mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-25 21:54:06 +08:00
d78c620a2e
In the process of debugging a system with an NVDIMM that was failing to unlock it was found that the kernel is reporting 'locked' while the DIMM security interface is 'frozen'. Unfortunately the security state is tracked internally as an enum which prevents it from communicating the difference between 'locked' and 'locked + frozen'. It follows that the enum also prevents the kernel from communicating 'unlocked + frozen' which would be useful for debugging why security operations like 'change passphrase' are disabled. Ditch the security state enum for a set of flags and introduce a new sysfs attribute explicitly for the 'frozen' state. The regression risk is low because the 'frozen' state was already blocked behind the 'locked' state, but will need to revisit if there were cases where applications need 'frozen' to show up in the primary 'security' attribute. The expectation is that communicating 'frozen' is mostly a helper for debug and status monitoring. Reviewed-by: Dave Jiang <dave.jiang@intel.com> Reported-by: Jeff Moyer <jmoyer@redhat.com> Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Link: https://lore.kernel.org/r/156686729474.184120.5835135644278860826.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com>
265 lines
8.3 KiB
C
265 lines
8.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright(c) 2013-2015 Intel Corporation. All rights reserved.
|
|
*/
|
|
#ifndef __ND_CORE_H__
|
|
#define __ND_CORE_H__
|
|
#include <linux/libnvdimm.h>
|
|
#include <linux/device.h>
|
|
#include <linux/sizes.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/nd.h>
|
|
#include "nd.h"
|
|
|
|
extern struct list_head nvdimm_bus_list;
|
|
extern struct mutex nvdimm_bus_list_mutex;
|
|
extern int nvdimm_major;
|
|
extern struct workqueue_struct *nvdimm_wq;
|
|
|
|
struct nvdimm_bus {
|
|
struct nvdimm_bus_descriptor *nd_desc;
|
|
wait_queue_head_t wait;
|
|
struct list_head list;
|
|
struct device dev;
|
|
int id, probe_active;
|
|
atomic_t ioctl_active;
|
|
struct list_head mapping_list;
|
|
struct mutex reconfig_mutex;
|
|
struct badrange badrange;
|
|
};
|
|
|
|
struct nvdimm {
|
|
unsigned long flags;
|
|
void *provider_data;
|
|
unsigned long cmd_mask;
|
|
struct device dev;
|
|
atomic_t busy;
|
|
int id, num_flush;
|
|
struct resource *flush_wpq;
|
|
const char *dimm_id;
|
|
struct {
|
|
const struct nvdimm_security_ops *ops;
|
|
unsigned long flags;
|
|
unsigned long ext_flags;
|
|
unsigned int overwrite_tmo;
|
|
struct kernfs_node *overwrite_state;
|
|
} sec;
|
|
struct delayed_work dwork;
|
|
};
|
|
|
|
static inline unsigned long nvdimm_security_flags(
|
|
struct nvdimm *nvdimm, enum nvdimm_passphrase_type ptype)
|
|
{
|
|
u64 flags;
|
|
const u64 state_flags = 1UL << NVDIMM_SECURITY_DISABLED
|
|
| 1UL << NVDIMM_SECURITY_LOCKED
|
|
| 1UL << NVDIMM_SECURITY_UNLOCKED
|
|
| 1UL << NVDIMM_SECURITY_OVERWRITE;
|
|
|
|
if (!nvdimm->sec.ops)
|
|
return 0;
|
|
|
|
flags = nvdimm->sec.ops->get_flags(nvdimm, ptype);
|
|
/* disabled, locked, unlocked, and overwrite are mutually exclusive */
|
|
dev_WARN_ONCE(&nvdimm->dev, hweight64(flags & state_flags) > 1,
|
|
"reported invalid security state: %#llx\n",
|
|
(unsigned long long) flags);
|
|
return flags;
|
|
}
|
|
int nvdimm_security_freeze(struct nvdimm *nvdimm);
|
|
#if IS_ENABLED(CONFIG_NVDIMM_KEYS)
|
|
int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid);
|
|
int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
|
|
unsigned int new_keyid,
|
|
enum nvdimm_passphrase_type pass_type);
|
|
int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
|
|
enum nvdimm_passphrase_type pass_type);
|
|
int nvdimm_security_overwrite(struct nvdimm *nvdimm, unsigned int keyid);
|
|
void nvdimm_security_overwrite_query(struct work_struct *work);
|
|
#else
|
|
static inline int nvdimm_security_disable(struct nvdimm *nvdimm,
|
|
unsigned int keyid)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
static inline int nvdimm_security_update(struct nvdimm *nvdimm,
|
|
unsigned int keyid,
|
|
unsigned int new_keyid,
|
|
enum nvdimm_passphrase_type pass_type)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
static inline int nvdimm_security_erase(struct nvdimm *nvdimm,
|
|
unsigned int keyid,
|
|
enum nvdimm_passphrase_type pass_type)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
static inline int nvdimm_security_overwrite(struct nvdimm *nvdimm,
|
|
unsigned int keyid)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
static inline void nvdimm_security_overwrite_query(struct work_struct *work)
|
|
{
|
|
}
|
|
#endif
|
|
|
|
/**
|
|
* struct blk_alloc_info - tracking info for BLK dpa scanning
|
|
* @nd_mapping: blk region mapping boundaries
|
|
* @available: decremented in alias_dpa_busy as aliased PMEM is scanned
|
|
* @busy: decremented in blk_dpa_busy to account for ranges already
|
|
* handled by alias_dpa_busy
|
|
* @res: alias_dpa_busy interprets this a free space range that needs to
|
|
* be truncated to the valid BLK allocation starting DPA, blk_dpa_busy
|
|
* treats it as a busy range that needs the aliased PMEM ranges
|
|
* truncated.
