From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: <linux-cxl@vger.kernel.org>, <nvdimm@lists.linux.dev>,
<dan.j.williams@intel.com>, <bwidawsk@kernel.org>,
<ira.weiny@intel.com>, <vishal.l.verma@intel.com>,
<alison.schofield@intel.com>, <dave@stgolabs.net>
Subject: Re: [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support
Date: Wed, 3 Aug 2022 18:15:56 +0100 [thread overview]
Message-ID: <20220803181556.000059ea@huawei.com> (raw)
In-Reply-To: <165791934143.2491387.18407792819271591669.stgit@djiang5-desk3.ch.intel.com>
On Fri, 15 Jul 2022 14:09:01 -0700
Dave Jiang <dave.jiang@intel.com> wrote:
> Add support to emulate a CXL mem device supporting the "Set Passphrase"
> operation. The operation supports setting of either a user or a master
> passphrase.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Hi Dave,
A few comments inline.
Thanks,
Jonathan
> ---
> tools/testing/cxl/test/mem.c | 76 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 76 insertions(+)
>
> diff --git a/tools/testing/cxl/test/mem.c b/tools/testing/cxl/test/mem.c
> index 337e5a099d31..796f4f7b5e3d 100644
> --- a/tools/testing/cxl/test/mem.c
> +++ b/tools/testing/cxl/test/mem.c
> @@ -12,8 +12,14 @@
> struct mock_mdev_data {
> void *lsa;
> u32 security_state;
> + u8 user_pass[NVDIMM_PASSPHRASE_LEN];
> + u8 master_pass[NVDIMM_PASSPHRASE_LEN];
> + int user_limit;
> + int master_limit;
> };
>
> +#define PASS_TRY_LIMIT 3
> +
> #define LSA_SIZE SZ_128K
> #define EFFECT(x) (1U << x)
>
> @@ -162,6 +168,73 @@ static int mock_get_security_state(struct cxl_dev_state *cxlds,
> return 0;
> }
>
> +static int mock_set_passphrase(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)
> +{
> + struct mock_mdev_data *mdata = dev_get_drvdata(cxlds->dev);
> + struct cxl_set_pass *set_pass;
> +
> + if (cmd->size_in != sizeof(*set_pass)) {
> + cmd->return_code = CXL_MBOX_CMD_RC_INPUT;
If it makes sense to set I think this should be invalid payload length.
> + return -EINVAL;
> + }
> +
> + if (cmd->size_out != 0) {
> + cmd->return_code = CXL_MBOX_CMD_RC_INPUT;
As before. I'm not 100% sure this is actually an error from
device point of view (it fills the buffer whatever). Obviously
it's an error in the software so return -EINVAL makes sense.
> + return -EINVAL;
> + }
> +
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_FROZEN) {
> + cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> + return -ENXIO;
> + }
> +
> + set_pass = cmd->payload_in;
> + switch (set_pass->type) {
> + case CXL_PMEM_SEC_PASS_MASTER:
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PLIMIT) {
> + cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> + return -ENXIO;
> + }
> + /*
> + * CXL spec v2.0 8.2.9.5.6.2, The master pasphrase shall only be set in
> + * the security disabled state when the user passphrase is not set.
