[PATCH 3/3] nvme: Check if drive is locked using ATA Security

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jethro Beekman <kernel@jbeekman.nl>
To: keith.busch@intel.com, axboe@fb.com,
	linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org
Cc: Jethro Beekman <kernel@jbeekman.nl>
Subject: [PATCH 3/3] nvme: Check if drive is locked using ATA Security
Date: Sun, 19 Jun 2016 16:06:34 -0700	[thread overview]
Message-ID: <20160619230634.17229-4-kernel@jbeekman.nl> (raw)
In-Reply-To: <20160619230634.17229-1-kernel@jbeekman.nl>

Signed-off-by: Jethro Beekman <kernel@jbeekman.nl>
---
 drivers/nvme/host/core.c | 49 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index da027ed..0164122 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1389,10 +1389,57 @@ int nvme_security_recv(struct nvme_ctrl *dev, u8 protocol, void *buf,
 	return nvme_submit_sync_cmd(dev->admin_q, &c, buf, len);
 }
 
+#define OACS_SECURITY (1<<0)
+#define SCSI_SECURITY_PROTOCOL_ATA_SECURITY 0xef
+#define ATA_SECURITY_LOCKED 0x4
+
 static bool nvme_security_is_locked(struct nvme_ctrl *ctrl,
 		struct nvme_id_ctrl *id)
 {
-	return false;
+	int err;
+	unsigned int i;
+	bool found;
+	u8 protocols[256+8]; /* 8 byte hdr + max number of possible protocols */
+	u8 ata_security[16];
+	u16 n;
+
+	/* security commands supported? */
+	if (!(le16_to_cpu(id->oacs) & OACS_SECURITY))
+		return false;
+
+	/* list security protocols */
+	err = nvme_security_recv(ctrl, 0, protocols, sizeof(protocols));
+	if (err) {
+		dev_warn(ctrl->device, "nvme_security_recv returned error %xh\n",
+					err);
+		return false;
+	}
+
+	/* find ata security protocol */
+	n = be16_to_cpup((__be16 *)(protocols+6));
+	if (n >= 256) {
+		dev_warn(ctrl->device, "security info protocol returned more than 256 protocols\n");
+		return false;
+	}
+	found = false;
+	for (i = 0; i <= n; i++) {
+		if (protocols[8+i] == SCSI_SECURITY_PROTOCOL_ATA_SECURITY) {
+			found = true;
+			break;
+		}
+	}
+	if (!found)
+		return false;
+
+	/* do ata security identify */
+	err = nvme_security_recv(ctrl, SCSI_SECURITY_PROTOCOL_ATA_SECURITY,
+			ata_security, sizeof(ata_security))
+	if (err) {
+		dev_warn(ctrl->device, "nvme_security_recv returned error %xh\n",
+					err);
+		return false;
+	}
+	return ata_security[1] == 0xe && (ata_security[9]&ATA_SECURITY_LOCKED);
 }
 
 void nvme_scan_namespaces(struct nvme_ctrl *ctrl)
-- 
2.9.0

next prev parent reply	other threads:[~2016-06-19 23:17 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-19 23:06 [PATCH 0/3] nvme: Don't add namespaces for locked drives Jethro Beekman
2016-06-19 23:06 ` [PATCH 1/3] nvme: When scanning namespaces, make sure the drive is not locked Jethro Beekman
2016-06-24  8:12   ` Christoph Hellwig
2016-06-19 23:06 ` [PATCH 2/3] nvme: Add function for NVMe security receive command Jethro Beekman
2016-06-19 23:06 ` Jethro Beekman [this message]
2016-06-24  8:09   ` [PATCH 3/3] nvme: Check if drive is locked using ATA Security Christoph Hellwig
2016-06-20  6:46 ` [PATCH 0/3] nvme: Don't add namespaces for locked drives Sagi Grimberg
2016-06-24  8:09   ` Christoph Hellwig
2016-06-20 15:26 ` Keith Busch
2016-06-20 18:21   ` Jethro Beekman
2016-06-20 22:54     ` Keith Busch
2016-06-21  3:50       ` Jethro Beekman
2016-06-24  7:43         ` Christoph Hellwig
2016-06-24  8:11   ` Christoph Hellwig
2016-06-24  7:37 ` Christoph Hellwig
2016-06-24  7:45   ` Jethro Beekman
2016-06-24  8:00     ` Christoph Hellwig

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:da027ed dfblob:0164122 )
 OR (
bs:"[PATCH 3/3] nvme: Check if drive is locked using ATA Security" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160619230634.17229-4-kernel@jbeekman.nl \
    --to=kernel@jbeekman.nl \
    --cc=axboe@fb.com \
    --cc=keith.busch@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox