xref: /linux-6.3-rc2/drivers/nvdimm/security.c

50 static struct key *nvdimm_request_key(struct nvdimm *nvdimm)  in nvdimm_request_key()  argument
55 	struct device *dev = &nvdimm->dev;  in nvdimm_request_key()
57 	sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id);  in nvdimm_request_key()
80 static const void *nvdimm_get_key_payload(struct nvdimm *nvdimm,  in nvdimm_get_key_payload()  argument
83 	*key = nvdimm_request_key(nvdimm);  in nvdimm_get_key_payload()
90 static struct key *nvdimm_lookup_user_key(struct nvdimm *nvdimm,  in nvdimm_lookup_user_key()  argument
96 	struct device *dev = &nvdimm->dev;  in nvdimm_lookup_user_key()
120 static const void *nvdimm_get_user_key_payload(struct nvdimm *nvdimm,  in nvdimm_get_user_key_payload()  argument
131 	*key = nvdimm_lookup_user_key(nvdimm, id, subclass);  in nvdimm_get_user_key_payload()
139 static int nvdimm_key_revalidate(struct nvdimm *nvdimm)  in nvdimm_key_revalidate()  argument
145 	if (!nvdimm->sec.ops->change_key)  in nvdimm_key_revalidate()
148 	data = nvdimm_get_key_payload(nvdimm, &key);  in nvdimm_key_revalidate()
154 	rc = nvdimm->sec.ops->change_key(nvdimm, data, data, NVDIMM_USER);  in nvdimm_key_revalidate()
161 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);  in nvdimm_key_revalidate()
165 static int __nvdimm_security_unlock(struct nvdimm *nvdimm)  in __nvdimm_security_unlock()  argument
167 	struct device *dev = &nvdimm->dev;  in __nvdimm_security_unlock()
176 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->unlock  in __nvdimm_security_unlock()
177 			|| !nvdimm->sec.flags)  in __nvdimm_security_unlock()
182 		nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);  in __nvdimm_security_unlock()
185 	if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))  in __nvdimm_security_unlock()
188 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {  in __nvdimm_security_unlock()
200 	if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags)) {  in __nvdimm_security_unlock()
204 		return nvdimm_key_revalidate(nvdimm);  in __nvdimm_security_unlock()
206 		data = nvdimm_get_key_payload(nvdimm, &key);  in __nvdimm_security_unlock()
208 	rc = nvdimm->sec.ops->unlock(nvdimm, data);  in __nvdimm_security_unlock()
212 		set_bit(NDD_INCOHERENT, &nvdimm->flags);  in __nvdimm_security_unlock()
215 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);  in __nvdimm_security_unlock()
221 	struct nvdimm *nvdimm = to_nvdimm(dev);  in nvdimm_security_unlock()  local
225 	rc = __nvdimm_security_unlock(nvdimm);  in nvdimm_security_unlock()
230 static int check_security_state(struct nvdimm *nvdimm)  in check_security_state()  argument
232 	struct device *dev = &nvdimm->dev;  in check_security_state()
234 	if (test_bit(NVDIMM_SECURITY_FROZEN, &nvdimm->sec.flags)) {  in check_security_state()
236 				nvdimm->sec.flags);  in check_security_state()
240 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {  in check_security_state()
248 static int security_disable(struct nvdimm *nvdimm, unsigned int keyid,  in security_disable()  argument
251 	struct device *dev = &nvdimm->dev;  in security_disable()
260 	if (!nvdimm->sec.ops || !nvdimm->sec.flags)  in security_disable()
263 	if (pass_type == NVDIMM_USER && !nvdimm->sec.ops->disable)  in security_disable()
266 	if (pass_type == NVDIMM_MASTER && !nvdimm->sec.ops->disable_master)  in security_disable()
269 	rc = check_security_state(nvdimm);  in security_disable()
273 	data = nvdimm_get_user_key_payload(nvdimm, keyid,  in security_disable()
279 		rc = nvdimm->sec.ops->disable_master(nvdimm, data);  in security_disable()
283 		rc = nvdimm->sec.ops->disable(nvdimm, data);  in security_disable()
290 		nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm, NVDIMM_MASTER);  in security_disable()
292 		nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);  in security_disable()
296 static int security_update(struct nvdimm *nvdimm, unsigned int keyid,  in security_update()  argument
300 	struct device *dev = &nvdimm->dev;  in security_update()
309 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->change_key  in security_update()
310 			|| !nvdimm->sec.flags)  in security_update()
313 	rc = check_security_state(nvdimm);  in security_update()
317 	data = nvdimm_get_user_key_payload(nvdimm, keyid,  in security_update()
322 	newdata = nvdimm_get_user_key_payload(nvdimm, new_keyid,  in security_update()
329 	rc = nvdimm->sec.ops->change_key(nvdimm, data, newdata, pass_type);  in security_update()
338 		nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm,  in security_update()
341 		nvdimm->sec.flags = nvdimm_security_flags(nvdimm,  in security_update()
