From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Dave Jiang <dave.jiang@intel.com>
Cc: <linux-cxl@vger.kernel.org>, <nvdimm@lists.linux.dev>,
<dan.j.williams@intel.com>, <ira.weiny@intel.com>,
<vishal.l.verma@intel.com>, <alison.schofield@intel.com>,
<dave@stgolabs.net>
Subject: Re: [PATCH v3 12/18] tools/testing/cxl: Add "passphrase secure erase" opcode support
Date: Fri, 11 Nov 2022 10:37:48 +0000 [thread overview]
Message-ID: <20221111103748.000051c5@Huawei.com> (raw)
In-Reply-To: <166792839079.3767969.17718924625264191957.stgit@djiang5-desk3.ch.intel.com>
On Tue, 08 Nov 2022 10:26:30 -0700
Dave Jiang <dave.jiang@intel.com> wrote:
> Add support to emulate a CXL mem device support the "passphrase secure
> erase" operation.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Hi Dave,
My feedback in previous version was in the wrong place and I think that
led you to update the wrong error path.
See inline
Jonathan
> ---
> tools/testing/cxl/test/mem.c | 59 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 59 insertions(+)
>
> diff --git a/tools/testing/cxl/test/mem.c b/tools/testing/cxl/test/mem.c
> index 90607597b9a4..aa6dda21bc5f 100644
> --- a/tools/testing/cxl/test/mem.c
> +++ b/tools/testing/cxl/test/mem.c
> @@ -362,6 +362,62 @@ static int mock_unlock_security(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd
> return 0;
> }
>
> +static int mock_passphrase_secure_erase(struct cxl_dev_state *cxlds,
> + struct cxl_mbox_cmd *cmd)
> +{
> + struct cxl_mock_mem_pdata *mdata = dev_get_platdata(cxlds->dev);
> + struct cxl_pass_erase *erase;
> +
> + if (cmd->size_in != sizeof(*erase))
> + return -EINVAL;
> +
> + if (cmd->size_out != 0)
> + return -EINVAL;
> +
> + erase = cmd->payload_in;
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_FROZEN &&
> + erase->type != CXL_PMEM_SEC_PASS_MASTER) {
> + cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> + return -ENXIO;
> + }
A stuck my comment in a rather odd location. I was commenting not
on the block above, but rather the one below.
Frozen it's fixed by providing the master pass phrase - so the
above should just check if frozen.
The original comment was about the neck block. Having failed user
passcode too many times isn't relevant if the one provided this
time is the master passcode - so add the
erase->type != CXL_PMEM_SEC_PASS_MASTER to the next if block.
> +
> + if (mdata->security_state & CXL_PMEM_SEC_STATE_USER_PLIMIT) {
> + cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
> + return -ENXIO;
> + }
> +
> + if (erase->type == CXL_PMEM_SEC_PASS_MASTER &&
> + mdata->security_state & CXL_PMEM_SEC_STATE_MASTER_PASS_SET) {
> + if (memcmp(mdata->master_pass, erase->pass, NVDIMM_PASSPHRASE_LEN)) {
> + master_plimit_check(mdata);
> + cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;
> + return -ENXIO;
> + }
> + mdata->master_limit = 0;
> + mdata->user_limit = 0;
> + mdata->security_state &= ~CXL_PMEM_SEC_STATE_USER_PASS_SET;
> + memset(mdata->user_pass, 0, NVDIMM_PASSPHRASE_LEN);
> + mdata->security_state &= ~CXL_PMEM_SEC_STATE_LOCKED;
> + return 0;
> + }
> +
> + if (erase->type == CXL_PMEM_SEC_PASS_USER &&
> + mdata->security_state & CXL_PMEM_SEC_STATE_USER_PASS_SET) {
> + if (memcmp(mdata->user_pass, erase->pass, NVDIMM_PASSPHRASE_LEN)) {
> + user_plimit_check(mdata);
> + cmd->return_code = CXL_MBOX_CMD_RC_PASSPHRASE;
> + return -ENXIO;
> + }
> +
> + mdata->user_limit = 0;
> + mdata->security_state &= ~CXL_PMEM_SEC_STATE_USER_PASS_SET;
> + memset(mdata->user_pass, 0, NVDIMM_PASSPHRASE_LEN);
> + return 0;
> + }
> +
> + return 0;
> +}
> +
> static int mock_get_lsa(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)
> {
> struct cxl_mbox_get_lsa *get_lsa = cmd->payload_in;
> @@ -470,6 +526,9 @@ static int cxl_mock_mbox_send(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *
> case CXL_MBOX_OP_UNLOCK:
> rc = mock_unlock_security(cxlds, cmd);
> break;
> + case CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE:
> + rc = mock_passphrase_secure_erase(cxlds, cmd);
> + break;
> default:
> break;
> }
>
>
next prev parent reply other threads:[~2022-11-11 10:37 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-08 17:25 [PATCH v3 00/18] Introduce security commands for CXL pmem device Dave Jiang
2022-11-08 17:25 ` [PATCH v3 01/18] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-11-08 17:25 ` [PATCH v3 02/18] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 03/18] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 04/18] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 05/18] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-11-08 17:25 ` [PATCH v3 06/18] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 07/18] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 08/18] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-11-11 10:31 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 09/18] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 10/18] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-11-08 17:26 ` [PATCH v3 11/18] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-11-11 10:33 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 12/18] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-11-11 10:37 ` Jonathan Cameron [this message]
2022-11-14 18:15 ` Dave Jiang
2022-11-08 17:26 ` [PATCH v3 13/18] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-11-11 10:39 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 14/18] cxl/pmem: add id attribute to CXL based nvdimm Dave Jiang
2022-11-11 10:39 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 15/18] tools/testing/cxl: add mechanism to lock mem device for testing Dave Jiang
2022-11-11 10:40 ` Jonathan Cameron
2022-11-08 17:26 ` [PATCH v3 16/18] cxl/pmem: add provider name to cxl pmem dimm attribute group Dave Jiang
2022-11-11 10:41 ` Jonathan Cameron
2022-11-08 17:27 ` [PATCH v3 17/18] libnvdimm: Introduce CONFIG_NVDIMM_SECURITY_TEST flag Dave Jiang
2022-11-11 10:43 ` Jonathan Cameron
2022-11-08 17:27 ` [PATCH v3 18/18] cxl: add dimm_id support for __nvdimm_create() Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221111103748.000051c5@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=alison.schofield@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox