Re: [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support

Linux CXL
 help / color / mirror / Atom feed

From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: <linux-cxl@vger.kernel.org>, <nvdimm@lists.linux.dev>,
	<dan.j.williams@intel.com>, <bwidawsk@kernel.org>,
	<ira.weiny@intel.com>, <vishal.l.verma@intel.com>,
	<alison.schofield@intel.com>, <dave@stgolabs.net>
Subject: Re: [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support
Date: Wed, 3 Aug 2022 18:23:00 +0100	[thread overview]
Message-ID: <20220803182300.000028c7@huawei.com> (raw)
In-Reply-To: <165791935297.2491387.8950514630973579122.stgit@djiang5-desk3.ch.intel.com>

On Fri, 15 Jul 2022 14:09:12 -0700
Dave Jiang <dave.jiang@intel.com> wrote:

> Add support to emulate a CXL mem device support the "Disable Passphrase"
> operation. The operation supports disabling of either a user or a master
> passphrase. The emulation will provide support for both user and master
> passphrase.
> 
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Similar comments as for earlier test patches.

Thanks,

Jonathan

> ---
>  tools/testing/cxl/test/mem.c |   80 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 80 insertions(+)
> 
> diff --git a/tools/testing/cxl/test/mem.c b/tools/testing/cxl/test/mem.c
> index 796f4f7b5e3d..5f87a94d92ae 100644
> --- a/tools/testing/cxl/test/mem.c
> +++ b/tools/testing/cxl/test/mem.c
> @@ -235,6 +235,83 @@ static int mock_set_passphrase(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd
>  	return 0;
>  }
>  
> +static int mock_disable_passphrase(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)
> +{
> +	struct mock_mdev_data *mdata = dev_get_drvdata(cxlds->dev);
> +	struct cxl_disable_pass *dis_pass;
> +
> +	if (cmd->size_in != sizeof(*dis_pass)) {
> +		cmd->return_code = CXL_MBOX_CMD_RC_INPUT;

Same as in earlier patches.  I think return code is wrong and not seeing why it's useful
to set it.

> +		return -EINVAL;
> +	}
> +
> +	if (cmd->size_out != 0) {
> +		cmd->return_code = CXL_MBOX_CMD_RC_INPUT;
> +		return -EINVAL;
> +	}
> +
> +	if (mdata->security_state & CXL_PMEM_SEC_STATE_FROZEN) {
> +		cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> +		return -ENXIO;
> +	}
> +
> +	dis_pass = cmd->payload_in;
> +	switch (dis_pass->type) {
> +	case CXL_PMEM_SEC_PASS_MASTER:
> +		if (mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PLIMIT) {
> +			cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> +			return -ENXIO;
> +		}
> +
> +		if (!(mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PASS_SET)) {
> +			cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> +			return -ENXIO;
> +		}
> +
> +		if (memcmp(dis_pass->pass, mdata->master_pass, NVDIMM_PASSPHRASE_LEN)) {
> +			if (++mdata->master_limit == PASS_TRY_LIMIT)
> +				mdata->security_state |= CXL_PMEM_SEC_STATE_MASTER_PLIMIT;
> +			cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;
> +			return -ENXIO;
> +		}
> +
> +		mdata->master_limit = 0;
> +		memset(mdata->master_pass, 0, NVDIMM_PASSPHRASE_LEN);
> +		mdata->security_state &= ~CXL_PMEM_SEC_STATE_MASTER_PASS_SET;
> +		break;
> +
> +	case CXL_PMEM_SEC_PASS_USER:
> +		if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PLIMIT) {
> +			cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> +			return -ENXIO;
> +		}
> +
> +		if (!(mdata->security_state & CXL_PMEM_SEC_STATE_USER_PASS_SET)) {
> +			cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> +			return -ENXIO;
> +		}
> +
> +		if (memcmp(dis_pass->pass, mdata->user_pass, NVDIMM_PASSPHRASE_LEN)) {
> +			if (++mdata->user_limit == PASS_TRY_LIMIT)
> +				mdata->security_state |= CXL_PMEM_SEC_STATE_USER_PLIMIT;
> +			cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;
> +			return -ENXIO;
> +		}
> +
> +		mdata->user_limit = 0;
> +		memset(mdata->user_pass, 0, NVDIMM_PASSPHRASE_LEN);
> +		mdata->security_state &= ~(CXL_PMEM_SEC_STATE_USER_PASS_SET |
> +					   CXL_PMEM_SEC_STATE_LOCKED);
> +		break;
Similar comment to before. I'd return 0 here and in above case to slightly improve
readability.

