From patchwork Fri Oct 12 18:23:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 10639087 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BB7BC17E3 for ; Fri, 12 Oct 2018 18:23:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD2502C3F4 for ; Fri, 12 Oct 2018 18:23:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A0E542C412; Fri, 12 Oct 2018 18:23:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5319F2C3F4 for ; Fri, 12 Oct 2018 18:23:55 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id F21802116DF83; Fri, 12 Oct 2018 11:23:54 -0700 (PDT) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id F06762116DA35 for ; Fri, 12 Oct 2018 11:23:53 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Oct 2018 11:23:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,373,1534834800"; d="scan'208";a="78347751" Received: from djiang5-desk3.ch.intel.com ([143.182.136.93]) by fmsmga008.fm.intel.com with ESMTP; 12 Oct 2018 11:23:53 -0700 Subject: [PATCH 1/5] libnvdimm: fix updating of kernel key during nvdimm key update From: Dave Jiang To: dan.j.williams@intel.com Date: Fri, 12 Oct 2018 11:23:53 -0700 Message-ID: <153936863308.55836.2972520178944977338.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-nvdimm@lists.01.org Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP There are several issues WRT kernel key update when we are doing nvdimm security key update. 1. The kernel key created needs to have proper permission for update 2. We need to check key_update() return value and make sure it didn't fail 3. We need to not hold the key->sem when calling key_update() since it will call down_write() when doing modification to the key. Signed-off-by: Dave Jiang --- drivers/nvdimm/security.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index 776c440a02ef..ef83bdf47c31 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -27,7 +27,7 @@ static struct key *make_kernel_key(struct key *key) new_key = key_alloc(&key_type_logon, key->description, GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), - KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL); + KEY_POS_ALL, KEY_ALLOC_NOT_IN_QUOTA, NULL); if (IS_ERR(new_key)) return NULL; @@ -419,11 +419,19 @@ int nvdimm_security_change_key(struct nvdimm *nvdimm, dev_warn(dev, "key update failed: %d\n", rc); if (old_key) { + up_read(&old_key->sem); /* copy new payload to old payload */ - if (rc == 0) - key_update(make_key_ref(old_key, 1), new_data, + if (rc == 0) { + rc = key_update(make_key_ref(old_key, 1), new_data, old_key->datalen); - up_read(&old_key->sem); + if (rc < 0) { + dev_warn(dev, + "kernel key update failed: %d\n", rc); + key_invalidate(old_key); + key_put(old_key); + nvdimm->key = NULL; + } + } } up_read(&key->sem);