nvdimm.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: "Schofield, Alison" <alison.schofield@intel.com>,
	Kees Cook <keescook@chromium.org>,
	linux-nvdimm <linux-nvdimm@lists.01.org>,
	Eric Biggers <ebiggers3@gmail.com>,
	David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org
Subject: Re: [PATCH v9 09/12] nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm
Date: Tue, 25 Sep 2018 18:04:56 -0700	[thread overview]
Message-ID: <CAPcyv4gdvn0=5Dcq4FhPt_fpTtAS+N4TfUQCq0WdhTCBZZZojg@mail.gmail.com> (raw)
In-Reply-To: <153791871610.70158.9555364033543193511.stgit@djiang5-desk3.ch.intel.com>

On Tue, Sep 25, 2018 at 4:41 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Add support to issue a secure erase DSM to the Intel nvdimm. The
> required passphrase is acquired from userspace through the kernel key
> management. To trigger the action, "erase <old_keyid>" is written to the
> "security" sysfs attribute. libnvdimm will support the erase generic API
> call. The user key provided will be verified against the cached kernel
> key. If no kernel key exists, then the user key will be attempted for the
> operation.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> Reviewed-by: Dan Williams <dan.j.williams@intel.com>

Guess I missed this that last time I looked...

[..]
> diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
> index ff7c6a7cddd9..1ce602561d74 100644
> --- a/drivers/nvdimm/dimm_devs.c
> +++ b/drivers/nvdimm/dimm_devs.c
> @@ -183,6 +183,74 @@ int nvdimm_security_get_state(struct device *dev)
>                         &nvdimm->state);
>  }
>
> +static int nvdimm_security_erase(struct device *dev, unsigned int keyid)
> +{
> +       struct nvdimm *nvdimm = to_nvdimm(dev);
> +       struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
> +       struct key *key;
> +       struct user_key_payload *payload;
> +       int rc = 0;
> +       bool is_userkey = false;
> +
> +       if (!nvdimm->security_ops)
> +               return -EOPNOTSUPP;
> +
> +       /* lock the device and disallow driver bind */
> +       device_lock(dev);
> +
> +       /* No driver data means dimm is disabled. Proceed if so. */
> +       if (dev_get_drvdata(dev)) {
> +               dev_warn(dev, "Unable to secure erase while DIMM active.\n");

Unfortunately this is not a foolproof method for checking if the
DIMM's capacity is active. Especially when a DIMM does not have label
support it is possible for the driver to be detached, but the DIMM's
capacity is active in a region. So, I would change this to routine to
take the nvdimm_bus_lock() and check for:

    if (atomic_read(&nvdimm->busy))

That way you know the DIMM is not participating in any active regions,
and you know that the region driver is prevented from starting up
namespaces.
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

  reply	other threads:[~2018-09-26  1:05 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-25 23:37 [PATCH v9 00/12] Adding security support for nvdimm Dave Jiang
2018-09-25 23:37 ` [PATCH v9 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-09-25 23:37 ` [PATCH v9 02/12] libnvdimm: create keyring to store security keys Dave Jiang
2018-09-25 23:38 ` [PATCH v9 03/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-09-25 23:38 ` [PATCH v9 04/12] keys: export lookup_user_key to external users Dave Jiang
2018-09-25 23:38 ` [PATCH v9 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-26  0:33   ` Dan Williams
2018-09-25 23:38 ` [PATCH v9 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-09-26  0:42   ` Dan Williams
2018-09-25 23:38 ` [PATCH v9 07/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-09-25 23:38 ` [PATCH v9 08/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-09-25 23:38 ` [PATCH v9 09/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-09-26  1:04   ` Dan Williams [this message]
2018-09-25 23:38 ` [PATCH v9 10/12] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-09-25 23:38 ` [PATCH v9 11/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-09-25 23:38 ` [PATCH v9 12/12] libnvdimm: add documentation for nvdimm security support Dave Jiang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPcyv4gdvn0=5Dcq4FhPt_fpTtAS+N4TfUQCq0WdhTCBZZZojg@mail.gmail.com' \
    --to=dan.j.williams@intel.com \
    --cc=alison.schofield@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dhowells@redhat.com \
    --cc=ebiggers3@gmail.com \
    --cc=keescook@chromium.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    --subject='Re: [PATCH v9 09/12] nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).