[PATCH 0/1] MAINTAINERS

Today is my last day at Intel, I will continue to help maintain OPAL for the forseeable future. We (Linux Intel guys) are in the midst of signing keys and applying for kernel.org emails. I will submit another patch changing this to that email address once it is set up.

[PATCH] MAINTAINERS: Change Email for sed-opal sbauer.

Signed-off-by: Scott Bauer Signed-off-by: Scott Bauer --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 0fe4228f78cb..239ebc8f1ea1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12764,7 +12764,7 @@ S: Maintained F

Re: [PATCH] block: sed-opal: Fix a couple off by one bugs

d-opal library") > Signed-off-by: Dan Carpenter > --- Reviewed-by: Scott Bauer Tested-by: Scott Bauer > Static analysis. Not tested. This matches the checking in > response_get_token(). > > My other concern is that there isn't checking in response_parse() to

[PATCH] cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()" There is another cast from unsigned long to int which causes a bounds check to fail with specially crafted input. The value is then used as an index in the slot array in cdrom_slot_status(). Signed-off-by: S

Re: [PATCH] cdrom: information leak in cdrom_ioctl_media_changed()

On Wed, Apr 18, 2018 at 12:51:31PM +0300, Dan Carpenter wrote: > This cast is wrong. "cdi->capacity" is an int and "arg" is an unsigned > long. The way the check is written now, if one of the high 32 bits is > set then we could read outside the info->slots[] array. > > This bug is pretty old

Re: [PATCH v2 08/11] block: sed-opal: ioctl for writing to shadow mbr

On Thu, Mar 29, 2018 at 08:27:30PM +0200, catch...@ghostav.ddnss.de wrote: > On Thu, Mar 29, 2018 at 11:16:42AM -0600, Scott Bauer wrote: > > Yeah, having to autheticate to write the MBR is a real bummer. Theoretically > > you could dd a the pw struct + the shador MBR into sy

Re: [PATCH v2 08/11] block: sed-opal: ioctl for writing to shadow mbr

On Thu, Mar 29, 2018 at 07:30:02PM +0200, Jonas Rabenstein wrote: > Hi, > On Wed, Mar 21, 2018 at 02:43:21AM +0100, Jonas Rabenstein wrote: > > On Tue, Mar 20, 2018 at 04:09:08PM -0600, Scott Bauer wrote: > > > On Tue, Mar 20, 2018 at 10:36:04AM +0100, Jonas Rabenstein wrote

Re: [PATCH v2 08/11] block: sed-opal: ioctl for writing to shadow mbr

On Tue, Mar 20, 2018 at 10:36:04AM +0100, Jonas Rabenstein wrote: > On Mon, Mar 19, 2018 at 08:52:24PM +0100, Christoph Hellwig wrote: > > On Mon, Mar 19, 2018 at 07:36:50PM +0100, Jonas Rabenstein wrote: > > > Allow modification of the shadow mbr. If the shadow mbr is not marked as > > > done,

Re: [PATCH v2 06/11] block: sed-opal: split generation of bytestring header and content

On Mon, Mar 19, 2018 at 08:59:45PM +0100, Christoph Hellwig wrote: > > +static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t > > len) > > { > > size_t header_len = 1; > > bool is_short_atom = true; > > - > > - if (*err) > > - return; > > + char *start; >

Re: [PATCH v2 00/11] block: sed-opal support write to shadow mbr

On Mon, Mar 19, 2018 at 08:53:35PM +0100, Christoph Hellwig wrote: > On Mon, Mar 19, 2018 at 07:36:42PM +0100, Jonas Rabenstein wrote: > > Hi, > > I was advised to resend the patchset as a v2 where all the patches are > > in a flat hierarchy. So here is a complete set which hopefully pleases > >

Re: [PATCH v2] block: sed-opal: fix u64 short atom length

; --- > block/sed-opal.c | 11 --- > 1 file changed, 4 insertions(+), 7 deletions(-) Reviewed-by: Scott Bauer <scott.ba...@intel.com> Tested-by: Scott Bauer <scott.ba...@intel.com> Hi Jens, When you get time can you apply this if you have no objections? Thanks

Re: [PATCH 0/8] block: sed-opal: support write to shadow mbr

On Tue, Mar 13, 2018 at 02:08:53PM +0100, Jonas Rabenstein wrote: > Hi, > this patchset adds support to write data into the shadow mbr of sed-opal > enabled devices. They apply cleanly on today next-tree (next-20180313) > and requires the u64 short atom length fix from [0] as that is still >

Re: [PATCH 8/8] block: sed-opal: ioctl for writing to shadow mbr

On Tue, Mar 13, 2018 at 02:09:01PM +0100, Jonas Rabenstein wrote: > Allow modification of the shadow mbr. If the shadow mbr is not marked as > done, this data will be presented read only as the device content. Only > after marking the shadow mbr as done and unlocking a locking range the > actual

Re: [PATCH 3/8] block: sed-opal: unify cmd start and finalize

On Tue, Mar 13, 2018 at 02:08:56PM +0100, Jonas Rabenstein wrote: > Every step starts with resetting the cmd buffer as well as the comid and > constructs the appropriate OPAL_CALL command. Consequently, those > actions may be combined into one generic function. > > Signed-off-by: Jonas Rabenstein

Re: [PATCH v2] block: sed-opal: fix u64 short atom length

; --- > block/sed-opal.c | 11 --- > 1 file changed, 4 insertions(+), 7 deletions(-) > Reviewed-by: Scott Bauer <scott.ba...@intel.com> Your two patches should be sent to stable for 4.14. I can queue those up and do it, or if you want to you can do it as well. Let me know what you prefer!

Re: [PATCH][RESEND] block: sed-opal: fix response string extraction

On Tue, Mar 06, 2018 at 04:23:24PM -0800, Derrick, Jonathan wrote: > This looks correct. > > Adding my Ack unless Scott has objections > > Acked-by: Jonathan Derrick <jonathan.derr...@intel.com> Reviewed-by: Scott Bauer <scott.ba...@intel.com> Nice catch Jonas!

Re: [PATCH 3/3] block: Polling completion performance optimization

On 12/21/2017 01:46 PM, Keith Busch wrote: > When a request completion is polled, the completion task wakes itself > up. This is unnecessary, as the task can just set itself back to > running. > > Signed-off-by: Keith Busch > --- > fs/block_dev.c | 5 - > 1 file

[PATCH] MAINTAINERS: Remove Rafael from Opal maintainers.

He is no longer working on storage. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index af0cb69f6a3e..5c0864d7d7ad 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -12052,7 +12052,6 @@ F: d

Re: [PATCH V2] block: sed-opal: Set MBRDone on S3 resume path if TPER is MBREnabled

. > Looks good > > Acked-by Jon Derrick: <jonathan.derr...@intel.com> > > > On 09/01/2017 08:53 AM, Scott Bauer wrote: > > Users who are booting off their Opal enabled drives are having > > issues when they have a shadow MBR set up after s3/resume cycle. >

[PATCH V2] block: sed-opal: Set MBRDone on S3 resume path if TPER is MBREnabled

(even though we didnt use it) by setting true to MBRDone. This way the drive will stop the remapping and the user can access their data. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/opal_proto.h | 1 + block/sed-opal.c | 32 2 files

Re: [PATCH] block: sed-opal: Set MBRDone on S3 resume path if TPER is MBREnabled

On Thu, Aug 31, 2017 at 02:19:44PM -0600, Jens Axboe wrote: > On Thu, Aug 31 2017, Scott Bauer wrote: > > @@ -2345,6 +2371,11 @@ bool opal_unlock_from_suspend(struct opal_dev *dev) > > suspend->unlk.session.sum); > >

Re: [PATCH] block: sed-opal: Set MBRDone on S3 resume path if TPER is MBREnabled

On Thu, Aug 31, 2017 at 02:10:36PM -0600, Jon Derrick wrote: > Hey Scott, > > +static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key) > > +{ > > + u8 mbr_done_tf = 1; > > + const struct opal_step mbrdone_step [] = { > > + { opal_discovery0, }, > > + {

[PATCH] block: sed-opal: Set MBRDone on S3 resume path if TPER is MBREnabled

(even though we didnt use it) by setting true to MBRDone. This way the drive will stop the remapping and the user can access their data. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/opal_proto.h | 1 + block/sed-opal.c | 31 +++ 2 files

