lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <a8b31c36-f35c-5f4d-1ba3-6f5f81897086@micron.com>
Date:	Mon, 22 Feb 2016 20:59:36 -0800
From:	Asai Thambi SP <asamymuthupa@...ron.com>
To:	Jens Axboe <axboe@...nel.dk>
CC:	<linux-kernel@...r.kernel.org>,
	Sam Bradshaw <sbradshaw@...ron.com>,
	Selvan Mani <smani@...ron.com>,
	Rajesh Kumar Sambandam <rsambandam@...ron.com>,
	Vignesh Gunasekaran <vgunasekaran@...ron.com>
Subject: [PATCH 01/10] mtip32xx: Abort secure erase when drive is mounted


To avoid erasing a device with a mounted filesystem, try to get exclusive
access to the blkdev object corresponding to the device.

Signed-off-by: Selvan Mani <smani@...ron.com>
Signed-off-by: Rajesh Kumar Sambandam <rsambandam@...ron.com>
Signed-off-by: Asai Thambi S P <asamymuthupa@...ron.com>
---
 drivers/block/mtip32xx/mtip32xx.c |  113 ++++++++++++++++++++++++++++++-------
 drivers/block/mtip32xx/mtip32xx.h |    2 +
 2 files changed, 94 insertions(+), 21 deletions(-)

diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
index 9b180db..37690ab 100644
--- a/drivers/block/mtip32xx/mtip32xx.c
+++ b/drivers/block/mtip32xx/mtip32xx.c
@@ -982,6 +982,28 @@ static void mtip_issue_non_ncq_command(struct mtip_port *port, int tag)
         port->cmd_issue[MTIP_TAG_INDEX(tag)]);
 }
 
+static inline int mtip_bdev_claim(struct driver_data *dd)
+{
+    if (dd->bdev_claimed == false) {
+        igrab(dd->bdev->bd_inode);
+        if (blkdev_get(dd->bdev, FMODE_EXCL, dd->bdev) < 0) {
+            dev_warn(&dd->pdev->dev, "Drive erase aborted due to non-zero refcount (%d)\n",
+                dd->bdev->bd_holders);
+            return -ERESTARTSYS;
+        }
+        dd->bdev_claimed = true;
+    }
+    return 0;
+}
+
+static inline void mtip_bdev_unclaim(struct driver_data *dd)
+{
+    if (dd->bdev_claimed) {
+        blkdev_put(dd->bdev, FMODE_EXCL);
+        dd->bdev_claimed = false;
+    }
+}
+
 static bool mtip_pause_ncq(struct mtip_port *port,
                 struct host_to_dev_fis *fis)
 {
@@ -991,10 +1013,21 @@ static bool mtip_pause_ncq(struct mtip_port *port,
     reply = port->rxfis + RX_FIS_D2H_REG;
     task_file_data = readl(port->mmio+PORT_TFDATA);
 
-    if ((task_file_data & 1))
+    if ((task_file_data & 1)) {
+        if ((fis->command == ATA_CMD_SEC_SET_PASS) ||
+            (fis->command == ATA_CMD_SEC_ERASE_PREP) ||
+            (fis->command == ATA_CMD_SEC_ERASE_UNIT) ||
+            ((fis->command == 0xFC) &&
+                (fis->features == 0x27 || fis->features == 0x72 ||
+                 fis->features == 0x62 || fis->features == 0x26 ||
+                 fis->features == 0x12)))
+            mtip_bdev_unclaim(port->dd);
         return false;
+    }
 
-    if (fis->command == ATA_CMD_SEC_ERASE_PREP) {
+    if (fis->command == ATA_CMD_SEC_SET_PASS) {
+        mtip_bdev_unclaim(port->dd);
+    } else if (fis->command == ATA_CMD_SEC_ERASE_PREP) {
         port->ic_pause_timer = jiffies;
         return true;
     } else if ((fis->command == ATA_CMD_DOWNLOAD_MICRO) &&
@@ -1005,8 +1038,10 @@ static bool mtip_pause_ncq(struct mtip_port *port,
     } else if ((fis->command == ATA_CMD_SEC_ERASE_UNIT) ||
         ((fis->command == 0xFC) &&
             (fis->features == 0x27 || fis->features == 0x72 ||
-             fis->features == 0x62 || fis->features == 0x26))) {
+             fis->features == 0x62 || fis->features == 0x26 ||
+             fis->features == 0x12))) {
         clear_bit(MTIP_DDF_SEC_LOCK_BIT, &port->dd->dd_flag);
+        mtip_bdev_unclaim(port->dd);
         /* Com reset after secure erase or lowlevel format */
         mtip_restart_port(port);
         clear_bit(MTIP_PF_SE_ACTIVE_BIT, &port->flags);
@@ -1110,8 +1145,23 @@ static int mtip_exec_internal_command(struct mtip_port *port,
 
     set_bit(MTIP_PF_IC_ACTIVE_BIT, &port->flags);
 
