linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Christoph Hellwig <hch@infradead.org>
To: Jethro Beekman <kernel@jbeekman.nl>
Cc: keith.busch@intel.com, axboe@fb.com,
	linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] nvme: Check if drive is locked using ATA Security
Date: Fri, 24 Jun 2016 01:09:20 -0700	[thread overview]
Message-ID: <20160624080920.GB17446@infradead.org> (raw)
In-Reply-To: <20160619230634.17229-4-kernel@jbeekman.nl>

On Sun, Jun 19, 2016 at 04:06:34PM -0700, Jethro Beekman wrote:
> Signed-off-by: Jethro Beekman <kernel@jbeekman.nl>
> ---
>  drivers/nvme/host/core.c | 49 +++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 48 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index da027ed..0164122 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -1389,10 +1389,57 @@ int nvme_security_recv(struct nvme_ctrl *dev, u8 protocol, void *buf,
>  	return nvme_submit_sync_cmd(dev->admin_q, &c, buf, len);
>  }
>  
> +#define OACS_SECURITY (1<<0)
> +#define SCSI_SECURITY_PROTOCOL_ATA_SECURITY 0xef
> +#define ATA_SECURITY_LOCKED 0x4

It would be great to have this out in a header or maybe rather
headers.  OACS_SECURITY should go into nvme.h, we probably should have a
new header for the SCSI security protocols (e.g.
include/scsi/scsi_security.h ?), and I'm not sure what to do with 
ATA_SECURITY_LOCKED - maybe just add it to scsi_security.h for now until
we get a more fully blown ata security implementation that even includes
ATA :))

>  static bool nvme_security_is_locked(struct nvme_ctrl *ctrl,
>  		struct nvme_id_ctrl *id)
>  {
> -	return false;
> +	int err;
> +	unsigned int i;
> +	bool found;
> +	u8 protocols[256+8]; /* 8 byte hdr + max number of possible protocols */

Please define a constant for the length in the new scsi_security.h
header.

> +	/* find ata security protocol */
> +	n = be16_to_cpup((__be16 *)(protocols+6));

Just use get_unaligned_be16 that operates directly on the char
array, similar to how we do in lots of places in the SCSI stack.

> +	for (i = 0; i <= n; i++) {
> +		if (protocols[8+i] == SCSI_SECURITY_PROTOCOL_ATA_SECURITY) {
> +			found = true;
> +			break;
> +		}
> +	}

I wonder if it might be a good idea to change the structure here a bit
to allow for future other protocols and have each protocol in a helper,
e.g. do something like

	for (i = 0; i <= n; i++) {
		switch (protocols[8 + i]) {
		case SCSI_SECURITY_PROTOCOL_ATA_SECURITY:
			locked |= nvme_security_ata_is_locked()
			break;
		default:
			break;
	}

> +	return ata_security[1] == 0xe && (ata_security[9]&ATA_SECURITY_LOCKED);

Can we have a sumbolic name for the 0xe?  Also please always add spaces
around your operators.

But after all this nitpicking the general idea looks fine, thanks a lot
for the patch!

  reply	other threads:[~2016-06-24  8:09 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-19 23:06 [PATCH 0/3] nvme: Don't add namespaces for locked drives Jethro Beekman
2016-06-19 23:06 ` [PATCH 1/3] nvme: When scanning namespaces, make sure the drive is not locked Jethro Beekman
2016-06-24  8:12   ` Christoph Hellwig
2016-06-19 23:06 ` [PATCH 2/3] nvme: Add function for NVMe security receive command Jethro Beekman
2016-06-19 23:06 ` [PATCH 3/3] nvme: Check if drive is locked using ATA Security Jethro Beekman
2016-06-24  8:09   ` Christoph Hellwig [this message]
2016-06-20  6:46 ` [PATCH 0/3] nvme: Don't add namespaces for locked drives Sagi Grimberg
2016-06-24  8:09   ` Christoph Hellwig
2016-06-20 15:26 ` Keith Busch
2016-06-20 18:21   ` Jethro Beekman
2016-06-20 22:54     ` Keith Busch
2016-06-21  3:50       ` Jethro Beekman
2016-06-24  7:43         ` Christoph Hellwig
2016-06-24  8:11   ` Christoph Hellwig
2016-06-24  7:37 ` Christoph Hellwig
2016-06-24  7:45   ` Jethro Beekman
2016-06-24  8:00     ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160624080920.GB17446@infradead.org \
    --to=hch@infradead.org \
    --cc=axboe@fb.com \
    --cc=keith.busch@intel.com \
    --cc=kernel@jbeekman.nl \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).