Re: Opal userspace

On Tue, Jun 06, 2017 at 11:25:24AM +0200, Christoph Hellwig wrote: > I don't really care about the place, I just send the -temp link > to a few people and they got really confused by it. > > Btw, do you have any plans to integrate the OPAL code with the > distros so that the setup will be

Re: [PATCH 6/6] sd: add support for TCG OPAL self encrypting disks

On Tue, Jun 06, 2017 at 11:59:55AM +0200, Christoph Hellwig wrote: > On Mon, Jun 05, 2017 at 03:15:31PM -0600, Scott Bauer wrote: > > I'm not familiar at all with ATA, but I noticed there was no unlock from > > suspend support > > in the series. Does ATA not have a way

Re: [PATCH 6/6] sd: add support for TCG OPAL self encrypting disks

On Sun, Jun 04, 2017 at 02:42:25PM +0200, Christoph Hellwig wrote: > Just wire up the generic TCG OPAL infrastructure to the SCSI disk driver > and the Security In/Out commands. > > Note that I don't know of any actual SCSI disks that do support TCG OPAL, > but this is required to support ATA

Re: Opal userspace

On Sun, Jun 04, 2017 at 09:15:03AM +0200, Christoph Hellwig wrote: > Hi Scott, > > is https://github.com/ScottyBauer/sed-opal-temp/ still the latest and > greatest in terms of OPAL userspace? The temp name always sounds a bit > odd.. Yeah it currently, is. I want to move it out from my personal

BUG: KASAN: use-after-free in scsi_exit_rq

Hi all, While running xfs test testing some other features scheduled for 4.12 I came across this KASAN dump: [ 638.913813] XFS (nvme0n1): Mounting V5 Filesystem [ 638.917934] XFS (nvme0n1): Ending clean mount [ 639.035070] blk_update_request: I/O error, dev nvme1n1, sector 0 [ 639.071764]

[RESEND PATCH] block: sed-opal: Tone down all the pr_* to debugs

Lets not flood the kernel log with messages unless the user requests so. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 153 +++ 1 file changed, 74 insertions(+), 79 deletions(-) diff --git a/block/sed-opal.c b

[PATCH] block: sed-opal: Tone down all the pr_* to debugs

Lets not flood the kernel log with messages unless the user requests so. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 153 +++ 1 file changed, 74 insertions(+), 79 deletions(-) diff --git a/block/sed-opal.c b

Re: [PATCH] block/sed: Fix opal user range check and unused variables

On Mon, Mar 06, 2017 at 08:41:04AM -0700, Jon Derrick wrote: > Fixes check that the opal user is within the range, and cleans up unused > method variables. > > Signed-off-by: Jon Derrick <jonathan.derr...@intel.com> Reviewed-by: Scott Bauer <scott.ba...@intel.com>

[PATCH 2/3] nvme/pci: re-check security protocol support after reset

A device may change capabilities after each reset, e.g. due to a firmware upgrade. We should thus check for Security Send/Receive and OPAL support after each reset. Based on patches from Christoph and Keith. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- drivers/nvme/host/pci.

[PATCH 1/3] block/sed-opal: Introduce free_opal_dev to free the structure and clean up state

Before we free the opal structure we need to clean up any saved locking ranges that the user had told us to unlock from a suspend. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Reviewed-by: Christoph Hellwig <h...@lst.de> --- block/sed-opal.c

Final opal patches for rc1

These are the final changes for rc1. Patch 1 contains some code to clean up an opal structure if something changes at runtime. (already reviewed by Christoph) Patch 2 contains changes to the nvme driver to use the above patch. If a new FW is loaded and we no longer support opal we clean up. This

[PATCH 3/3] block/sed-opal: Propagate original error message to userland.

