From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: David Howells <dhowells@redhat.com>,
"Schofield, Alison <alison.schofield@intel.com>,
keyrings@vger.kernel.org, Kees Cook" <keescook@chromium.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH v4 05/11] nfit/libnvdimm: add set passphrase support for Intel nvdimms
Date: Mon, 16 Jul 2018 15:12:26 -0700 [thread overview]
Message-ID: <CAPcyv4iw=vXg4k5JsUE9V1F=AEizAVN3sgxocTqRkr-JLC2vYA@mail.gmail.com> (raw)
In-Reply-To: <a409832f-fccd-7ba2-0bba-c651d326414c@intel.com>
On Mon, Jul 16, 2018 at 2:59 PM, Dave Jiang <dave.jiang@intel.com> wrote:
>
>
> On 07/13/2018 04:26 PM, Dan Williams wrote:
>> On Thu, Jul 12, 2018 at 1:48 PM, Dave Jiang <dave.jiang@intel.com> wrote:
>>> Add support for setting and/or updating passphrase on the Intel nvdimms.
>>> The passphrase is pulled from userspace through the kernel key management.
>>> We trigger the update via writing "update" to the sysfs attribute
>>> "security". The state of the security can also be read via the "security"
>>> attribute. libnvdimm will generically support the key_change API call.
>>>
>>> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
>>> ---
>>> drivers/acpi/nfit/intel.c | 57 +++++++++++++++++++++++
>>> drivers/nvdimm/dimm_devs.c | 110 ++++++++++++++++++++++++++++++++++++++++++++
>>> include/linux/libnvdimm.h | 5 ++
>>> 3 files changed, 172 insertions(+)
>>>
>>> diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c
>>> index 9155b8e63f0e..b0a62248467d 100644
>>> --- a/drivers/acpi/nfit/intel.c
>>> +++ b/drivers/acpi/nfit/intel.c
>>> @@ -18,6 +18,62 @@
>>> #include "intel.h"
>>> #include "nfit.h"
>>>
>>> +static int intel_dimm_security_update_passphrase(
>>> + struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm,
>>> + struct nvdimm_key_data *old_data,
>>> + struct nvdimm_key_data *new_data)
>>> +{
>>> + struct nvdimm_bus_descriptor *nd_desc = to_nd_desc(nvdimm_bus);
>>> + int cmd_rc, rc = 0;
>>> + struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
>>> + struct {
>>> + struct nd_cmd_pkg pkg;
>>> + struct nd_intel_set_passphrase cmd;
>>> + } nd_cmd = {
>>> + .pkg = {
>>> + .nd_command = NVDIMM_INTEL_SET_PASSPHRASE,
>>> + .nd_family = NVDIMM_FAMILY_INTEL,
>>> + .nd_size_in = ND_INTEL_PASSPHRASE_SIZE * 2,
>>> + .nd_size_out = ND_INTEL_STATUS_SIZE,
>>> + .nd_fw_size = ND_INTEL_STATUS_SIZE,
>>> + },
>>> + .cmd = {
>>> + .status = 0,
>>> + },
>>> + };
>>> +
>>> + if (!test_bit(NVDIMM_INTEL_SET_PASSPHRASE, &nfit_mem->dsm_mask))
>>> + return -ENOTTY;
>>> +
>>> + if (old_data)
>>> + memcpy(nd_cmd.cmd.old_pass, old_data->data,
>>> + ND_INTEL_PASSPHRASE_SIZE);
>>> + memcpy(nd_cmd.cmd.new_pass, new_data->data, ND_INTEL_PASSPHRASE_SIZE);
>>> + rc = nd_desc->ndctl(nd_desc, nvdimm, ND_CMD_CALL, &nd_cmd,
>>> + sizeof(nd_cmd), &cmd_rc);
>>> + if (rc < 0)
>>> + goto out;
>>> + if (cmd_rc < 0) {
>>> + rc = cmd_rc;
>>> + goto out;
>>> + }
>>> +
>>> + switch (nd_cmd.cmd.status) {
>>> + case 0:
>>> + break;
>>> + case ND_INTEL_STATUS_INVALID_PASS:
>>> + rc = -EINVAL;
>>> + goto out;
>>> + case ND_INTEL_STATUS_INVALID_STATE:
>>> + default:
>>> + rc = -ENXIO;
>>> + goto out;
>>> + }
>>> +
>>> + out:
>>> + return rc;
>>> +}
>>> +
>>> static int intel_dimm_security_unlock(struct nvdimm_bus *nvdimm_bus,