> + */
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PASS_SET) {
> + cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> + return -ENXIO;
> + }
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PASS_SET &&
> + memcmp(mdata->master_pass, set_pass->old_pass, NVDIMM_PASSPHRASE_LEN)) {
> + if (++mdata->master_limit == PASS_TRY_LIMIT)
> + mdata->security_state |= CXL_PMEM_SEC_STATE_MASTER_PLIMIT;
> + cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;
> + return -ENXIO;
> + }
> + memcpy(mdata->master_pass, set_pass->new_pass, NVDIMM_PASSPHRASE_LEN);
> + break;
> +
> + case CXL_PMEM_SEC_PASS_USER:
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PLIMIT) {
> + cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> + return -ENXIO;
> + }
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PASS_SET &&
> + memcmp(mdata->user_pass, set_pass->old_pass, NVDIMM_PASSPHRASE_LEN)) {
> + if (++mdata->user_limit == PASS_TRY_LIMIT)
> + mdata->security_state |= CXL_PMEM_SEC_STATE_USER_PLIMIT;
> + cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;
> + return -ENXIO;
> + }
> + memcpy(mdata->user_pass, set_pass->new_pass, NVDIMM_PASSPHRASE_LEN);
> + break;
> +
> + default:
> + cmd->return_code = CXL_MBOX_CMD_RC_INPUT;
> + return -EINVAL;
> + }
I would directly return rather than break; above as reduces the code someone following
either case needs to look at. + saves a whole 1 line of code ;)
> + return 0;
> +}
> +
> static int mock_get_lsa(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)
> {
> struct cxl_mbox_get_lsa *get_lsa = cmd->payload_in;
> @@ -257,6 +330,9 @@ static int cxl_mock_mbox_send(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *
> case CXL_MBOX_OP_GET_SECURITY_STATE:
> rc = mock_get_security_state(cxlds, cmd);
> break;
> + case CXL_MBOX_OP_SET_PASSPHRASE:
> + rc = mock_set_passphrase(cxlds, cmd);
> + break;
> default:
> break;
> }
>
>
next prev parent reply other threads:[~2022-08-03 17:16 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 21:08 [PATCH RFC 00/15] Introduce security commands for CXL pmem device Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 01/15] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-07-15 21:09 ` Davidlohr Bueso
2022-08-03 16:29 ` Jonathan Cameron
2022-07-18 5:34 ` [PATCH RFC 1/15] " Davidlohr Bueso
2022-07-15 21:08 ` [PATCH RFC 02/15] tools/testing/cxl: Create context for cxl mock device Dave Jiang
2022-07-18 6:29 ` [PATCH RFC 2/15] " Davidlohr Bueso
2022-08-03 16:36 ` [PATCH RFC 02/15] " Jonathan Cameron
2022-08-09 20:30 ` Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 03/15] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-08-03 16:51 ` Jonathan Cameron
2022-07-15 21:08 ` [PATCH RFC 04/15] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang
2022-07-18 6:36 ` [PATCH RFC 4/15] " Davidlohr Bueso
2022-07-19 18:55 ` Dave Jiang
2022-08-03 17:01 ` [PATCH RFC 04/15] " Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-08-03 17:15 ` Jonathan Cameron [this message]
2022-07-15 21:09 ` [PATCH RFC 06/15] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-08-03 17:21 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 08/15] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 09/15] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 10/15] x86: add an arch helper function to invalidate all cache for nvdimm Dave Jiang
2022-07-18 5:30 ` Davidlohr Bueso
2022-07-19 19:07 ` Dave Jiang
2022-08-03 17:37 ` Jonathan Cameron
2022-08-09 21:47 ` Dave Jiang
2022-08-10 14:15 ` Mark Rutland
2022-08-10 14:31 ` Eliot Moss
2022-08-10 18:09 ` Mark Rutland
2022-08-10 18:11 ` Eliot Moss
2022-08-10 20:06 ` Dan Williams
2022-08-10 21:13 ` Davidlohr Bueso
2022-08-10 21:30 ` Dan Williams
2022-08-10 21:31 ` Davidlohr Bueso
2022-08-15 16:07 ` [PATCH] arch/cacheflush: Introduce flush_all_caches() Davidlohr Bueso
2022-08-16 9:01 ` Peter Zijlstra
2022-08-16 16:50 ` Dan Williams
2022-08-16 16:53 ` Davidlohr Bueso
2022-08-16 17:42 ` Dan Williams
2022-08-16 17:52 ` Davidlohr Bueso
2022-08-16 18:49 ` Dan Williams
2022-08-17 7:53 ` Peter Zijlstra
2022-08-17 7:49 ` Peter Zijlstra
2022-07-15 21:09 ` [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-08-04 13:19 ` Jonathan Cameron
2022-08-09 22:31 ` Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 12/15] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 13/15] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-07-20 6:17 ` Davidlohr Bueso
2022-07-20 17:38 ` Dave Jiang
2022-07-20 18:02 ` Davidlohr Bueso
2022-07-15 21:09 ` [PATCH RFC 14/15] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-07-15 21:10 ` [PATCH RFC 15/15] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-07-15 21:29 ` [PATCH RFC 00/15] Introduce security commands for CXL pmem device Davidlohr Bueso
2022-07-19 18:53 ` Dave Jiang
2022-08-03 17:03 ` Jonathan Cameron
2022-08-08 22:18 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220803181556.000059ea@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=alison.schofield@intel.com \
--cc=bwidawsk@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox