Re: [PATCH v2 09/19] tools/testing/cxl: Add "Freeze Security State" security opcode support

Mon, 07 Nov 2022 11:02:25 -0800 



On 11/7/2022 6:44 AM, Jonathan Cameron wrote:

On Wed, 21 Sep 2022 08:32:22 -0700
Dave Jiang <dave.ji...@intel.com> wrote:


Add support to emulate a CXL mem device support the "Freeze Security State"
operation.

Signed-off-by: Dave Jiang <dave.ji...@intel.com>
---
  tools/testing/cxl/test/mem.c |   27 +++++++++++++++++++++++++++
  1 file changed, 27 insertions(+)

diff --git a/tools/testing/cxl/test/mem.c b/tools/testing/cxl/test/mem.c
index 40dccbeb9f30..b24119b0ea76 100644
--- a/tools/testing/cxl/test/mem.c
+++ b/tools/testing/cxl/test/mem.c
@@ -290,6 +290,30 @@ static int mock_disable_passphrase(struct cxl_dev_state 
*cxlds, struct cxl_mbox_
        return 0;
  }

  
+static int mock_freeze_security(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)

+{
+       struct cxl_mock_mem_pdata *mdata = dev_get_platdata(cxlds->dev);
+
+       if (cmd->size_in != 0)
+               return -EINVAL;
+
+       if (cmd->size_out != 0)
+               return -EINVAL;
+
+       if (mdata->security_state & CXL_PMEM_SEC_STATE_FROZEN) {


There are list of commands that should return invalid security state in
8.2.9.8.6.5 but doesn't include Freeze Security state.
Hence I think this is idempotent and writing to frozen when frozen succeeds
- it just doesn't change anything.


Ok will return 0.




+               cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
+               return -ENXIO;
+       }
+
+       if (!(mdata->security_state & CXL_PMEM_SEC_STATE_USER_PASS_SET)) {


This needs a spec reference.  (which is another way of saying I'm not sure
why it is here).



Will remove. It feels like the spec around this area is rather sparse 
and missing a lot of details. i.e. freezing security w/o security set.





+               cmd->return_code = CXL_MBOX_CMD_RC_SECURITY;
+               return -ENXIO;
+       }
+
+       mdata->security_state |= CXL_PMEM_SEC_STATE_FROZEN;
+       return 0;
+}
+
  static int mock_get_lsa(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd)
  {
        struct cxl_mbox_get_lsa *get_lsa = cmd->payload_in;
@@ -392,6 +416,9 @@ static int cxl_mock_mbox_send(struct cxl_dev_state *cxlds, 
struct cxl_mbox_cmd *
        case CXL_MBOX_OP_DISABLE_PASSPHRASE:
                rc = mock_disable_passphrase(cxlds, cmd);
                break;
+       case CXL_MBOX_OP_FREEZE_SECURITY:
+               rc = mock_freeze_security(cxlds, cmd);
+               break;
        default:
                break;
        }






























					Reply via email to