During an error on a comannd, ex: user provides wrong pw to unlock range, we will gracefully terminate the opal session. We want to propagate the original error to userland instead of the result of the session termination, which is almost always a success. Signed-off-by: Scott Bauer <scott

Re: [PATCH] block/sed: Embed function data into the function sequence

<jonathan.derr...@intel.com> Reviewed-by: Scott Bauer <scott.ba...@intel.com> Christoph's review is here (I don't know if its kosher for me to put it in my message) http://lists.infradead.org/pipermail/linux-nvme/2017-February/008405.html

Re: [PATCHv4 0/4] OPAL patches, cont'd

On 02/21/2017 07:42 PM, Jens Axboe wrote: > On 02/21/2017 11:59 AM, Jon Derrick wrote: >> v3->v4: >> Passes in 'lock_held' into opal_lock_unlock() so we don't need to >> mutex_trylock(). I wasn't totally confident in that approach anyways. >> >> v2->v3: >> Squashed 5/5 into 4/5 >> Changed

Re: [PATCHv4 4/4] block/sed: Embed function data into the function sequence

<jonathan.derr...@intel.com> Reviewed-by: Scott Bauer <scott.ba...@intel.com> Also Christoph had reviewed-by on 1-3 on friday, I dont think we need a respin, but wanted to point that out since his tag isnt on 1-3 v4: https://marc.info/?l=linux-block=148725565212351=2 https://marc.info/?l=li

Re: [PATCHv2 4/5] block/sed: Embed function data into the function sequence

On 02/18/2017 01:36 AM, Christoph Hellwig wrote: > Hi Jon, > > I think this is a great cleanup! > > A few nitpicky comments below: > >> -typedef int (*opal_step)(struct opal_dev *dev); >> +typedef struct opal_step { >> +int (*fn)(struct opal_dev *dev, void *data); >> +void *data; >>

[PATCH] block/sed-opal: Introduce free_opal_dev to free the structure and clean up state

Before we free the opal structure we need to clean up any saved locking ranges that the user had told us to unlock from a suspend. Also fixup a list_for_each to list_for_each_safe in the save path. Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c

Re: [PATCH 4/4] nvme: re-check security protocol support after reset

On Fri, Feb 17, 2017 at 06:01:28PM +0100, Christoph Hellwig wrote: > On Fri, Feb 17, 2017 at 10:26:51AM -0500, Keith Busch wrote: > > On Fri, Feb 17, 2017 at 01:59:41PM +0100, Christoph Hellwig wrote: > > > @@ -1789,7 +1789,8 @@ static void nvme_reset_work(struct work_struct > > > *work) > > >

Re: [PATCH 4/4] nvme: re-check security protocol support after reset

On Fri, Feb 17, 2017 at 10:26:51AM -0500, Keith Busch wrote: > On Fri, Feb 17, 2017 at 01:59:41PM +0100, Christoph Hellwig wrote: > > @@ -1789,7 +1789,8 @@ static void nvme_reset_work(struct work_struct *work) > > if (result) > > goto out; > > > > - if ((dev->ctrl.oacs &

Re: [PATCH] opal: Use empty structure when not defined

On Thu, Feb 16, 2017 at 12:07:08PM -0800, Christoph Hellwig wrote: > On Thu, Feb 16, 2017 at 11:45:29AM -0700, Scott Bauer wrote: > > > + if (check_opal_support(dev) < 0) { > > > pr_warn("Opal is not supported on this device\n"); &g

Re: [PATCH 2/2] block/sed-opal: allocate struct opal_dev dynamically

private data field is added to it that is passed to the send/receive > callback. After that a lot of internals can be made private as well. > > Signed-off-by: Christoph Hellwig <h...@lst.de> Don't know if we need both but: Tested-by: Scott Bauer <scott.ba...@intel.com> R

Re: [PATCH] opal: Use empty structure when not defined

On Wed, Feb 15, 2017 at 11:58:12PM -0800, Christoph Hellwig wrote: > I'd rather prefer to make the structure separately allocated as > discussed before. Scott, can you test the patch below? I'm not near > my devices I could test on. > > --- > From b2cda0c7ec5c0ec66582655751838f519cfa1706 Mon

Re: [PATCH] opal: Use empty structure when not defined

On Thu, Feb 16, 2017 at 10:37:55AM -0700, Scott Bauer wrote: > On Thu, Feb 16, 2017 at 10:18:59AM -0700, Jon Derrick wrote: > > It looks good to me at first glance but I can't apply it. What tree are > > you on? > > > > On 02/16/2017 12:58 AM, Christoph Hellwig wro

Re: [PATCH] opal: Use empty structure when not defined

On Thu, Feb 16, 2017 at 10:18:59AM -0700, Jon Derrick wrote: > It looks good to me at first glance but I can't apply it. What tree are > you on? > > On 02/16/2017 12:58 AM, Christoph Hellwig wrote: > > I'd rather prefer to make the structure separately allocated as > > discussed before. Scott,