>>> struct nvdimm *nvdimm, struct nvdimm_key_data *nkey)
>>> {
>>> @@ -148,4 +204,5 @@ static int intel_dimm_security_state(struct nvdimm_bus *nvdimm_bus,
>>> struct nvdimm_security_ops intel_security_ops = {
>>> .state = intel_dimm_security_state,
>>> .unlock = intel_dimm_security_unlock,
>>> + .change_key = intel_dimm_security_update_passphrase,
>>> };
>>> diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
>>> index 5e190120f4aa..2ab846a2114a 100644
>>> --- a/drivers/nvdimm/dimm_devs.c
>>> +++ b/drivers/nvdimm/dimm_devs.c
>>> @@ -171,6 +171,75 @@ int nvdimm_security_unlock_dimm(struct device *dev)
>>> return rc;
>>> }
>>>
>>> +static int nvdimm_security_change_key(struct device *dev)
>>> +{
>>> + struct nvdimm *nvdimm = to_nvdimm(dev);
>>> + struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
>>> + struct key *key = NULL, *old_key = NULL;
>>> + int rc;
>>> + void *old_data, *new_data;
>>> +
>>> + if (!nvdimm->security_ops)
>>> + return 0;
>>> +
>>> + if (nvdimm->state == NVDIMM_SECURITY_FROZEN)
>>> + return -EBUSY;
>>> +
>>> + /* look for a key from keyring if exists and remove */
>>> + old_key = nvdimm_search_key(dev);
>>> + if (old_key) {
>>> + dev_dbg(dev, "%s: killing old key: %#x\n",
>>> + __func__, old_key->serial);
>>> + key_invalidate(old_key);
>>> + key_put(old_key);
>>> + /* need key garbage collection to take effect */
>>> + cond_resched();
>>
>> If we need it to take effect then this won't do it, this is a nop most
>> times, and even if it were plain schedule() what guarantees the
>> garbage collector runs before you get the cpu again?
>>
>> I think you want define a new key_put_sync() api that calls
>> flush_work(&key_gc_work), or otherwise clarify what happens if we
>> don't wait for the garbage collector to run?
>>
>
> It returns -EKEYREVOKED. Can I do something like:
>
> do {
> key = request_key(...);
> if (!IS_ERR(key) || PTR_ERR(key) != -EKEYREVOKED)
> break;
> cond_resched();
> } while (1);
>
That's effectively an open-coded flush_work(). I'd just define the new api.
/me goes back to vacation mode.
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
WARNING: multiple messages have this Message-ID (diff)
From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: David Howells <dhowells@redhat.com>,
"Schofield, Alison <alison.schofield@intel.com>,
keyrings@vger.kernel.org, Kees Cook" <keescook@chromium.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH v4 05/11] nfit/libnvdimm: add set passphrase support for Intel nvdimms
Date: Mon, 16 Jul 2018 22:12:26 +0000 [thread overview]
Message-ID: <CAPcyv4iw=vXg4k5JsUE9V1F=AEizAVN3sgxocTqRkr-JLC2vYA@mail.gmail.com> (raw)
In-Reply-To: <a409832f-fccd-7ba2-0bba-c651d326414c@intel.com>
On Mon, Jul 16, 2018 at 2:59 PM, Dave Jiang <dave.jiang@intel.com> wrote:
>
>
> On 07/13/2018 04:26 PM, Dan Williams wrote:
>> On Thu, Jul 12, 2018 at 1:48 PM, Dave Jiang <dave.jiang@intel.com> wrote:
>>> Add support for setting and/or updating passphrase on the Intel nvdimms.
>>> The passphrase is pulled from userspace through the kernel key management.
>>> We trigger the update via writing "update" to the sysfs attribute
>>> "security". The state of the security can also be read via the "security"
>>> attribute. libnvdimm will generically support the key_change API call.
