nvdimm.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Dave Jiang <dave.jiang@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: alison.schofield@intel.com, keescook@chromium.org,
	linux-nvdimm@lists.01.org, ebiggers3@gmail.com,
	keyrings@vger.kernel.org
Subject: Re: [PATCH v8 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms
Date: Fri, 21 Sep 2018 17:25:08 -0700	[thread overview]
Message-ID: <c804ec81-68c5-3e11-c65f-1226e68a4b2b@intel.com> (raw)
In-Reply-To: <19459.1537574236@warthog.procyon.org.uk>



On 09/21/2018 04:57 PM, David Howells wrote:
> Dave Jiang <dave.jiang@intel.com> wrote:
> 
>> +	new_key = key_alloc(&key_type_logon, key->description,
>> +			GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, &init_cred, 0,
> 
> KEY_POS_SEARCH?  KEY_USR_VIEW?
> 
>> +			KEY_ALLOC_NOT_IN_QUOTA, NULL);
>> + ...
>> +	down_read(&key->sem);
>> +	payload = key->payload.data[0];
>> +	rc = key_instantiate_and_link(new_key, payload->data, key->datalen,
> 
> payload->datalen, not key->datalen.
> 
>> +			nvdimm_keyring, NULL);
> 
> Okay, that's a weird way of going about things.  I presume you don't want to
> add key to nvdimm_keyring - maybe in case it gets updated whilst you're using
> it and your private key isn't in quota?
> 
>> +	up_read(&key->sem);
>> +	if (rc < 0) {
>> +		key_revoke(new_key);
>> +		key_put(new_key);
>> +		return NULL;
>> +	}
> 
> Just putting it here should work since it didn't get linked to the keyring if
> any errors occurred.  Revoking it too shouldn't be necessary.
> 
>> +	key_invalidate(key);
>> +	key_put(key);
> 
> Why are you invalidating the user's key?
> 
>> +	keyref = lookup_user_key(id, 0, 0);
> 
> KEY_NEED_SEARCH?  Though I suppose it's not strictly necessary as it's a key
> that's private to the kernel.
> 
>> +	if (old_keyid != 0) {
>> +		old_key = nvdimm_get_key(dev);
>> +		if (old_key) {
>> +			if (key_serial(old_key) != old_keyid) {
> 
> Ummm...  That's not what I meant.  Given the permissions you've set on your
> private key, userspace shouldn't be able to find it, let alone give you the
> key ID.
> 
> What I meant here was to use, say, nvdimm_lookup_user_key() to get a key from
> userspace that contains the old password.  You can use the description of the
> key to search nvdimm_keyring for the private key and then compare the
> passwords.

Ok I have a bit of confusion here. When the user injects a new key with
the same description and new passphrase, would that not replace the
existing user key with the old passphrase? Also, if I'm calling
lookup_user_key, where would the key_id come from for the old user key?
I suppose I can cache it.... Maybe I'm not quite understanding the exact
flow of how things you are suggesting.

> 
> Then you don't need to passphrases in the new key.
> 
>> +	rc = nvdimm_check_key_len(key->datalen, update);
> 
> payload->datalen.
> 
>> +	down_read(&key->sem);
> 
> This needs to be earlier.  The payload attached to the new key can be replaced
> by keyctl_update() at any time whilst you're not holding the lock, so you
> cannot use key->payload[*] without holding the lock or the RCU read lock.
> 
>> +	if (update)
>> +		key_invalidate(key);
> 
> The key doesn't belong to you - should you really be invalidating it?
> 
>> +	else {
>> +		key_link(nvdimm_keyring, key);
>> +		nvdimm->key = key;
>> +		key->perm |= KEY_USR_SEARCH;
>> +	}
> 
> Um - do you really want to be taking the key into your internal keyring?  Why
> aren't you calling nvdimm_replace_key()?  Also, you shouldn't alter the
> permission - it's not your key.
> 
>> +static int __parse_update(const char *buf, size_t len, unsigned int *old_id,
>> +		unsigned int *new_id)
>> +{
> 
> Try using sscanf()?
> 
> David
> 
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

  reply	other threads:[~2018-09-22  0:25 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-28 22:47 [PATCH v8 00/12] Adding security support for nvdimm Dave Jiang
2018-08-28 22:47 ` [PATCH v8 01/12] nfit: add support for Intel DSM 1.7 commands Dave Jiang
2018-08-28 22:47 ` [PATCH v8 02/12] libnvdimm: create keyring to store security keys Dave Jiang
2018-09-22  0:19   ` Dan Williams
2018-09-24 21:04   ` David Howells
2018-09-24 21:12     ` Dave Jiang
2018-08-28 22:47 ` [PATCH v8 03/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm Dave Jiang
2018-08-28 22:47 ` [PATCH v8 04/12] keys: export lookup_user_key to external users Dave Jiang
2018-09-21 21:59   ` Dan Williams
2018-09-21 22:02     ` Dave Jiang
2018-09-21 23:05   ` David Howells
2018-08-28 22:47 ` [PATCH v8 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs Dave Jiang
2018-09-23  0:10   ` Dan Williams
2018-08-28 22:47 ` [PATCH v8 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms Dave Jiang
2018-08-28 22:47 ` [PATCH v8 07/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm Dave Jiang
2018-08-28 22:48 ` [PATCH v8 08/12] nfit/libnvdimm: add freeze security " Dave Jiang
2018-08-28 22:48 ` [PATCH v8 09/12] nfit/libnvdimm: add support for issue secure erase DSM " Dave Jiang
2018-08-28 22:48 ` [PATCH v8 10/12] nfit_test: add context to dimm_dev for nfit_test Dave Jiang
2018-08-28 22:48 ` [PATCH v8 11/12] nfit_test: add test support for Intel nvdimm security DSMs Dave Jiang
2018-08-28 22:48 ` [PATCH v8 12/12] libnvdimm: add documentation for nvdimm security support Dave Jiang
2018-09-21 23:07 ` [PATCH v8 02/12] libnvdimm: create keyring to store security keys David Howells
2018-09-21 23:20 ` [PATCH v8 05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs David Howells
2018-09-21 23:27   ` Dave Jiang
2018-09-21 23:51     ` Dan Williams
2018-09-21 23:57 ` [PATCH v8 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms David Howells
2018-09-22  0:25   ` Dave Jiang [this message]
2018-09-22  1:26     ` Dan Williams
2018-09-22  0:01 ` [PATCH v8 04/12] keys: export lookup_user_key to external users David Howells
2018-09-24 21:02 ` [PATCH v8 02/12] libnvdimm: create keyring to store security keys David Howells
2018-09-24 21:15   ` Dave Jiang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c804ec81-68c5-3e11-c65f-1226e68a4b2b@intel.com \
    --to=dave.jiang@intel.com \
    --cc=alison.schofield@intel.com \
    --cc=dhowells@redhat.com \
    --cc=ebiggers3@gmail.com \
    --cc=keescook@chromium.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-nvdimm@lists.01.org \
    --subject='Re: [PATCH v8 06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).