346 static int security_erase(struct nvdimm *nvdimm, unsigned int keyid,  in security_erase()  argument
349 	struct device *dev = &nvdimm->dev;  in security_erase()
358 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->erase  in security_erase()
359 			|| !nvdimm->sec.flags)  in security_erase()
362 	rc = check_security_state(nvdimm);  in security_erase()
366 	if (!test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.ext_flags)  in security_erase()
373 	data = nvdimm_get_user_key_payload(nvdimm, keyid,  in security_erase()
378 	rc = nvdimm->sec.ops->erase(nvdimm, data, pass_type);  in security_erase()
380 		set_bit(NDD_INCOHERENT, &nvdimm->flags);  in security_erase()
386 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);  in security_erase()
390 static int security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)  in security_overwrite()  argument
392 	struct device *dev = &nvdimm->dev;  in security_overwrite()
401 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->overwrite  in security_overwrite()
402 			|| !nvdimm->sec.flags)  in security_overwrite()
405 	rc = check_security_state(nvdimm);  in security_overwrite()
409 	data = nvdimm_get_user_key_payload(nvdimm, keyid,  in security_overwrite()
414 	rc = nvdimm->sec.ops->overwrite(nvdimm, data);  in security_overwrite()
416 		set_bit(NDD_INCOHERENT, &nvdimm->flags);  in security_overwrite()
422 		set_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags);  in security_overwrite()
423 		set_bit(NDD_WORK_PENDING, &nvdimm->flags);  in security_overwrite()
424 		set_bit(NVDIMM_SECURITY_OVERWRITE, &nvdimm->sec.flags);  in security_overwrite()
430 		queue_delayed_work(system_wq, &nvdimm->dwork, 0);  in security_overwrite()
436 static void __nvdimm_security_overwrite_query(struct nvdimm *nvdimm)  in __nvdimm_security_overwrite_query()  argument
438 	struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(&nvdimm->dev);  in __nvdimm_security_overwrite_query()
449 	if (!test_bit(NDD_WORK_PENDING, &nvdimm->flags))  in __nvdimm_security_overwrite_query()
452 	tmo = nvdimm->sec.overwrite_tmo;  in __nvdimm_security_overwrite_query()
454 	if (!nvdimm->sec.ops || !nvdimm->sec.ops->query_overwrite  in __nvdimm_security_overwrite_query()
455 			|| !nvdimm->sec.flags)  in __nvdimm_security_overwrite_query()
458 	rc = nvdimm->sec.ops->query_overwrite(nvdimm);  in __nvdimm_security_overwrite_query()
463 		queue_delayed_work(system_wq, &nvdimm->dwork, tmo * HZ);  in __nvdimm_security_overwrite_query()
464 		nvdimm->sec.overwrite_tmo = min(15U * 60U, tmo);  in __nvdimm_security_overwrite_query()
469 		dev_dbg(&nvdimm->dev, "overwrite failed\n");  in __nvdimm_security_overwrite_query()
471 		dev_dbg(&nvdimm->dev, "overwrite completed\n");  in __nvdimm_security_overwrite_query()
478 	nvdimm->sec.overwrite_tmo = 0;  in __nvdimm_security_overwrite_query()
479 	clear_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags);  in __nvdimm_security_overwrite_query()
480 	clear_bit(NDD_WORK_PENDING, &nvdimm->flags);  in __nvdimm_security_overwrite_query()
481 	nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);  in __nvdimm_security_overwrite_query()
482 	nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm, NVDIMM_MASTER);  in __nvdimm_security_overwrite_query()
483 	if (nvdimm->sec.overwrite_state)  in __nvdimm_security_overwrite_query()
484 		sysfs_notify_dirent(nvdimm->sec.overwrite_state);  in __nvdimm_security_overwrite_query()
485 	put_device(&nvdimm->dev);  in __nvdimm_security_overwrite_query()
490 	struct nvdimm *nvdimm =  in nvdimm_security_overwrite_query()  local
491 		container_of(work, typeof(*nvdimm), dwork.work);  in nvdimm_security_overwrite_query()
493 	nvdimm_bus_lock(&nvdimm->dev);  in nvdimm_security_overwrite_query()
494 	__nvdimm_security_overwrite_query(nvdimm);  in nvdimm_security_overwrite_query()
495 	nvdimm_bus_unlock(&nvdimm->dev);  in nvdimm_security_overwrite_query()
523 	struct nvdimm *nvdimm = to_nvdimm(dev);  in nvdimm_security_store()  local
550 		rc = nvdimm_security_freeze(nvdimm);  in nvdimm_security_store()
553 		rc = security_disable(nvdimm, key, NVDIMM_USER);  in nvdimm_security_store()
556 		rc = security_disable(nvdimm, key, NVDIMM_MASTER);  in nvdimm_security_store()
559 		rc = security_update(nvdimm, key, newkey, i == OP_UPDATE  in nvdimm_security_store()
563 		if (atomic_read(&nvdimm->busy)) {  in nvdimm_security_store()
567 		rc = security_erase(nvdimm, key, i == OP_ERASE  in nvdimm_security_store()
571 		if (atomic_read(&nvdimm->busy)) {  in nvdimm_security_store()
575 		rc = security_overwrite(nvdimm, key);  in nvdimm_security_store()

Last Index update Sun Aug 20 00:18:20 CST 2023