From: Alison Schofield <alison.schofield@intel.com>
To: nvdimm@lists.linux.dev, linux-cxl@vger.kernel.org
Cc: Alison Schofield <alison.schofield@intel.com>
Subject: [ndctl PATCH] test/cxl-security.sh: test dimm unlock with a large serial number
Date: Wed, 1 Jul 2026 17:34:03 -0700 [thread overview]
Message-ID: <20260702003407.1611731-1-alison.schofield@intel.com> (raw)
The existing CXL unlock test exposed the hexadecimal-vs-decimal key
description mismatch once cxl_test mock serial numbers were extended
to 10 and above. Serials with bit 63 set expose a second formatting
problem in that the kernel formats the decimal serial as signed,
rendering it as a negative value.
Extend the existing "unlock dimm" test to repeat the unlock against a
mock memdev with a full-width serial that has bit 63 set. Refactor the
common unlock sequence into an unlock_dimm() helper so the signedness
case follows the same test flow as the original key lookup case.
Signed-off-by: Alison Schofield <alison.schofield@intel.com>
---
test/cxl-security | 24 ++++++++++++++++++++++++
test/security.sh | 16 ++++++++++++++--
2 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/test/cxl-security b/test/cxl-security
index 9a28ffd82b0b..39b7e001ce08 100644
--- a/test/cxl-security
+++ b/test/cxl-security
@@ -9,6 +9,30 @@ detect()
[ -n "$id" ] || err "$LINENO"
}
+# Select the mock memdev whose serial has bit 63 set. Match on the hex
+# spelling of 'id' because the value exceeds signed 64-bit shell arithmetic.
+# A 16-digit hex value with a leading nibble of 8-f has bit 63 set.
+detect_big_serial()
+{
+ local d i hex
+
+ dev=""
+ for d in $($NDCTL list -b "$CXL_TEST_BUS" -D | jq -r '.[].dev'); do
+ i="$($NDCTL list -b "$CXL_TEST_BUS" -D -d "$d" | \
+ jq -r '.[0].id')"
+ hex="$(printf '%x' "$i" 2>/dev/null)" || continue
+ case "${#hex}:${hex:0:1}" in
+ 16:[89a-fA-F])
+ dev="$d"
+ id="$i"
+ break
+ ;;
+ esac
+ done
+
+ [ -n "$dev" ] || err "$LINENO: no serial with bit 63 set found"
+}
+
lock_dimm()
{
$NDCTL disable-dimm "$dev"
diff --git a/test/security.sh b/test/security.sh
index d3a840c23276..72bb570142ed 100755
--- a/test/security.sh
+++ b/test/security.sh
@@ -144,7 +144,7 @@ test_3_security_setup_and_erase()
erase_security
}
-test_4_security_unlock()
+unlock_dimm()
{
setup_passphrase
lock_dimm
@@ -158,6 +158,18 @@ test_4_security_unlock()
remove_passphrase
}
+test_4_security_unlock()
+{
+ unlock_dimm
+
+ if [ "$1" = "cxl" ] && check_min_kver "7.3"; then
+ detect_big_serial
+ unlock_dimm
+ # Restore the default device selection for later tests.
+ detect
+ fi
+}
+
# This should always be the last nvdimm security test.
# with security frozen, nfit_test must be removed and is no longer usable
test_5_security_freeze()
@@ -241,7 +253,7 @@ test_2_security_setup_and_update
echo "Test 3, security setup and erase"
test_3_security_setup_and_erase
echo "Test 4, unlock dimm"
-test_4_security_unlock
+test_4_security_unlock "$1"
# Freeze should always be the last nvdimm security test because it locks
# security state and require nfit_test module unload. However, this does
base-commit: 5fcbbee57319e718bf522436ea6595bd0f71296c
--
2.37.3
next reply other threads:[~2026-07-02 0:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-02 0:34 Alison Schofield [this message]
2026-07-03 6:34 ` [ndctl PATCH] test/cxl-security.sh: test dimm unlock with a large serial number Richard Cheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260702003407.1611731-1-alison.schofield@intel.com \
--to=alison.schofield@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.