[PATCH 3/3] nvme: Check if drive is locked using ATA Security

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel@jbeekman.nl (Jethro Beekman)
Subject: [PATCH 3/3] nvme: Check if drive is locked using ATA Security
Date: Sun, 19 Jun 2016 16:06:34 -0700	[thread overview]
Message-ID: <20160619230634.17229-4-kernel@jbeekman.nl> (raw)
In-Reply-To: <20160619230634.17229-1-kernel@jbeekman.nl>

Signed-off-by: Jethro Beekman <kernel at jbeekman.nl>
---
 drivers/nvme/host/core.c | 49 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index da027ed..0164122 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1389,10 +1389,57 @@ int nvme_security_recv(struct nvme_ctrl *dev, u8 protocol, void *buf,
 	return nvme_submit_sync_cmd(dev->admin_q, &c, buf, len);
 }
 
+#define OACS_SECURITY (1<<0)
+#define SCSI_SECURITY_PROTOCOL_ATA_SECURITY 0xef
+#define ATA_SECURITY_LOCKED 0x4
+
 static bool nvme_security_is_locked(struct nvme_ctrl *ctrl,
 		struct nvme_id_ctrl *id)
 {
-	return false;
+	int err;
+	unsigned int i;
+	bool found;
+	u8 protocols[256+8]; /* 8 byte hdr + max number of possible protocols */
+	u8 ata_security[16];
+	u16 n;
+
+	/* security commands supported? */
+	if (!(le16_to_cpu(id->oacs) & OACS_SECURITY))
+		return false;
+
+	/* list security protocols */
+	err = nvme_security_recv(ctrl, 0, protocols, sizeof(protocols));
+	if (err) {
+		dev_warn(ctrl->device, "nvme_security_recv returned error %xh\n",
+					err);
+		return false;
+	}
+
+	/* find ata security protocol */
+	n = be16_to_cpup((__be16 *)(protocols+6));
+	if (n >= 256) {
+		dev_warn(ctrl->device, "security info protocol returned more than 256 protocols\n");
+		return false;
+	}
+	found = false;
+	for (i = 0; i <= n; i++) {
+		if (protocols[8+i] == SCSI_SECURITY_PROTOCOL_ATA_SECURITY) {
+			found = true;
+			break;
+		}
+	}
+	if (!found)
+		return false;
+
+	/* do ata security identify */
+	err = nvme_security_recv(ctrl, SCSI_SECURITY_PROTOCOL_ATA_SECURITY,
+			ata_security, sizeof(ata_security))
+	if (err) {
+		dev_warn(ctrl->device, "nvme_security_recv returned error %xh\n",
+					err);
+		return false;
+	}
+	return ata_security[1] == 0xe && (ata_security[9]&ATA_SECURITY_LOCKED);
 }
 
 void nvme_scan_namespaces(struct nvme_ctrl *ctrl)
-- 
2.9.0

WARNING: multiple messages have this Message-ID (diff)

From: Jethro Beekman <kernel@jbeekman.nl>
To: keith.busch@intel.com, axboe@fb.com,
	linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org
Cc: Jethro Beekman <kernel@jbeekman.nl>
Subject: [PATCH 3/3] nvme: Check if drive is locked using ATA Security
Date: Sun, 19 Jun 2016 16:06:34 -0700	[thread overview]
Message-ID: <20160619230634.17229-4-kernel@jbeekman.nl> (raw)
In-Reply-To: <20160619230634.17229-1-kernel@jbeekman.nl>

Signed-off-by: Jethro Beekman <kernel@jbeekman.nl>
---
 drivers/nvme/host/core.c | 49 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index da027ed..0164122 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1389,10 +1389,57 @@ int nvme_security_recv(struct nvme_ctrl *dev, u8 protocol, void *buf,
 	return nvme_submit_sync_cmd(dev->admin_q, &c, buf, len);
 }
 