>>>
>>> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
>>> ---
>>> drivers/acpi/nfit/intel.c | 57 +++++++++++++++++++++++
>>> drivers/nvdimm/dimm_devs.c | 110 ++++++++++++++++++++++++++++++++++++++++++++
>>> include/linux/libnvdimm.h | 5 ++
>>> 3 files changed, 172 insertions(+)
>>>
>>> diff --git a/drivers/acpi/nfit/intel.c b/drivers/acpi/nfit/intel.c
>>> index 9155b8e63f0e..b0a62248467d 100644
>>> --- a/drivers/acpi/nfit/intel.c
>>> +++ b/drivers/acpi/nfit/intel.c
>>> @@ -18,6 +18,62 @@
>>> #include "intel.h"
>>> #include "nfit.h"
>>>
>>> +static int intel_dimm_security_update_passphrase(
>>> + struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm,
>>> + struct nvdimm_key_data *old_data,
>>> + struct nvdimm_key_data *new_data)
>>> +{
>>> + struct nvdimm_bus_descriptor *nd_desc = to_nd_desc(nvdimm_bus);
>>> + int cmd_rc, rc = 0;
>>> + struct nfit_mem *nfit_mem = nvdimm_provider_data(nvdimm);
>>> + struct {
>>> + struct nd_cmd_pkg pkg;
>>> + struct nd_intel_set_passphrase cmd;
>>> + } nd_cmd = {
>>> + .pkg = {
>>> + .nd_command = NVDIMM_INTEL_SET_PASSPHRASE,
>>> + .nd_family = NVDIMM_FAMILY_INTEL,
>>> + .nd_size_in = ND_INTEL_PASSPHRASE_SIZE * 2,
>>> + .nd_size_out = ND_INTEL_STATUS_SIZE,
>>> + .nd_fw_size = ND_INTEL_STATUS_SIZE,
>>> + },
>>> + .cmd = {
>>> + .status = 0,
>>> + },
>>> + };
>>> +
>>> + if (!test_bit(NVDIMM_INTEL_SET_PASSPHRASE, &nfit_mem->dsm_mask))
>>> + return -ENOTTY;
>>> +
>>> + if (old_data)
>>> + memcpy(nd_cmd.cmd.old_pass, old_data->data,
>>> + ND_INTEL_PASSPHRASE_SIZE);
>>> + memcpy(nd_cmd.cmd.new_pass, new_data->data, ND_INTEL_PASSPHRASE_SIZE);
>>> + rc = nd_desc->ndctl(nd_desc, nvdimm, ND_CMD_CALL, &nd_cmd,
>>> + sizeof(nd_cmd), &cmd_rc);
>>> + if (rc < 0)
>>> + goto out;
>>> + if (cmd_rc < 0) {
>>> + rc = cmd_rc;
>>> + goto out;
>>> + }
>>> +
>>> + switch (nd_cmd.cmd.status) {
>>> + case 0:
>>> + break;
>>> + case ND_INTEL_STATUS_INVALID_PASS:
>>> + rc = -EINVAL;
>>> + goto out;
>>> + case ND_INTEL_STATUS_INVALID_STATE:
>>> + default:
>>> + rc = -ENXIO;
>>> + goto out;
>>> + }
>>> +
>>> + out:
>>> + return rc;
>>> +}
>>> +
>>> static int intel_dimm_security_unlock(struct nvdimm_bus *nvdimm_bus,
>>> struct nvdimm *nvdimm, struct nvdimm_key_data *nkey)
>>> {
>>> @@ -148,4 +204,5 @@ static int intel_dimm_security_state(struct nvdimm_bus *nvdimm_bus,
>>> struct nvdimm_security_ops intel_security_ops = {
>>> .state = intel_dimm_security_state,
>>> .unlock = intel_dimm_security_unlock,
>>> + .change_key = intel_dimm_security_update_passphrase,
>>> };
>>> diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
>>> index 5e190120f4aa..2ab846a2114a 100644
>>> --- a/drivers/nvdimm/dimm_devs.c
>>> +++ b/drivers/nvdimm/dimm_devs.c
>>> @@ -171,6 +171,75 @@ int nvdimm_security_unlock_dimm(struct device *dev)
>>> return rc;
>>> }
>>>
>>> +static int nvdimm_security_change_key(struct device *dev)
>>> +{
>>> + struct nvdimm *nvdimm = to_nvdimm(dev);
>>> + struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
>>> + struct key *key = NULL, *old_key = NULL;
>>> + int rc;
>>> + void *old_data, *new_data;
>>> +
>>> + if (!nvdimm->security_ops)
>>> + return 0;
>>> +
>>> + if (nvdimm->state = NVDIMM_SECURITY_FROZEN)
>>> + return -EBUSY;
>>> +
>>> + /* look for a key from keyring if exists and remove */
>>> + old_key = nvdimm_search_key(dev);
>>> + if (old_key) {
>>> + dev_dbg(dev, "%s: killing old key: %#x\n",
>>> + __func__, old_key->serial);
>>> + key_invalidate(old_key);
>>> + key_put(old_key);
>>> + /* need key garbage collection to take effect */
>>> + cond_resched();
>>
>> If we need it to take effect then this won't do it, this is a nop most
>> times, and even if it were plain schedule() what guarantees the
>> garbage collector runs before you get the cpu again?