Re: [PATCH] opal: Use empty structure when not defined

,6 @@ static inline bool opal_unlock_from_suspend(struct > opal_dev *dev) > static inline void init_opal_dev(struct opal_dev *opal_dev, >sec_send_recv *send_recv) > { > - opal_dev->supported = false; > - opal_dev->initialized = t

Re: [PATCHv3 2/4] block/sed: Add helper to qualify response tokens

> } > > +static bool response_token_matches(const struct opal_resp_tok *token, u8 > match) > +{ > + if (IS_ERR_OR_NULL(token) || > + token->type != OPAL_DTA_TOKENID_TOKEN || > + token->pos[0] != match) > + return false; > + return true; > +} > + This is sorta pedantic but from my reading of the code token can never be null. It will either be a valid pointer or ERR_PTR(-EINVAL), but never null. So maybe change this to IS_ERR(token) etc. Other than that little nit: Reviewed-by: Scott Bauer <scott.ba...@intel.com>

Re: [PATCHv3 3/4] block/sed: Check received header lengths

On Wed, Feb 15, 2017 at 12:42:08PM -0700, Jon Derrick wrote: > Add a buffer size check against discovery and response header lengths > before we loop over their buffers. > > Signed-off-by: Jon Derrick <jonathan.derr...@intel.com> Reviewed-by: Scott Bauer <scott.ba...@intel.com>

Re: [PATCHv3 1/4] block/sed: Use ssize_t on atom parsers to return errors

ntel.com> Reviewed-by: Scott Bauer <scott.ba...@intel.com>

[PATCH V6 3/3] Maintainers: Modify SED list from nvme to block

Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index e325373..b983b25 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11094,7 +11094,7 @@ SECURE ENCRYPTING DEVICE (SED) OPAL DRI

[PATCH V6 2/3] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN

() Fixes: 455a7b238cd6 ("block: Add Sed-opal library") Reported-by: Arnd Bergmann <a...@arndb.de> Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 133 --- drivers/nvme/host/core.c | 3 +- include/

Re: [PATCH V5 3/4] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN

On Mon, Feb 13, 2017 at 04:30:36PM +, David Laight wrote: > From: Scott Bauer Sent: 13 February 2017 16:11 > > When CONFIG_KASAN is enabled, compilation fails: > > > > block/sed-opal.c: In function 'sed_ioctl': > > block/sed-opal.c:2447:1: error: the frame size o

Re: [PATCH V5 1/4] block: sed-opal: change ioctl to take user pointer instead of unsinged long

esOn Mon, Feb 13, 2017 at 09:11:09AM -0700, Scott Bauer wrote: > Signed-off-by: Scott Bauer <scott.ba...@intel.com> > --- > block/sed-opal.c | 6 -- > drivers/nvme/host/core.c | 3 ++- > include/linux/sed-opal.h | 4 ++-- > 3 files changed, 8 insertions(+),

[PATCH V5 1/4] block: sed-opal: change ioctl to take user pointer instead of unsinged long

Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 6 -- drivers/nvme/host/core.c | 3 ++- include/linux/sed-opal.h | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/block/sed-opal.c b/block/sed-opal.c index bf1406e..2448d4a

[PATCH V5 2/4] uapi: sed-opal fix IOW for activate lsp to use correct struct

the IOW for the IOC_OPAL_ACTIVATE_LSP took the wrong strcure which would give us the wrong size when using _IOC_SIZE, switch it to the right structure. Fixes: 058f8a2 ("Include: Uapi: Add user ABI for Sed/Opal") Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- includ

[PATCH V5 3/4] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN

() Fixes: 455a7b238cd6 ("block: Add Sed-opal library") Reported-by: Arnd Bergmann <a...@arndb.de> Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 130 +++ 1 file changed, 45 insertions(+), 85 de

[PATCH V5 4/4] Maintainers: Modify SED list from nvme to block

Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index e325373..b983b25 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -11094,7 +11094,7 @@ SECURE ENCRYPTING DEVICE (SED) OPAL DRI