|
|
*/
|
|
struct blk_alloc_info {
|
|
struct nd_mapping *nd_mapping;
|
|
resource_size_t available, busy;
|
|
struct resource *res;
|
|
};
|
|
|
|
bool is_nvdimm(struct device *dev);
|
|
bool is_nd_pmem(struct device *dev);
|
|
bool is_nd_volatile(struct device *dev);
|
|
bool is_nd_blk(struct device *dev);
|
|
static inline bool is_nd_region(struct device *dev)
|
|
{
|
|
return is_nd_pmem(dev) || is_nd_blk(dev) || is_nd_volatile(dev);
|
|
}
|
|
static inline bool is_memory(struct device *dev)
|
|
{
|
|
return is_nd_pmem(dev) || is_nd_volatile(dev);
|
|
}
|
|
struct nvdimm_bus *walk_to_nvdimm_bus(struct device *nd_dev);
|
|
int __init nvdimm_bus_init(void);
|
|
void nvdimm_bus_exit(void);
|
|
void nvdimm_devs_exit(void);
|
|
void nd_region_devs_exit(void);
|
|
void nd_region_probe_success(struct nvdimm_bus *nvdimm_bus, struct device *dev);
|
|
struct nd_region;
|
|
void nd_region_create_ns_seed(struct nd_region *nd_region);
|
|
void nd_region_create_btt_seed(struct nd_region *nd_region);
|
|
void nd_region_create_pfn_seed(struct nd_region *nd_region);
|
|
void nd_region_create_dax_seed(struct nd_region *nd_region);
|
|
void nd_region_disable(struct nvdimm_bus *nvdimm_bus, struct device *dev);
|
|
int nvdimm_bus_create_ndctl(struct nvdimm_bus *nvdimm_bus);
|
|
void nvdimm_bus_destroy_ndctl(struct nvdimm_bus *nvdimm_bus);
|
|
void nd_synchronize(void);
|
|
int nvdimm_bus_register_dimms(struct nvdimm_bus *nvdimm_bus);
|
|
int nvdimm_bus_register_regions(struct nvdimm_bus *nvdimm_bus);
|
|
int nvdimm_bus_init_interleave_sets(struct nvdimm_bus *nvdimm_bus);
|
|
void __nd_device_register(struct device *dev);
|
|
int nd_match_dimm(struct device *dev, void *data);
|
|
struct nd_label_id;
|
|
char *nd_label_gen_id(struct nd_label_id *label_id, u8 *uuid, u32 flags);
|
|
bool nd_is_uuid_unique(struct device *dev, u8 *uuid);
|
|
struct nd_region;
|
|
struct nvdimm_drvdata;
|
|
struct nd_mapping;
|
|
void nd_mapping_free_labels(struct nd_mapping *nd_mapping);
|
|
|
|
int __reserve_free_pmem(struct device *dev, void *data);
|
|
void release_free_pmem(struct nvdimm_bus *nvdimm_bus,
|
|
struct nd_mapping *nd_mapping);
|
|
|
|
resource_size_t nd_pmem_max_contiguous_dpa(struct nd_region *nd_region,
|
|
struct nd_mapping *nd_mapping);
|
|
resource_size_t nd_region_allocatable_dpa(struct nd_region *nd_region);
|
|
resource_size_t nd_pmem_available_dpa(struct nd_region *nd_region,
|
|
struct nd_mapping *nd_mapping, resource_size_t *overlap);
|
|
resource_size_t nd_blk_available_dpa(struct nd_region *nd_region);
|
|
resource_size_t nd_region_available_dpa(struct nd_region *nd_region);
|
|
int nd_region_conflict(struct nd_region *nd_region, resource_size_t start,
|
|
resource_size_t size);
|
|
resource_size_t nvdimm_allocated_dpa(struct nvdimm_drvdata *ndd,