> +
> +	default:
> +		cmd->return_code = CXL_MBOX_CMD_RC_INPUT;
> +		return -EINVAL;
> +	}
> +
> +	return 0;
> +}
> +
>  static int mock_get_lsa(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)
>  {
>  	struct cxl_mbox_get_lsa *get_lsa = cmd->payload_in;
> @@ -333,6 +410,9 @@ static int cxl_mock_mbox_send(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *
>  	case CXL_MBOX_OP_SET_PASSPHRASE:
>  		rc = mock_set_passphrase(cxlds, cmd);
>  		break;
> +	case CXL_MBOX_OP_DISABLE_PASSPHRASE:
> +		rc = mock_disable_passphrase(cxlds, cmd);
> +		break;
>  	default:
>  		break;
>  	}
> 
>

next prev parent reply	other threads:[~2022-08-03 17:23 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-15 21:08 [PATCH RFC 00/15] Introduce security commands for CXL pmem device Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 01/15] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-07-15 21:09   ` Davidlohr Bueso
2022-08-03 16:29     ` Jonathan Cameron
2022-07-18  5:34   ` [PATCH RFC 1/15] " Davidlohr Bueso
2022-07-15 21:08 ` [PATCH RFC 02/15] tools/testing/cxl: Create context for cxl mock device Dave Jiang
2022-07-18  6:29   ` [PATCH RFC 2/15] " Davidlohr Bueso
2022-08-03 16:36   ` [PATCH RFC 02/15] " Jonathan Cameron
2022-08-09 20:30     ` Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 03/15] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-08-03 16:51   ` Jonathan Cameron
2022-07-15 21:08 ` [PATCH RFC 04/15] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang
2022-07-18  6:36   ` [PATCH RFC 4/15] " Davidlohr Bueso
2022-07-19 18:55     ` Dave Jiang
2022-08-03 17:01   ` [PATCH RFC 04/15] " Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-08-03 17:15   ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 06/15] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-08-03 17:21   ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-08-03 17:23   ` Jonathan Cameron [this message]
2022-07-15 21:09 ` [PATCH RFC 08/15] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-08-03 17:23   ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 09/15] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 10/15] x86: add an arch helper function to invalidate all cache for nvdimm Dave Jiang
2022-07-18  5:30   ` Davidlohr Bueso
2022-07-19 19:07     ` Dave Jiang
2022-08-03 17:37       ` Jonathan Cameron
2022-08-09 21:47         ` Dave Jiang
2022-08-10 14:15           ` Mark Rutland
2022-08-10 14:31             ` Eliot Moss
2022-08-10 18:09               ` Mark Rutland
2022-08-10 18:11                 ` Eliot Moss
2022-08-10 20:06             ` Dan Williams
2022-08-10 21:13               ` Davidlohr Bueso
2022-08-10 21:30                 ` Dan Williams
2022-08-10 21:31                   ` Davidlohr Bueso
2022-08-15 16:07               ` [PATCH] arch/cacheflush: Introduce flush_all_caches() Davidlohr Bueso
2022-08-16  9:01                 ` Peter Zijlstra
2022-08-16 16:50                   ` Dan Williams
2022-08-16 16:53                     ` Davidlohr Bueso
2022-08-16 17:42                       ` Dan Williams
2022-08-16 17:52                         ` Davidlohr Bueso
2022-08-16 18:49                           ` Dan Williams
2022-08-17  7:53                             ` Peter Zijlstra
2022-08-17  7:49                         ` Peter Zijlstra
2022-07-15 21:09 ` [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-08-04 13:19   ` Jonathan Cameron
2022-08-09 22:31     ` Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 12/15] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 13/15] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-07-20  6:17   ` Davidlohr Bueso
2022-07-20 17:38     ` Dave Jiang
2022-07-20 18:02       ` Davidlohr Bueso
2022-07-15 21:09 ` [PATCH RFC 14/15] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-07-15 21:10 ` [PATCH RFC 15/15] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-07-15 21:29 ` [PATCH RFC 00/15] Introduce security commands for CXL pmem device Davidlohr Bueso
2022-07-19 18:53   ` Dave Jiang
2022-08-03 17:03 ` Jonathan Cameron
2022-08-08 22:18   ` Dave Jiang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220803182300.000028c7@huawei.com \
    --to=jonathan.cameron@huawei.com \
    --cc=alison.schofield@intel.com \
    --cc=bwidawsk@kernel.org \
    --cc=dan.j.williams@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dave@stgolabs.net \
    --cc=ira.weiny@intel.com \
    --cc=linux-cxl@vger.kernel.org \
    --cc=nvdimm@lists.linux.dev \
    --cc=vishal.l.verma@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox