From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755511AbcFTPSh (ORCPT ); Mon, 20 Jun 2016 11:18:37 -0400 Received: from mga14.intel.com ([192.55.52.115]:18486 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752362AbcFTPS2 (ORCPT ); Mon, 20 Jun 2016 11:18:28 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.26,499,1459839600"; d="scan'208";a="991459963" Date: Mon, 20 Jun 2016 11:26:39 -0400 From: Keith Busch To: Jethro Beekman Cc: axboe@fb.com, linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/3] nvme: Don't add namespaces for locked drives Message-ID: <20160620152639.GD12936@localhost.localdomain> References: <20160619230634.17229-1-kernel@jbeekman.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160619230634.17229-1-kernel@jbeekman.nl> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jun 19, 2016 at 04:06:31PM -0700, Jethro Beekman wrote: > If an NVMe drive is locked with ATA Security, most commands sent to the drive > will fail. This includes commands sent by the kernel upon discovery to probe > for partitions. The failing happens in such a way that trying to do anything > with the drive (e.g. sending an unlock command; unloading the nvme module) is > basically impossible with the high default command timeout. Why is the timeout a factor here? Is it because the error your drive returns does not have DNR set and goes through 30 seconds of retries? If so, I think we should probably have a limited retry count instead of unlimited retries within the command timeout. > This patch adds a check to see if the drive is locked, and if it is, its > namespaces are not initialized. It is expected that userspace will send the > proper "security send/unlock" command and then reset the controller. Userspace > tools are available at [1]. Aren't these security settings per-namespace rather than the entire device? > I intend to also submit a future patch that tracks ATA Security commands sent > from userspace and remembers the password so it can be submitted to a locked > drive upon pm_resume. (still WIP) This subjects the system to various attacks like cold boot or hotswap, but that's what users want! This is ATA security, though, so wouldn't ATA also benefit from this? The payload setup/decoding should then go in a generic library for everyone. Similar was said about the patch adding OPAL security to the NVMe driver: http://lists.infradead.org/pipermail/linux-nvme/2016-April/004428.html