|
|
struct nd_label_id *label_id);
|
|
int alias_dpa_busy(struct device *dev, void *data);
|
|
struct resource *nsblk_add_resource(struct nd_region *nd_region,
|
|
struct nvdimm_drvdata *ndd, struct nd_namespace_blk *nsblk,
|
|
resource_size_t start);
|
|
int nvdimm_num_label_slots(struct nvdimm_drvdata *ndd);
|
|
void get_ndd(struct nvdimm_drvdata *ndd);
|
|
resource_size_t __nvdimm_namespace_capacity(struct nd_namespace_common *ndns);
|
|
void nd_detach_ndns(struct device *dev, struct nd_namespace_common **_ndns);
|
|
void __nd_detach_ndns(struct device *dev, struct nd_namespace_common **_ndns);
|
|
bool nd_attach_ndns(struct device *dev, struct nd_namespace_common *attach,
|
|
struct nd_namespace_common **_ndns);
|
|
bool __nd_attach_ndns(struct device *dev, struct nd_namespace_common *attach,
|
|
struct nd_namespace_common **_ndns);
|
|
ssize_t nd_namespace_store(struct device *dev,
|
|
struct nd_namespace_common **_ndns, const char *buf,
|
|
size_t len);
|
|
struct nd_pfn *to_nd_pfn_safe(struct device *dev);
|
|
bool is_nvdimm_bus(struct device *dev);
|
|
|
|
#ifdef CONFIG_PROVE_LOCKING
|
|
extern struct class *nd_class;
|
|
|
|
enum {
|
|
LOCK_BUS,
|
|
LOCK_NDCTL,
|
|
LOCK_REGION,
|
|
LOCK_DIMM = LOCK_REGION,
|
|
LOCK_NAMESPACE,
|
|
LOCK_CLAIM,
|
|
};
|
|
|
|
static inline void debug_nvdimm_lock(struct device *dev)
|
|
{
|
|
if (is_nd_region(dev))
|
|
mutex_lock_nested(&dev->lockdep_mutex, LOCK_REGION);
|
|
else if (is_nvdimm(dev))
|
|
mutex_lock_nested(&dev->lockdep_mutex, LOCK_DIMM);
|
|
else if (is_nd_btt(dev) || is_nd_pfn(dev) || is_nd_dax(dev))
|
|
mutex_lock_nested(&dev->lockdep_mutex, LOCK_CLAIM);
|
|
else if (dev->parent && (is_nd_region(dev->parent)))
|
|
mutex_lock_nested(&dev->lockdep_mutex, LOCK_NAMESPACE);
|
|
else if (is_nvdimm_bus(dev))
|
|
mutex_lock_nested(&dev->lockdep_mutex, LOCK_BUS);
|
|
else if (dev->class && dev->class == nd_class)
|
|
mutex_lock_nested(&dev->lockdep_mutex, LOCK_NDCTL);
|
|
else
|
|
dev_WARN(dev, "unknown lock level\n");
|
|
}
|
|
|
|
static inline void debug_nvdimm_unlock(struct device *dev)
|
|
{
|
|
mutex_unlock(&dev->lockdep_mutex);
|
|
}
|
|
|
|
static inline void nd_device_lock(struct device *dev)
|
|
{
|
|
device_lock(dev);
|
|
debug_nvdimm_lock(dev);
|
|
}
|
|
|
|
static inline void nd_device_unlock(struct device *dev)
|
|
{
|
|
debug_nvdimm_unlock(dev);
|
|
device_unlock(dev);
|
|
}
|
|
#else
|
|
static inline void nd_device_lock(struct device *dev)
|
|
{
|
|
device_lock(dev);
|
|
}
|
|
|
|
static inline void nd_device_unlock(struct device *dev)
|
|
{
|
|
device_unlock(dev);
|
|
}
|
|
|
|
static inline void debug_nvdimm_lock(struct device *dev)
|
|
{
|
|
}
|
|
|
|
static inline void debug_nvdimm_unlock(struct device *dev)
|
|
{
|
|
}
|
|
#endif
|
|
#endif /* __ND_CORE_H__ */
|