From: Dave Jiang <dave.jiang@intel.com>
To: dan.j.williams@intel.com
Cc: linux-nvdimm@lists.01.org
Subject: [PATCH 4/5] libnvdimm: remove code to pull user key when there's no kernel key
Date: Fri, 12 Oct 2018 11:24:09 -0700 [thread overview]
Message-ID: <153936864924.55836.10713157239316653961.stgit@djiang5-desk3.ch.intel.com> (raw)
In-Reply-To: <153936863308.55836.2972520178944977338.stgit@djiang5-desk3.ch.intel.com>
Remove extraneous code that used to expect nvdimm_get_and_verify_key() to
return NULL when there's no kernel key. We want to enforce the behavior
that when there is no kernel key we should fail security ops.
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
drivers/nvdimm/security.c | 35 ++++-------------------------------
1 file changed, 4 insertions(+), 31 deletions(-)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index f9ca1575012e..7b5d7c77514d 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -135,7 +135,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid)
struct key *key;
struct user_key_payload *payload;
struct device *dev = &nvdimm->dev;
- bool is_userkey = false;
if (!nvdimm->security_ops)
return -EOPNOTSUPP;
@@ -161,18 +160,6 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid)
rc = PTR_ERR(key);
goto out;
}
- if (!key) {
- dev_dbg(dev, "No cached key found\n");
- /* get old user key */
- key = nvdimm_lookup_user_key(dev, keyid);
- if (!key) {
- dev_dbg(dev, "Unable to retrieve user key: %#x\n",
- keyid);
- rc = -ENOKEY;
- goto out;
- }
- is_userkey = true;
- }
down_read(&key->sem);
payload = key->payload.data[0];
@@ -181,10 +168,8 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid)
up_read(&key->sem);
/* remove key since secure erase kills the passphrase */
- if (!is_userkey) {
- key_invalidate(key);
- nvdimm->key = NULL;
- }
+ key_invalidate(key);
+ nvdimm->key = NULL;
key_put(key);
out:
@@ -218,7 +203,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid)
struct key *key;
struct user_key_payload *payload;
struct device *dev = &nvdimm->dev;
- bool is_userkey = false;
if (!nvdimm->security_ops)
return -EOPNOTSUPP;
@@ -233,15 +217,6 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid)
mutex_unlock(&nvdimm->key_mutex);
return PTR_ERR(key);
}
- if (!key) {
- /* get old user key */
- key = nvdimm_lookup_user_key(dev, keyid);
- if (!key) {
- mutex_unlock(&nvdimm->key_mutex);
- return -ENOKEY;
- }
- is_userkey = true;
- }
down_read(&key->sem);
payload = key->payload.data[0];
@@ -255,10 +230,8 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid)
}
/* If we succeed then remove the key */
- if (!is_userkey) {
- key_invalidate(key);
- nvdimm->key = NULL;
- }
+ key_invalidate(key);
+ nvdimm->key = NULL;
key_put(key);
out:
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-10-12 18:24 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-12 18:23 [PATCH 1/5] libnvdimm: fix updating of kernel key during nvdimm key update Dave Jiang
2018-10-12 18:23 ` [PATCH 2/5] libnvdimm: fix incorrect output when nvdimm disable failed Dave Jiang
2018-10-12 19:22 ` Dan Williams
2018-10-12 18:24 ` [PATCH 3/5] libnvdimm: remove driver attached check for secure erase Dave Jiang
2018-10-12 19:23 ` Dan Williams
2018-10-12 18:24 ` Dave Jiang [this message]
2018-10-12 19:26 ` [PATCH 4/5] libnvdimm: remove code to pull user key when there's no kernel key Dan Williams
2018-10-12 18:24 ` [PATCH 5/5] libnvdimm: address state where dimm is unlocked in preOS Dave Jiang
2018-10-12 19:28 ` Dan Williams
2018-10-12 19:19 ` [PATCH 1/5] libnvdimm: fix updating of kernel key during nvdimm key update Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=153936864924.55836.10713157239316653961.stgit@djiang5-desk3.ch.intel.com \
--to=dave.jiang@intel.com \
--cc=dan.j.williams@intel.com \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).