>>
>> I think you want define a new key_put_sync() api that calls
>> flush_work(&key_gc_work), or otherwise clarify what happens if we
>> don't wait for the garbage collector to run?
>>
>
> It returns -EKEYREVOKED. Can I do something like:
>
> do {
> key = request_key(...);
> if (!IS_ERR(key) || PTR_ERR(key) != -EKEYREVOKED)
> break;
> cond_resched();
> } while (1);
>
That's effectively an open-coded flush_work(). I'd just define the new api.
/me goes back to vacation mode.
next prev parent reply other threads:[~2018-07-16 22:12 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-12 20:48 [PATCH v4 00/11] Adding security support for nvdimm Dave Jiang
2018-07-12 20:48 ` Dave Jiang
2018-07-12 20:48 ` [PATCH v4 01/11] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-07-12 20:48 ` Dave Jiang
2018-07-13 23:04 ` Dan Williams
2018-07-13 23:04 ` Dan Williams
2018-07-12 20:48 ` [PATCH v4 02/11] libnvdimm: create keyring to store security keys Dave Jiang
2018-07-12 20:48 ` Dave Jiang
2018-07-13 23:05 ` Dan Williams
2018-07-13 23:05 ` Dan Williams
2018-07-12 20:48 ` [PATCH v4 03/11] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-07-12 20:48 ` Dave Jiang
2018-07-13 23:17 ` Dan Williams
2018-07-13 23:17 ` Dan Williams
2018-07-12 20:48 ` [PATCH v4 04/11] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-07-12 20:48 ` Dave Jiang
2018-07-13 23:19 ` Dan Williams
2018-07-13 23:19 ` Dan Williams
2018-07-12 20:48 ` [PATCH v4 05/11] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-07-12 20:48 ` Dave Jiang
2018-07-13 23:26 ` Dan Williams
2018-07-13 23:26 ` Dan Williams
2018-07-16 21:59 ` Dave Jiang
2018-07-16 21:59 ` Dave Jiang
2018-07-16 22:12 ` Dan Williams [this message]
2018-07-16 22:12 ` Dan Williams
2018-07-12 20:49 ` [PATCH v4 06/11] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-07-12 20:49 ` Dave Jiang
2018-07-13 23:29 ` Dan Williams
2018-07-13 23:29 ` Dan Williams
2018-07-12 20:49 ` [PATCH v4 07/11] nfit/libnvdimm: add freeze security " Dave Jiang
2018-07-12 20:49 ` Dave Jiang
2018-07-13 23:34 ` Dan Williams
2018-07-13 23:34 ` Dan Williams
2018-07-12 20:49 ` [PATCH v4 08/11] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-07-12 20:49 ` Dave Jiang
2018-07-13 23:42 ` Dan Williams
2018-07-13 23:42 ` Dan Williams
2018-07-12 20:49 ` [PATCH v4 09/11] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-07-12 20:49 ` Dave Jiang
2018-07-13 23:54 ` Dan Williams
2018-07-13 23:54 ` Dan Williams
2018-07-12 20:49 ` [PATCH v4 10/11] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-07-12 20:49 ` Dave Jiang
2018-07-13 23:55 ` Dan Williams
2018-07-13 23:55 ` Dan Williams
2018-07-12 20:49 ` [PATCH v4 11/11] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-07-12 20:49 ` Dave Jiang
2018-07-14 0:01 ` Dan Williams
2018-07-14 0:01 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPcyv4iw=vXg4k5JsUE9V1F=AEizAVN3sgxocTqRkr-JLC2vYA@mail.gmail.com' \
--to=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dhowells@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.