lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <768561a2-a143-97da-8454-3c3064f7d11f@intel.com>
Date:   Mon, 21 Jan 2019 11:02:44 -0700
From:   Dave Jiang <dave.jiang@...el.com>
To:     Dan Williams <dan.j.williams@...el.com>, linux-nvdimm@...ts.01.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] libnvdimm/security: Require
 nvdimm_security_setup_events() to succeed


On 1/19/2019 10:58 AM, Dan Williams wrote:
> The following warning:
>
>      ACPI0012:00: security event setup failed: -19
>
> ...is meant to capture exceptional failures of sysfs_get_dirent(),
> however it will also fail in the common case when security support is
> disabled. A few issues:
>
> 1/ A dev_warn() report for a common case is too chatty
> 2/ The setup of this notifier is generic, no need for it to be driven
>     from the nfit driver, it can exist completely in the core.
> 3/ If it fails for any reason besides security support being disabled,
>     that's fatal and should abort DIMM activation. Userspace may hang if
>     it never gets overwrite notifications.
> 4/ The dirent needs to be released.
>
> Move the call to the core 'dimm' driver, make it conditional on security
> support being active, make it fatal for the exceptional case, add the
> missing sysfs_put() at device disable time.
>
> Cc: Dave Jiang <dave.jiang@...el.com>
> Signed-off-by: Dan Williams <dan.j.williams@...el.com>

Reviewed-by: Dave Jiang <dave.jiang@...el.com>


> ---
>   drivers/acpi/nfit/core.c   |    5 -----
>   drivers/nvdimm/dimm.c      |    6 ++++++
>   drivers/nvdimm/dimm_devs.c |   22 +++++++++++++++++-----
>   drivers/nvdimm/nd.h        |    1 +
>   include/linux/libnvdimm.h  |    1 -
>   5 files changed, 24 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index 9c95b82e5e5d..c38c914d8a58 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -2073,11 +2073,6 @@ static int acpi_nfit_register_dimms(struct acpi_nfit_desc *acpi_desc)
>   		if (!nvdimm)
>   			continue;
>   
> -		rc = nvdimm_security_setup_events(nvdimm);
> -		if (rc < 0)
> -			dev_warn(acpi_desc->dev,
> -				"security event setup failed: %d\n", rc);
> -
>   		nfit_kernfs = sysfs_get_dirent(nvdimm_kobj(nvdimm)->sd, "nfit");
>   		if (nfit_kernfs)
>   			nfit_mem->flags_attr = sysfs_get_dirent(nfit_kernfs,
> diff --git a/drivers/nvdimm/dimm.c b/drivers/nvdimm/dimm.c
> index 0cf58cabc9ed..3cf50274fadb 100644
> --- a/drivers/nvdimm/dimm.c
> +++ b/drivers/nvdimm/dimm.c
> @@ -26,6 +26,12 @@ static int nvdimm_probe(struct device *dev)
>   	struct nvdimm_drvdata *ndd;
>   	int rc;
>   
> +	rc = nvdimm_security_setup_events(dev);
> +	if (rc < 0) {
> +		dev_err(dev, "security event setup failed: %d\n", rc);
> +		return rc;
> +	}
> +
>   	rc = nvdimm_check_config_data(dev);
>   	if (rc) {
>   		/* not required for non-aliased nvdimm, ex. NVDIMM-N */
> diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
> index 4890310df874..efe412a6b5b9 100644
> --- a/drivers/nvdimm/dimm_devs.c
> +++ b/drivers/nvdimm/dimm_devs.c
> @@ -578,13 +578,25 @@ struct nvdimm *__nvdimm_create(struct nvdimm_bus *nvdimm_bus,
>   }
>   EXPORT_SYMBOL_GPL(__nvdimm_create);
>   
> -int nvdimm_security_setup_events(struct nvdimm *nvdimm)
> +static void shutdown_security_notify(void *data)
>   {
> -	nvdimm->sec.overwrite_state = sysfs_get_dirent(nvdimm->dev.kobj.sd,
> -			"security");
> +	struct nvdimm *nvdimm = data;
> +
> +	sysfs_put(nvdimm->sec.overwrite_state);
> +}
> +
> +int nvdimm_security_setup_events(struct device *dev)
> +{
> +	struct nvdimm *nvdimm = to_nvdimm(dev);
> +
> +	if (nvdimm->sec.state < 0 || !nvdimm->sec.ops
> +			|| !nvdimm->sec.ops->overwrite)
> +		return 0;
> +	nvdimm->sec.overwrite_state = sysfs_get_dirent(dev->kobj.sd, "security");
>   	if (!nvdimm->sec.overwrite_state)
> -		return -ENODEV;
> -	return 0;
> +		return -ENOMEM;
> +
> +	return devm_add_action_or_reset(dev, shutdown_security_notify, nvdimm);
>   }
>   EXPORT_SYMBOL_GPL(nvdimm_security_setup_events);
>   
> diff --git a/drivers/nvdimm/nd.h b/drivers/nvdimm/nd.h
> index cfde992684e7..379bf4305e61 100644
> --- a/drivers/nvdimm/nd.h
> +++ b/drivers/nvdimm/nd.h
> @@ -250,6 +250,7 @@ long nvdimm_clear_poison(struct device *dev, phys_addr_t phys,
>   void nvdimm_set_aliasing(struct device *dev);
>   void nvdimm_set_locked(struct device *dev);
>   void nvdimm_clear_locked(struct device *dev);
> +int nvdimm_security_setup_events(struct device *dev);
>   #if IS_ENABLED(CONFIG_NVDIMM_KEYS)
>   int nvdimm_security_unlock(struct device *dev);
>   #else
> diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h
> index 7315977b64da..ad609617aeb8 100644
> --- a/include/linux/libnvdimm.h
> +++ b/include/linux/libnvdimm.h
> @@ -235,7 +235,6 @@ static inline struct nvdimm *nvdimm_create(struct nvdimm_bus *nvdimm_bus,
>   			cmd_mask, num_flush, flush_wpq, NULL, NULL);
>   }
>   
> -int nvdimm_security_setup_events(struct nvdimm *nvdimm);
>   const struct nd_cmd_desc *nd_cmd_dimm_desc(int cmd);
>   const struct nd_cmd_desc *nd_cmd_bus_desc(int cmd);
>   u32 nd_cmd_in_size(struct nvdimm *nvdimm, int cmd,
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