+    /* Check for secure erase while fs mounted */
+    if ((fis->command == ATA_CMD_SEC_SET_PASS) ||
+        (fis->command == ATA_CMD_SEC_ERASE_PREP) ||
+        (fis->command == ATA_CMD_SEC_ERASE_UNIT) ||
+        ((fis->command == 0xFC) &&
+            (fis->features == 0x27 || fis->features == 0x72 ||
+             fis->features == 0x62 || fis->features == 0x26 ||
+             fis->features == 0x12))) {
+        rv = mtip_bdev_claim(dd);
+        if (rv)
+            goto exec_ic_exit;
+    }
+
     if (fis->command == ATA_CMD_SEC_ERASE_PREP)
         set_bit(MTIP_PF_SE_ACTIVE_BIT, &port->flags);
+    else if (fis->command == ATA_CMD_SEC_ERASE_UNIT)
+        dd->port->ic_pause_timer = 0;
 
     clear_bit(MTIP_PF_DM_ACTIVE_BIT, &port->flags);
 
@@ -1122,6 +1172,8 @@ static int mtip_exec_internal_command(struct mtip_port *port,
                     MTIP_QUIESCE_IO_TIMEOUT_MS) < 0) {
                 dev_warn(&dd->pdev->dev,
                     "Failed to quiesce IO\n");
+
+                mtip_bdev_unclaim(dd);
                 mtip_put_int_command(dd, int_cmd);
                 clear_bit(MTIP_PF_IC_ACTIVE_BIT, &port->flags);
                 wake_up_interruptible(&port->svc_wait);
@@ -1197,6 +1249,8 @@ static int mtip_exec_internal_command(struct mtip_port *port,
             mtip_device_reset(dd); /* recover from timeout issue */
             rv = -EAGAIN;
             goto exec_ic_exit;
+        } else {
+            rv = 0;
         }
     } else {
         u32 hba_stat, port_stat;
@@ -1247,6 +1301,10 @@ static int mtip_exec_internal_command(struct mtip_port *port,
         }
     }
 exec_ic_exit:
+    if (rv < 0) {
+        clear_bit(MTIP_PF_SE_ACTIVE_BIT, &port->flags);
+        mtip_bdev_unclaim(dd);
+    }
     /* Clear the allocated and active bits for the internal command. */
     mtip_put_int_command(dd, int_cmd);
     clear_bit(MTIP_PF_IC_ACTIVE_BIT, &port->flags);
@@ -1783,6 +1841,7 @@ static int exec_drive_task(struct mtip_port *port, u8 *command)
     struct host_to_dev_fis    fis;
     struct host_to_dev_fis *reply = (port->rxfis + RX_FIS_D2H_REG);
     unsigned int to;
+    int rv;
 
     /* Build the FIS. */
     memset(&fis, 0, sizeof(struct host_to_dev_fis));
@@ -1809,14 +1868,17 @@ static int exec_drive_task(struct mtip_port *port, u8 *command)
         command[6]);
 
     /* Execute the command. */
-    if (mtip_exec_internal_command(port,
+    rv = mtip_exec_internal_command(port,
                  &fis,
                  5,
                  0,
                  0,
                  0,
                  GFP_KERNEL,
-                 to) < 0) {
+                 to);
+    if (rv < 0) {
+        if (rv == -ERESTARTSYS)
+            return rv;
         return -1;
     }
 
@@ -1905,16 +1967,17 @@ static int exec_drive_command(struct mtip_port *port, u8 *command,
         command[3]);
 
     /* Execute the command. */
-    if (mtip_exec_internal_command(port,
+    rv = mtip_exec_internal_command(port,
                 &fis,
                  5,
                  (xfer_sz ? dma_addr : 0),
                  (xfer_sz ? ATA_SECT_SIZE * xfer_sz : 0),
                  0,
                  GFP_KERNEL,
-                 to)
-                 < 0) {
-        rv = -EFAULT;
+                 to);
+    if (rv < 0) {
+        if (rv != -ERESTARTSYS)
+            rv = -EFAULT;
         goto exit_drive_command;
     }
 