+#define OACS_SECURITY (1<<0)
+#define SCSI_SECURITY_PROTOCOL_ATA_SECURITY 0xef
+#define ATA_SECURITY_LOCKED 0x4
+
 static bool nvme_security_is_locked(struct nvme_ctrl *ctrl,
 		struct nvme_id_ctrl *id)
 {
-	return false;
+	int err;
+	unsigned int i;
+	bool found;
+	u8 protocols[256+8]; /* 8 byte hdr + max number of possible protocols */
+	u8 ata_security[16];
+	u16 n;
+
+	/* security commands supported? */
+	if (!(le16_to_cpu(id->oacs) & OACS_SECURITY))
+		return false;
+
+	/* list security protocols */
+	err = nvme_security_recv(ctrl, 0, protocols, sizeof(protocols));
+	if (err) {
+		dev_warn(ctrl->device, "nvme_security_recv returned error %xh\n",
+					err);
+		return false;
+	}
+
+	/* find ata security protocol */
+	n = be16_to_cpup((__be16 *)(protocols+6));
+	if (n >= 256) {
+		dev_warn(ctrl->device, "security info protocol returned more than 256 protocols\n");
+		return false;
+	}
+	found = false;
+	for (i = 0; i <= n; i++) {
+		if (protocols[8+i] == SCSI_SECURITY_PROTOCOL_ATA_SECURITY) {
+			found = true;
+			break;
+		}
+	}
+	if (!found)
+		return false;
+
+	/* do ata security identify */
+	err = nvme_security_recv(ctrl, SCSI_SECURITY_PROTOCOL_ATA_SECURITY,
+			ata_security, sizeof(ata_security))
+	if (err) {
+		dev_warn(ctrl->device, "nvme_security_recv returned error %xh\n",
+					err);
+		return false;
+	}
+	return ata_security[1] == 0xe && (ata_security[9]&ATA_SECURITY_LOCKED);
 }
 
 void nvme_scan_namespaces(struct nvme_ctrl *ctrl)
-- 
2.9.0

next prev parent reply	other threads:[~2016-06-19 23:06 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-19 23:06 [PATCH 0/3] nvme: Don't add namespaces for locked drives Jethro Beekman
2016-06-19 23:06 ` Jethro Beekman
2016-06-19 23:06 ` [PATCH 1/3] nvme: When scanning namespaces, make sure the drive is not locked Jethro Beekman
2016-06-19 23:06   ` Jethro Beekman
2016-06-24  8:12   ` Christoph Hellwig
2016-06-24  8:12     ` Christoph Hellwig
2016-06-19 23:06 ` [PATCH 2/3] nvme: Add function for NVMe security receive command Jethro Beekman
2016-06-19 23:06   ` Jethro Beekman
2016-06-19 23:06 ` Jethro Beekman [this message]
2016-06-19 23:06   ` [PATCH 3/3] nvme: Check if drive is locked using ATA Security Jethro Beekman
2016-06-24  8:09   ` Christoph Hellwig
2016-06-24  8:09     ` Christoph Hellwig
2016-06-20  6:46 ` [PATCH 0/3] nvme: Don't add namespaces for locked drives Sagi Grimberg
2016-06-20  6:46   ` Sagi Grimberg
2016-06-24  8:09   ` Christoph Hellwig
2016-06-24  8:09     ` Christoph Hellwig
2016-06-20 15:26 ` Keith Busch
2016-06-20 15:26   ` Keith Busch
2016-06-20 18:21   ` Jethro Beekman
2016-06-20 18:21     ` Jethro Beekman
2016-06-20 22:54     ` Keith Busch
2016-06-20 22:54       ` Keith Busch
2016-06-21  3:50       ` Jethro Beekman
2016-06-21  3:50         ` Jethro Beekman
2016-06-24  7:43         ` Christoph Hellwig
2016-06-24  7:43           ` Christoph Hellwig
2016-06-24  8:11   ` Christoph Hellwig
2016-06-24  8:11     ` Christoph Hellwig
2016-06-24  7:37 ` Christoph Hellwig
2016-06-24  7:37   ` Christoph Hellwig
2016-06-24  7:45   ` Jethro Beekman
2016-06-24  7:45     ` Jethro Beekman
2016-06-24  8:00     ` Christoph Hellwig
2016-06-24  8:00       ` Christoph Hellwig

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:da027ed dfblob:0164122 dfblob:da027ed dfblob:0164122 )
 OR (
bs:"[PATCH 3/3] nvme: Check if drive is locked using ATA Security" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160619230634.17229-4-kernel@jbeekman.nl \
    --to=kernel@jbeekman.nl \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.