nvdimm.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Dan Williams <dan.j.williams@intel.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: "Schofield, Alison" <alison.schofield@intel.com>,
	Kees Cook <keescook@chromium.org>,
	linux-nvdimm <linux-nvdimm@lists.01.org>,
	Eric Biggers <ebiggers3@gmail.com>,
	David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org
Subject: Re: [PATCH v11 04/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs
Date: Fri, 28 Sep 2018 17:41:04 -0700	[thread overview]
Message-ID: <CAPcyv4irD-d=U9Y9hvyqg-6=8ST8dPnK1apviuOJ5bt2oX-Oew@mail.gmail.com> (raw)
In-Reply-To: <153817162922.17152.3222889638018212575.stgit@djiang5-desk3.ch.intel.com>

On Fri, Sep 28, 2018 at 2:54 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Add support to allow query the security status of the Intel nvdimms and
> also unlock the dimm via the kernel key management APIs. The passphrase is
> expected to be pulled from userspace through keyutils. Moving the Intel
> related bits to its own source file as well.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> Reviewed-by: Dan Williams <dan.j.williams@intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
[..]
> diff --git a/drivers/nvdimm/dimm.c b/drivers/nvdimm/dimm.c
> index 6c8fb7590838..b6381ddbd6c1 100644
> --- a/drivers/nvdimm/dimm.c
> +++ b/drivers/nvdimm/dimm.c
[..]
> @@ -25,6 +28,119 @@
>
>  static DEFINE_IDA(dimm_ida);
>
> +/*
> + * Find key that's cached with nvdimm
> + */
> +static struct key *nvdimm_get_key(struct device *dev)
> +{
> +       struct nvdimm *nvdimm = to_nvdimm(dev);
> +
> +       if (!nvdimm->key)
> +               return NULL;
> +
> +       if (key_validate(nvdimm->key) < 0)
> +               return NULL;
> +
> +       key_get(nvdimm->key);

I look at this and the double key_put() in nvdimm_release() and wonder
if this can be simplified by making the rule be that nvdimm->key, if
it is not NULL, is a valid key and the final put is done by
nvdimm_release(). Whenever the key becomes invalid that operation also
marks nvdimm->key NULL. This does mean we need some extra locking. but
we likely need that anyway because what's to stop the key going
invalid immediately after the key_validate() check above?
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

  reply	other threads:[~2018-09-29  0:41 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-28 21:53 [PATCH v11 00/12] Adding security support for nvdimm Dave Jiang
2018-09-28 21:53 ` [PATCH v11 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-09-28 21:53 ` [PATCH v11 02/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-09-28 21:53 ` [PATCH v11 03/12] keys: export lookup_user_key to external users Dave Jiang
2018-09-28 21:53 ` [PATCH v11 04/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-29  0:41   ` Dan Williams [this message]
2018-09-28 21:53 ` [PATCH v11 05/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-09-28 21:54 ` [PATCH v11 06/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-09-28 21:54 ` [PATCH v11 07/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-09-28 21:54 ` [PATCH v11 08/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-09-28 21:54 ` [PATCH v11 09/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-09-28 21:54 ` [PATCH v11 10/12] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-09-28 21:54 ` [PATCH v11 11/12] libnvdimm: Drop nvdimm_bus from security_ops interface Dave Jiang
2018-09-28 21:54 ` [PATCH v11 12/12] acpi, nfit: Move acpi_nfit_get_security_ops() to generic location Dave Jiang
2018-09-28 22:12 ` [PATCH v11 00/12] Adding security support for nvdimm Dan Williams

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPcyv4irD-d=U9Y9hvyqg-6=8ST8dPnK1apviuOJ5bt2oX-Oew@mail.gmail.com' \
    --to=dan.j.williams@intel.com \
    --cc=alison.schofield@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dhowells@redhat.com \
    --cc=ebiggers3@gmail.com \
    --cc=keescook@chromium.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    --subject='Re: [PATCH v11 04/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).