@@ -2152,15 +2215,17 @@ static int exec_drive_taskfile(struct driver_data *dd,
         transfer_size = ATA_SECT_SIZE * fis.sect_count;
 
     /* Execute the command.*/
-    if (mtip_exec_internal_command(dd->port,
+    err = mtip_exec_internal_command(dd->port,
                  &fis,
                  5,
                  dma_buffer,
                  transfer_size,
                  0,
                  GFP_KERNEL,
-                 timeout) < 0) {
-        err = -EIO;
+                 timeout);
+    if (err < 0) {
+        if (err != -ERESTARTSYS)
+            err = -EIO;
         goto abort;
     }
 
@@ -2258,6 +2323,8 @@ abort:
 static int mtip_hw_ioctl(struct driver_data *dd, unsigned int cmd,
              unsigned long arg)
 {
+    int ret = 0;
+
     switch (cmd) {
     case HDIO_GET_IDENTITY:
     {
@@ -2277,10 +2344,11 @@ static int mtip_hw_ioctl(struct driver_data *dd, unsigned int cmd,
             return -EFAULT;
 
         /* Execute the drive command. */
-        if (exec_drive_command(dd->port,
+        ret = exec_drive_command(dd->port,
                      drive_command,
-                     (void __user *) (arg+4)))
-            return -EIO;
+                     (void __user *) (arg+4));
+        if (ret < 0)
+            return ret;
 
         /* Copy the status back to the users buffer. */
         if (copy_to_user((void __user *) arg,
@@ -2301,8 +2369,9 @@ static int mtip_hw_ioctl(struct driver_data *dd, unsigned int cmd,
             return -EFAULT;
 
         /* Execute the drive command. */
-        if (exec_drive_task(dd->port, drive_command))
-            return -EIO;
+        ret = exec_drive_task(dd->port, drive_command);
+        if (ret < 0)
+            return ret;
 
         /* Copy the status back to the users buffer. */
         if (copy_to_user((void __user *) arg,
@@ -2314,7 +2383,7 @@ static int mtip_hw_ioctl(struct driver_data *dd, unsigned int cmd,
     }
     case HDIO_DRIVE_TASKFILE: {
         ide_task_request_t req_task;
-        int ret, outtotal;
+        int outtotal;
 
         if (copy_from_user(&req_task, (void __user *) arg,
                     sizeof(req_task)))
@@ -2329,13 +2398,13 @@ static int mtip_hw_ioctl(struct driver_data *dd, unsigned int cmd,
                             sizeof(req_task)))
             return -EFAULT;
 
-        return ret;
+        break;
     }
 
     default:
         return -EINVAL;
     }
-    return 0;
+    return ret;
 }
 
 /*
@@ -3620,7 +3689,7 @@ static inline bool is_se_active(struct driver_data *dd)
             if (time_after(jiffies, to)) {
                 clear_bit(MTIP_PF_SE_ACTIVE_BIT,
                             &dd->port->flags);
-                clear_bit(MTIP_DDF_SEC_LOCK_BIT, &dd->dd_flag);
+                mtip_bdev_unclaim(dd);
                 dd->port->ic_pause_timer = 0;
                 wake_up_interruptible(&dd->port->svc_wait);
                 return false;
@@ -3934,6 +4003,7 @@ skip_create_disk:
     add_disk(dd->disk);
 
     dd->bdev = bdget_disk(dd->disk, 0);
+    dd->bdev_claimed = false;
     /*
      * Now that the disk is active, initialize any sysfs attributes
      * managed by the protocol layer.
@@ -4008,6 +4078,7 @@ static int mtip_block_remove(struct driver_data *dd)
 {
     struct kobject *kobj;
 
+    mtip_bdev_unclaim(dd);
     mtip_hw_debugfs_exit(dd);
 
     if (dd->mtip_svc_handler) {
diff --git a/drivers/block/mtip32xx/mtip32xx.h b/drivers/block/mtip32xx/mtip32xx.h
index 3274784..29357fd 100644
--- a/drivers/block/mtip32xx/mtip32xx.h
+++ b/drivers/block/mtip32xx/mtip32xx.h
@@ -491,6 +491,8 @@ struct driver_data {
 
     int isr_binding;
 
+    bool bdev_claimed; /* set when bdev is claimed exclusively */
+
     struct block_device *bdev;
 
     struct list_head online_list; /* linkage for online list */
-- 
1.7.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