From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: "Schofield, Alison" <alison.schofield@intel.com>,
Kees Cook <keescook@chromium.org>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
Eric Biggers <ebiggers3@gmail.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org
Subject: Re: [PATCH v11 04/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs
Date: Fri, 28 Sep 2018 17:41:04 -0700 [thread overview]
Message-ID: <CAPcyv4irD-d=U9Y9hvyqg-6=8ST8dPnK1apviuOJ5bt2oX-Oew@mail.gmail.com> (raw)
In-Reply-To: <153817162922.17152.3222889638018212575.stgit@djiang5-desk3.ch.intel.com>
On Fri, Sep 28, 2018 at 2:54 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Add support to allow query the security status of the Intel nvdimms and
> also unlock the dimm via the kernel key management APIs. The passphrase is
> expected to be pulled from userspace through keyutils. Moving the Intel
> related bits to its own source file as well.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> Reviewed-by: Dan Williams <dan.j.williams@intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
[..]
> diff --git a/drivers/nvdimm/dimm.c b/drivers/nvdimm/dimm.c
> index 6c8fb7590838..b6381ddbd6c1 100644
> --- a/drivers/nvdimm/dimm.c
> +++ b/drivers/nvdimm/dimm.c
[..]
> @@ -25,6 +28,119 @@
>
> static DEFINE_IDA(dimm_ida);
>
> +/*
> + * Find key that's cached with nvdimm
> + */
> +static struct key *nvdimm_get_key(struct device *dev)
> +{
> + struct nvdimm *nvdimm = to_nvdimm(dev);
> +
> + if (!nvdimm->key)
> + return NULL;
> +
> + if (key_validate(nvdimm->key) < 0)
> + return NULL;
> +
> + key_get(nvdimm->key);
I look at this and the double key_put() in nvdimm_release() and wonder
if this can be simplified by making the rule be that nvdimm->key, if
it is not NULL, is a valid key and the final put is done by
nvdimm_release(). Whenever the key becomes invalid that operation also
marks nvdimm->key NULL. This does mean we need some extra locking. but
we likely need that anyway because what's to stop the key going
invalid immediately after the key_validate() check above?
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2018-09-29 0:41 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-28 21:53 [PATCH v11 00/12] Adding security support for nvdimm Dave Jiang
2018-09-28 21:53 ` [PATCH v11 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-09-28 21:53 ` [PATCH v11 02/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-09-28 21:53 ` [PATCH v11 03/12] keys: export lookup_user_key to external users Dave Jiang
2018-09-28 21:53 ` [PATCH v11 04/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-29 0:41 ` Dan Williams [this message]
2018-09-28 21:53 ` [PATCH v11 05/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-09-28 21:54 ` [PATCH v11 06/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-09-28 21:54 ` [PATCH v11 07/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-09-28 21:54 ` [PATCH v11 08/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-09-28 21:54 ` [PATCH v11 09/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-09-28 21:54 ` [PATCH v11 10/12] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-09-28 21:54 ` [PATCH v11 11/12] libnvdimm: Drop nvdimm_bus from security_ops interface Dave Jiang
2018-09-28 21:54 ` [PATCH v11 12/12] acpi, nfit: Move acpi_nfit_get_security_ops() to generic location Dave Jiang
2018-09-28 22:12 ` [PATCH v11 00/12] Adding security support for nvdimm Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPcyv4irD-d=U9Y9hvyqg-6=8ST8dPnK1apviuOJ5bt2oX-Oew@mail.gmail.com' \
--to=dan.j.williams@intel.com \
--cc=alison.schofield@intel.com \
--cc=dave.jiang@intel.com \
--cc=dhowells@redhat.com \
--cc=ebiggers3@gmail.com \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).