEST flag Jonathan Cameron
2022-11-08 17:27 ` [PATCH v3 18/18] cxl: add dimm_id support for __nvdimm_create() Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=166792842000.3767969.18296572896453551207.stgit@djiang5-desk3.ch.intel.com \
--to=dave.jiang@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=alison.schofield@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.