SED Opal Fixups

So we have a few patches here, they're pretty small. First patch changes the sed-opal ioctl function parameters to take a void __user* instead of an unsigned long, this required a small cast in the nvme driver. Patch 2 is a UAPI fixup for the IOW to make an ioctl the right size. Patch 3 fixes a

Re: [PATCH v2 4/4] Maintainers: Add Information for SED Opal library

On Fri, Feb 10, 2017 at 08:46:09AM -0800, Elliott, Robert (Persistent Memory) wrote: > > > > -Original Message- > > From: linux-block-ow...@vger.kernel.org [mailto:linux-block- > > ow...@vger.kernel.org] On Behalf Of Scott Bauer > > Sent: Tuesday, November

[PATCH V4 1/2] uapi: sed-opal fix IOW for activate lsp to use correct struct

the IOW for the IOC_OPAL_ACTIVATE_LSP took the wrong strcure which would give us the wrong size when using _IOC_SIZE, switch it to the right structure. Fixes: 058f8a2 ("Include: Uapi: Add user ABI for Sed/Opal") Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- includ

[PATCH V4 2/2] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN

() Fixes: 455a7b238cd6 ("block: Add Sed-opal library") Reported-by: Arnd Bergmann <a...@arndb.de> Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 132 --- 1 file changed, 48 insertions(+), 84 de

Sed-opal Fixes

changes from v3->v4: Changed manual kzalloc + copy from user to memdup_user. This small series fixes a small ABI issue when using the _IOC_SIZE with the Activate Locking SP ioctl. I had put the wrong structure in the IOW macro in the uapi header which caused issues when trying to copy in the

Re: [PATCH V3 2/2] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN

On Fri, Feb 10, 2017 at 09:01:23AM +0100, Arnd Bergmann wrote: > On Thursday, February 9, 2017 10:20:01 AM CET Scott Bauer wrote: > > When CONFIG_KASAN is enabled, compilation fails: > > > > block/sed-opal.c: In function 'sed_ioctl': > > block/sed-opal.c:2447:1: er

Re: Sed-opal fixups

On Thu, Feb 09, 2017 at 05:43:20PM +, David Laight wrote: > From: Scott Bauer > > Sent: 09 February 2017 17:20 > > It may be too late to change anyhting in the uapi header. When we > > switched over to using IOC_SIZE I found a bug where I had switched > > up a str

[PATCH V3 2/2] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN

() Fixes: 455a7b238cd6 ("block: Add Sed-opal library") Reported-by: Arnd Bergmann <a...@arndb.de> Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- block/sed-opal.c | 134 +-- 1 file changed, 50 insertions(+), 84 de

[PATCH V3 1/2] uapi: sed-opal fix IOW for activate lsp to use correct struct

the IOW for the IOC_OPAL_ACTIVATE_LSP took the wrong strcure which would give us the wrong size when using _IOC_SIZE, switch it to the right structure. Fixes: 058f8a2 ("Include: Uapi: Add user ABI for Sed/Opal") Signed-off-by: Scott Bauer <scott.ba...@intel.com> --- includ

Sed-opal fixups

It may be too late to change anyhting in the uapi header. When we switched over to using IOC_SIZE I found a bug where I had switched up a structure in one of the series from v4 to v5 but never changed the structure in the IOW. The structure that was in there was to small so when we kzalloc on it

Re: [PATCH] block: sed-opal: reduce stack size of ioctl handler

On Wed, Feb 08, 2017 at 02:58:28PM -0700, Scott Bauer wrote: > On Wed, Feb 08, 2017 at 10:15:28PM +0100, Arnd Bergmann wrote: > > When CONFIG_KASAN is in use, the sed_ioctl function uses unusually large > > stack, > > as each possible ioctl argument gets its own st

Re: [PATCH v2 2/4] block: Add Sed-opal library

On Thu, Dec 01, 2016 at 01:22:39PM -0500, Keith Busch wrote: > On Thu, Dec 01, 2016 at 10:53:43AM -0700, Scott Bauer wrote: > > > Maybe. I need to look at the TCG spec again (oh my good, what a fucking > > > mess), but if I remember the context if it is the

Re: [PATCH v2 2/4] block: Add Sed-opal library

On Thu, Dec 01, 2016 at 02:04:56AM -0800, Christoph Hellwig wrote: > On Wed, Nov 30, 2016 at 07:50:07PM -0500, Keith Busch wrote: > > I think we should get rid of the "majmin" stuff > > Absolutely agreed. > > > > > and directly use > > block_device. Then if we add the security send/receive

