FAILED: patch "[PATCH] libnvdimm: prevent nvdimm from requesting key when security" failed to apply to 5.3-stable tree

FAILED: patch "[PATCH] libnvdimm: prevent nvdimm from requesting key when security" failed to apply to 5.3-stable tree

[gregkh]

The patch below does not apply to the 5.3-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From 674f31a352da5e9f621f757b9a89262f486533a0 Mon Sep 17 00:00:00 2001
From: Dave Jiang <dave.jiang@intel.com>
Date: Tue, 24 Sep 2019 10:34:49 -0700
Subject: [PATCH] libnvdimm: prevent nvdimm from requesting key when security
 is disabled

Current implementation attempts to request keys from the keyring even when
security is not enabled. Change behavior so when security is disabled it
will skip key request.

Error messages seen when no keys are installed and libnvdimm is loaded:

    request-key[4598]: Cannot find command to construct key 661489677
    request-key[4606]: Cannot find command to construct key 34713726

Cc: stable@vger.kernel.org
Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Link: https://lore.kernel.org/r/156934642272.30222.5230162488753445916.stgit@djiang5-desk3.ch.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 9e45b207ff01..89b85970912d 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -177,6 +177,10 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
 			|| !nvdimm->sec.flags)
 		return -EIO;
 
+	/* No need to go further if security is disabled */
+	if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
+		return 0;
+
 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
 		dev_dbg(dev, "Security operation in progress.\n");
 		return -EBUSY;

Re: FAILED: patch "[PATCH] libnvdimm: prevent nvdimm from requesting key when security" failed to apply to 5.3-stable tree

[Sasha Levin]

On Tue, Oct 08, 2019 at 09:15:53PM +0200, gregkh@linuxfoundation.org wrote:
>
>The patch below does not apply to the 5.3-stable tree.
>If someone wants it applied there, or to any other stable or longterm
>tree, then please email the backport, including the original git commit
>id to <stable@vger.kernel.org>.
>
>thanks,
>
>greg k-h
>
>------------------ original commit in Linus's tree ------------------
>
>From 674f31a352da5e9f621f757b9a89262f486533a0 Mon Sep 17 00:00:00 2001
>From: Dave Jiang <dave.jiang@intel.com>
>Date: Tue, 24 Sep 2019 10:34:49 -0700
>Subject: [PATCH] libnvdimm: prevent nvdimm from requesting key when security
> is disabled
>
>Current implementation attempts to request keys from the keyring even when
>security is not enabled. Change behavior so when security is disabled it
>will skip key request.
>
>Error messages seen when no keys are installed and libnvdimm is loaded:
>
>    request-key[4598]: Cannot find command to construct key 661489677
>    request-key[4606]: Cannot find command to construct key 34713726
>
>Cc: stable@vger.kernel.org
>Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
>Signed-off-by: Dave Jiang <dave.jiang@intel.com>
>Link: https://lore.kernel.org/r/156934642272.30222.5230162488753445916.stgit@djiang5-desk3.ch.intel.com
>Signed-off-by: Dan Williams <dan.j.williams@intel.com>

The issue was that the way we represent security flags changed due to
d78c620a2e824 ("libnvdimm/security: Introduce a 'frozen' attribute"). I
fixed up 674f31a352da5 to address that and queued it for 5.3.

Re: FAILED: patch "[PATCH] libnvdimm: prevent nvdimm from requesting key when security" failed to apply to 5.3-stable tree

[Dan Williams]

On Wed, Oct 9, 2019 at 9:11 AM Sasha Levin <sashal@kernel.org> wrote:
>
> On Tue, Oct 08, 2019 at 09:15:53PM +0200, gregkh@linuxfoundation.org wrote:
> >
> >The patch below does not apply to the 5.3-stable tree.
> >If someone wants it applied there, or to any other stable or longterm
> >tree, then please email the backport, including the original git commit
> >id to <stable@vger.kernel.org>.
> >
> >thanks,
> >
> >greg k-h
> >
> >------------------ original commit in Linus's tree ------------------
> >
> >From 674f31a352da5e9f621f757b9a89262f486533a0 Mon Sep 17 00:00:00 2001
> >From: Dave Jiang <dave.jiang@intel.com>
> >Date: Tue, 24 Sep 2019 10:34:49 -0700
> >Subject: [PATCH] libnvdimm: prevent nvdimm from requesting key when security
> > is disabled
> >
> >Current implementation attempts to request keys from the keyring even when
> >security is not enabled. Change behavior so when security is disabled it
> >will skip key request.
> >
> >Error messages seen when no keys are installed and libnvdimm is loaded:
> >
> >    request-key[4598]: Cannot find command to construct key 661489677
> >    request-key[4606]: Cannot find command to construct key 34713726
> >
> >Cc: stable@vger.kernel.org
> >Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
> >Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> >Link: https://lore.kernel.org/r/156934642272.30222.5230162488753445916.stgit@djiang5-desk3.ch.intel.com
> >Signed-off-by: Dan Williams <dan.j.williams@intel.com>
>
> The issue was that the way we represent security flags changed due to
> d78c620a2e824 ("libnvdimm/security: Introduce a 'frozen' attribute"). I
> fixed up 674f31a352da5 to address that and queued it for 5.3.

Thanks Sasha!