Message ID | 166993221008.1995348.11651567302609703175.stgit@dwillia2-xfh.jf.intel.com |
---|---|
State | Accepted |
Commit | 07cb5f705b4fe9e1386a610da4cb3c063267714f |
Headers | show |
Series | cxl, nvdimm: Move CPU cache management to region drivers | expand |
On 12/1/2022 3:03 PM, Dan Williams wrote: > Preclude the possibility of user tooling sending device secrets in the > clear into the kernel by marking the security commands as exclusive. > This mandates the usage of the keyctl ABI for managing the device > passphrase. > > Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Dave Jiang <dave.jiang@intel.com> No need for get security state command? > --- > drivers/cxl/core/mbox.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c > index 8747db329087..35dd889f1d3a 100644 > --- a/drivers/cxl/core/mbox.c > +++ b/drivers/cxl/core/mbox.c > @@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds) > rc = 0; > } > > + /* > + * Setup permanently kernel exclusive commands, i.e. the > + * mechanism is driven through sysfs, keyctl, etc... > + */ > + set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE, > + cxlds->exclusive_cmds); > + > out: > kvfree(gsl); > return rc; >
Dave Jiang wrote: > > > On 12/1/2022 3:03 PM, Dan Williams wrote: > > Preclude the possibility of user tooling sending device secrets in the > > clear into the kernel by marking the security commands as exclusive. > > This mandates the usage of the keyctl ABI for managing the device > > passphrase. > > > > Signed-off-by: Dan Williams <dan.j.williams@intel.com> > > Reviewed-by: Dave Jiang <dave.jiang@intel.com> > > No need for get security state command? That one is ok since it's just a read-only command with no side-effect and no key material traversing the kernel-user boundary.
On Thu, 01 Dec 2022, Dan Williams wrote: >Preclude the possibility of user tooling sending device secrets in the >clear into the kernel by marking the security commands as exclusive. >This mandates the usage of the keyctl ABI for managing the device >passphrase. > >Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> >--- > drivers/cxl/core/mbox.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c >index 8747db329087..35dd889f1d3a 100644 >--- a/drivers/cxl/core/mbox.c >+++ b/drivers/cxl/core/mbox.c >@@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds) > rc = 0; > } > >+ /* >+ * Setup permanently kernel exclusive commands, i.e. the >+ * mechanism is driven through sysfs, keyctl, etc... >+ */ >+ set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds); >+ set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds); >+ set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds); >+ set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE, >+ cxlds->exclusive_cmds); >+ > out: > kvfree(gsl); > return rc; >
On Thu, 01 Dec 2022 14:03:30 -0800 Dan Williams <dan.j.williams@intel.com> wrote: > Preclude the possibility of user tooling sending device secrets in the > clear into the kernel by marking the security commands as exclusive. > This mandates the usage of the keyctl ABI for managing the device > passphrase. > > Signed-off-by: Dan Williams <dan.j.williams@intel.com> Seems reasonable. Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> > --- > drivers/cxl/core/mbox.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c > index 8747db329087..35dd889f1d3a 100644 > --- a/drivers/cxl/core/mbox.c > +++ b/drivers/cxl/core/mbox.c > @@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds) > rc = 0; > } > > + /* > + * Setup permanently kernel exclusive commands, i.e. the > + * mechanism is driven through sysfs, keyctl, etc... > + */ > + set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE, > + cxlds->exclusive_cmds); > + > out: > kvfree(gsl); > return rc; >
diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 8747db329087..35dd889f1d3a 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds) rc = 0; } + /* + * Setup permanently kernel exclusive commands, i.e. the + * mechanism is driven through sysfs, keyctl, etc... + */ + set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds); + set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds); + set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds); + set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE, + cxlds->exclusive_cmds); + out: kvfree(gsl); return rc;
Preclude the possibility of user tooling sending device secrets in the clear into the kernel by marking the security commands as exclusive. This mandates the usage of the keyctl ABI for managing the device passphrase. Signed-off-by: Dan Williams <dan.j.williams@intel.com> --- drivers/cxl/core/mbox.c | 10 ++++++++++ 1 file changed, 10 insertions(+)