From: David Howells <dhowells@redhat.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: alison.schofield@intel.com, keescook@chromium.org,
linux-nvdimm@lists.01.org, ebiggers3@gmail.com,
dhowells@redhat.com, keyrings@vger.kernel.org
Subject: Re: [PATCH v6 04/11] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs
Date: Thu, 02 Aug 2018 12:58:11 +0100 [thread overview]
Message-ID: <19807.1533211091@warthog.procyon.org.uk> (raw)
In-Reply-To: <153255233354.51274.8552293701029405599.stgit@djiang5-desk3.ch.intel.com>
Dave Jiang <dave.jiang@intel.com> wrote:
> + key = key_lookup(nvdimm->key_id);
You should not be using key_lookup() as the key ID doesn't pin a reference to
the key you're using. If you're going to cache a key, either cache the key
pointer directly and check it with key_validate() before you use it or keep
the cache in a private kernel keyring and use key_search() each time you want
to use it. The latter method allows for the key to be garbage collected
automatically if it expires or gets invalidated.
You can still follow a negative call for a cached key with a call to
nvdimm_request_key(). In the private keyring-using case, you can link the key
to the private keyring after you got it.
> + payload = key->payload.data[0];
> + rc = nvdimm->security_ops->unlock(nvdimm_bus, nvdimm,
> + (void *)payload->data);
I would recommend casting to const void * if you can as you're not allowed to
change the payload data.
David
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-08-02 11:58 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-25 20:58 [PATCH v6 00/11] Adding security support for nvdimm Dave Jiang
2018-07-25 20:58 ` [PATCH v6 01/11] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-07-25 20:58 ` [PATCH v6 02/11] libnvdimm: create keyring to store security keys Dave Jiang
2018-07-25 20:58 ` [PATCH v6 03/11] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-07-25 20:58 ` [PATCH v6 04/11] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-07-31 22:04 ` Alison Schofield
2018-07-31 22:48 ` Jiang, Dave
2018-07-25 20:58 ` [PATCH v6 05/11] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-07-25 20:59 ` [PATCH v6 06/11] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-07-25 20:59 ` [PATCH v6 07/11] nfit/libnvdimm: add freeze security " Dave Jiang
2018-07-25 20:59 ` [PATCH v6 08/11] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-07-25 20:59 ` [PATCH v6 09/11] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-07-25 20:59 ` [PATCH v6 10/11] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-07-25 20:59 ` [PATCH v6 11/11] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-08-02 11:58 ` David Howells [this message]
2018-08-02 12:00 ` [PATCH v6 05/11] nfit/libnvdimm: add set passphrase support for Intel nvdimms David Howells
2018-08-02 22:29 ` Dave Jiang
2018-08-03 0:28 ` Dave Jiang
2018-08-03 8:32 ` David Howells
2018-08-03 16:07 ` Dave Jiang
2018-08-03 8:28 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19807.1533211091@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=alison.schofield@intel.com \
--cc=dave.jiang@intel.com \
--cc=ebiggers3@gmail.com \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).