50 static struct key *nvdimm_request_key(struct nvdimm *nvdimm)
53 	static const char NVDIMM_PREFIX[] = "nvdimm:";
55 	struct device *dev = &nvdimm->dev;
57 	sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id);
80 static const void *nvdimm_get_key_payload(struct nvdimm *nvdimm,
83 	*key = nvdimm_request_key(nvdimm);
90 static struct key *nvdimm_lookup_user_key(struct nvdimm *nvdimm,
96 	struct device *dev = &nvdimm->dev;
120 static const void *nvdimm_get_user_key_payload(struct nvdimm *nvdimm,
131 	*key = nvdimm_lookup_user_key(nvdimm, id, subclass);
139 static int nvdimm_key_revalidate(struct nvdimm *nvdimm)
145 	if (!nvdimm->sec.ops->change_key)
148 	data = nvdimm_get_key_payload(nvdimm, &key);
154 	rc = nvdimm->sec.ops->change_key(nvdimm, data, data, NVDIMM_USER);
161 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
165 static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
167 	struct device *dev = &nvdimm->dev;
176 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->unlock
177 			|| !nvdimm->sec.flags)
182 		nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
185 	if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
188 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
200 	if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags)) {
204 		return nvdimm_key_revalidate(nvdimm);
206 		data = nvdimm_get_key_payload(nvdimm, &key);
208 	rc = nvdimm->sec.ops->unlock(nvdimm, data);
212 		set_bit(NDD_INCOHERENT, &nvdimm->flags);
215 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
221 	struct nvdimm *nvdimm = to_nvdimm(dev);
225 	rc = __nvdimm_security_unlock(nvdimm);
230 static int check_security_state(struct nvdimm *nvdimm)
232 	struct device *dev = &nvdimm->dev;
234 	if (test_bit(NVDIMM_SECURITY_FROZEN, &nvdimm->sec.flags)) {
236 				nvdimm->sec.flags);
240 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
248 static int security_disable(struct nvdimm *nvdimm, unsigned int keyid,
251 	struct device *dev = &nvdimm->dev;
260 	if (!nvdimm->sec.ops || !nvdimm->sec.flags)
263 	if (pass_type == NVDIMM_USER && !nvdimm->sec.ops->disable)
266 	if (pass_type == NVDIMM_MASTER && !nvdimm->sec.ops->disable_master)
269 	rc = check_security_state(nvdimm);
273 	data = nvdimm_get_user_key_payload(nvdimm, keyid,
279 		rc = nvdimm->sec.ops->disable_master(nvdimm, data);
283 		rc = nvdimm->sec.ops->disable(nvdimm, data);
290 		nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm, NVDIMM_MASTER);
292 		nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
296 static int security_update(struct nvdimm *nvdimm, unsigned int keyid,
300 	struct device *dev = &nvdimm->dev;
309 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->change_key
310 			|| !nvdimm->sec.flags)
313 	rc = check_security_state(nvdimm);
317 	data = nvdimm_get_user_key_payload(nvdimm, keyid,
322 	newdata = nvdimm_get_user_key_payload(nvdimm, new_keyid,
329 	rc = nvdimm->sec.ops->change_key(nvdimm, data, newdata, pass_type);
338 		nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm,
341 		nvdimm->sec.flags = nvdimm_security_flags(nvdimm,
346 static int security_erase(struct nvdimm *nvdimm, unsigned int keyid,
349 	struct device *dev = &nvdimm->dev;
358 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->erase
359 			|| !nvdimm->sec.flags)
362 	rc = check_security_state(nvdimm);
366 	if (!test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.ext_flags)
373 	data = nvdimm_get_user_key_payload(nvdimm, keyid,
378 	rc = nvdimm->sec.ops->erase(nvdimm, data, pass_type);
380 		set_bit(NDD_INCOHERENT, &nvdimm->flags);
386 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
390 static int security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)
392 	struct device *dev = &nvdimm->dev;
401 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->overwrite
402 			|| !nvdimm->sec.flags)
405 	rc = check_security_state(nvdimm);
409 	data = nvdimm_get_user_key_payload(nvdimm, keyid,
414 	rc = nvdimm->sec.ops->overwrite(nvdimm, data);
416 		set_bit(NDD_INCOHERENT, &nvdimm->flags);
422 		set_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags);
423 		set_bit(NDD_WORK_PENDING, &nvdimm->flags);
424 		set_bit(NVDIMM_SECURITY_OVERWRITE, &nvdimm->sec.flags);
430 		queue_delayed_work(system_wq, &nvdimm->dwork, 0);
436 static void __nvdimm_security_overwrite_query(struct nvdimm *nvdimm)
438 	struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(&nvdimm->dev);
449 	if (!test_bit(NDD_WORK_PENDING, &nvdimm->flags))
452 	tmo = nvdimm->sec.overwrite_tmo;
454 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->query_overwrite
455 			|| !nvdimm->sec.flags)
458 	rc = nvdimm->sec.ops->query_overwrite(nvdimm);
463 		queue_delayed_work(system_wq, &nvdimm->dwork, tmo * HZ);
464 		nvdimm->sec.overwrite_tmo = min(15U * 60U, tmo);
469 		dev_dbg(&nvdimm->dev, "overwrite failed\n");
471 		dev_dbg(&nvdimm->dev, "overwrite completed\n");
478 	nvdimm->sec.overwrite_tmo = 0;
479 	clear_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags);
480 	clear_bit(NDD_WORK_PENDING, &nvdimm->flags);
481 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
482 	nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm, NVDIMM_MASTER);
483 	if (nvdimm->sec.overwrite_state)
484 		sysfs_notify_dirent(nvdimm->sec.overwrite_state);
485 	put_device(&nvdimm->dev);
490 	struct nvdimm *nvdimm =
491 		container_of(work, typeof(*nvdimm), dwork.work);
493 	nvdimm_bus_lock(&nvdimm->dev);
494 	__nvdimm_security_overwrite_query(nvdimm);
495 	nvdimm_bus_unlock(&nvdimm->dev);
523 	struct nvdimm *nvdimm = to_nvdimm(dev);
550 		rc = nvdimm_security_freeze(nvdimm);
553 		rc = security_disable(nvdimm, key, NVDIMM_USER);
556 		rc = security_disable(nvdimm, key, NVDIMM_MASTER);
559 		rc = security_update(nvdimm, key, newkey, i == OP_UPDATE
563 		if (atomic_read(&nvdimm->busy)) {
567 		rc = security_erase(nvdimm, key, i == OP_ERASE
571 		if (atomic_read(&nvdimm->busy)) {
575 		rc = security_overwrite(nvdimm, key);

Indexes created Mon May 20 13:24:45 MDT 2024