From: Jeff Moyer <jmoyer@redhat.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: linux-nvdimm@lists.01.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/3] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations
Date: Wed, 28 Aug 2019 13:57:02 -0400 [thread overview]
Message-ID: <x497e6x8975.fsf@segfault.boston.devel.redhat.com> (raw)
In-Reply-To: <156686729996.184120.3458026302402493937.stgit@dwillia2-desk3.amr.corp.intel.com> (Dan Williams's message of "Mon, 26 Aug 2019 17:55:00 -0700")
Dan Williams <dan.j.williams@intel.com> writes:
> An attempt to freeze DIMMs currently runs afoul of default blocking of
> all security operations in the entry to the 'store' routine for the
> 'security' sysfs attribute.
>
> The blanket blocking of all security operations while the DIMM is in
> active use in a region is too restrictive. The only security operations
> that need to be aware of the ->busy state are those that mutate the
> state of data, i.e. erase and overwrite.
>
> Refactor the ->busy checks to be applied at the entry common entry point
> in __security_store() rather than each of the helper routines to enable
> freeze to be run regardless of busy state.
>
> Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
> ---
> drivers/nvdimm/dimm_devs.c | 33 ++++++++++++++++-----------------
> drivers/nvdimm/security.c | 10 ----------
> 2 files changed, 16 insertions(+), 27 deletions(-)
>
> diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
> index 53330625fe07..d837cb9be83d 100644
> --- a/drivers/nvdimm/dimm_devs.c
> +++ b/drivers/nvdimm/dimm_devs.c
> @@ -424,9 +424,6 @@ static ssize_t __security_store(struct device *dev, const char *buf, size_t len)
> unsigned int key, newkey;
> int i;
>
> - if (atomic_read(&nvdimm->busy))
> - return -EBUSY;
> -
> rc = sscanf(buf, "%"__stringify(SEC_CMD_SIZE)"s"
> " %"__stringify(KEY_ID_SIZE)"s"
> " %"__stringify(KEY_ID_SIZE)"s",
> @@ -451,23 +448,25 @@ static ssize_t __security_store(struct device *dev, const char *buf, size_t len)
> } else if (i == OP_DISABLE) {
> dev_dbg(dev, "disable %u\n", key);
> rc = nvdimm_security_disable(nvdimm, key);
> - } else if (i == OP_UPDATE) {
> - dev_dbg(dev, "update %u %u\n", key, newkey);
> - rc = nvdimm_security_update(nvdimm, key, newkey, NVDIMM_USER);
> - } else if (i == OP_ERASE) {
> - dev_dbg(dev, "erase %u\n", key);
> - rc = nvdimm_security_erase(nvdimm, key, NVDIMM_USER);
> + } else if (i == OP_UPDATE || i == OP_MASTER_UPDATE) {
> + dev_dbg(dev, "%s %u %u\n", ops[i].name, key, newkey);
> + rc = nvdimm_security_update(nvdimm, key, newkey, i == OP_UPDATE
> + ? NVDIMM_USER : NVDIMM_MASTER);
> + } else if (i == OP_ERASE || i == OP_MASTER_ERASE) {
> + dev_dbg(dev, "%s %u\n", ops[i].name, key);
> + if (atomic_read(&nvdimm->busy)) {
> + dev_dbg(dev, "Unable to secure erase while DIMM active.\n");
> + return -EBUSY;
> + }
> + rc = nvdimm_security_erase(nvdimm, key, i == OP_ERASE
> + ? NVDIMM_USER : NVDIMM_MASTER);
> } else if (i == OP_OVERWRITE) {
> dev_dbg(dev, "overwrite %u\n", key);
> + if (atomic_read(&nvdimm->busy)) {
> + dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
> + return -EBUSY;
> + }
> rc = nvdimm_security_overwrite(nvdimm, key);
> - } else if (i == OP_MASTER_UPDATE) {
> - dev_dbg(dev, "master_update %u %u\n", key, newkey);
> - rc = nvdimm_security_update(nvdimm, key, newkey,
> - NVDIMM_MASTER);
> - } else if (i == OP_MASTER_ERASE) {
> - dev_dbg(dev, "master_erase %u\n", key);
> - rc = nvdimm_security_erase(nvdimm, key,
> - NVDIMM_MASTER);
> } else
> return -EINVAL;
>
> diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
> index 5862d0eee9db..2166e627383a 100644
> --- a/drivers/nvdimm/security.c
> +++ b/drivers/nvdimm/security.c
> @@ -334,11 +334,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
> || !nvdimm->sec.flags)
> return -EOPNOTSUPP;
>
> - if (atomic_read(&nvdimm->busy)) {
> - dev_dbg(dev, "Unable to secure erase while DIMM active.\n");
> - return -EBUSY;
> - }
> -
> rc = check_security_state(nvdimm);
> if (rc)
> return rc;
> @@ -380,11 +375,6 @@ int nvdimm_security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)
> || !nvdimm->sec.flags)
> return -EOPNOTSUPP;
>
> - if (atomic_read(&nvdimm->busy)) {
> - dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
> - return -EBUSY;
> - }
> -
> if (dev->driver == NULL) {
> dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
> return -EINVAL;
>
> _______________________________________________
> Linux-nvdimm mailing list
> Linux-nvdimm@lists.01.org
> https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2019-08-28 17:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-27 0:54 [PATCH v2 0/3] libnvdimm/security: Enumerate the frozen state and other cleanups Dan Williams
2019-08-27 0:54 ` [PATCH v2 1/3] libnvdimm/security: Introduce a 'frozen' attribute Dan Williams
2019-08-28 17:56 ` Jeff Moyer
2019-08-27 0:55 ` [PATCH v2 2/3] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations Dan Williams
2019-08-28 17:57 ` Jeff Moyer [this message]
2019-08-27 0:55 ` [PATCH v2 3/3] libnvdimm/security: Consolidate 'security' operations Dan Williams
2019-08-28 17:57 ` [PATCH v2 0/3] libnvdimm/security: Enumerate the frozen state and other cleanups Jeff Moyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=x497e6x8975.fsf@segfault.boston.devel.redhat.com \
--to=jmoyer@redhat.com \
--cc=dan.j.williams@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).