Re: [PATCH v2 2/4] block: Add Sed-opal library

es1;4205;0cOn Wed, Nov 30, 2016 at 01:13:57PM -0500, Keith Busch wrote: > On Tue, Nov 29, 2016 at 02:52:00PM -0700, Scott Bauer wrote: > > + dev = get_or_create_opal_dev(bdev, key->opal_act.key.lr, true); > > + if (!dev) > > + return -ENOMEM; > > The

[PATCH v2 0/4] SED OPAL Library

Setting LR/User passwords (Single User Mode or Normal Mode). 8) Eabling/disabling Shadow MBR. 9) Enabling Users in the LockingSP (Normal Mode Only). 10) Saving Password for resume from suspend. Each command above is exported through an ioctl in the block layer. Scott Bauer (4): include: Add def

[PATCH v2 1/4] include: Add definitions for sed

This patch adds the definitions and structures for the SED Opal code. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- include/linux/sed-opal.h | 57 ++ include/linux/sed.h

[PATCH v2 3/4] nvme: Implement resume_from_suspend and sed block ioctl

This patch implements the necessary logic to unlock a SED enabled device coming back from an S3. The patch also implements the ioctl handling from the block layer. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> ---

[PATCH v2 4/4] Maintainers: Add Information for SED Opal library

Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- MAINTAINERS | 10 ++ 1 file changed, 10 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 8d414840..929eba3 100644 --- a/MAINTAINERS +++ b

[PATCH v2 2/4] block: Add Sed-opal library

. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- block/Makefile|2 +- block/sed-opal.c | 3157 + block/sed-opal_internal.h | 601 +

Re: [PATCH v1 0/7] SED OPAL Library

On Thu, Nov 17, 2016 at 11:28:07AM -0800, Christoph Hellwig wrote: > On Thu, Nov 17, 2016 at 10:36:14AM -0700, Scott Bauer wrote: > > > > I want some further clarification, if you don't mind. We call sec_ops > > inside the actual logic for the opal code. Which i

Re: [PATCH v1 0/7] SED OPAL Library

On Thu, Nov 17, 2016 at 05:12:51AM -0800, Christoph Hellwig wrote: > Hi Scott, > > I took a look at the code and here are some very high level comments: > > - we only call into block_device_operations.sec_ops from the ioctl >handlers. So instead of adding it to the block layer I'd rather >

Re: [PATCH v1 1/7] Include: Add definitions for sed

On Thu, Nov 17, 2016 at 07:22:15AM -0800, Christoph Hellwig wrote: > > @@ -0,0 +1,58 @@ > > +/* > > + * Copyright © 2016 Intel Corporation > > + * > > + * Permission is hereby granted, free of charge, to any person obtaining a > > + * copy of this software and associated documentation files (the

[PATCH v1 1/7] Include: Add definitions for sed

This patch adds the definitions and structures for the SED Opal code. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- include/linux/sed-opal.h | 58 + include/linux/sed.h

[PATCH v1 5/7] nvme: Implement SED Security Operations

This patch implements the sec_ops functions for sending OPAL packets to the controller. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- drivers/nvme/host/core.c | 94 +

[PATCH v1 3/7] lib: Add Sed to Kconfig and Makefile

Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- lib/Kconfig | 12 lib/Makefile | 7 +++ 2 files changed, 19 insertions(+) diff --git a/lib/Kconfig b/lib/Kconfig index 260a80e..47c39ac 1006

[PATCH v1 6/7] nvme: Implement SED Unlock from suspend

This patch implements the necessary logic to unlock a drive after a suspend-to-RAM. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- drivers/nvme/host/core.c | 24 drivers/nvme/host

[PATCH v1 0/7] SED OPAL Library

ing into the master branch of nvme-cli. I have a series of test scripts I've been using which can be helpful if people want to test or immediately start using and testing the code: https://github.com/ScottyBauer/nvme-cli-sed-sh Scott Bauer (7): Include: Add definitions for sed lib: Add Sed-o

Re: [RFC PATCH 5/6] nvme: Add unlock_from_suspend

On Tue, Nov 01, 2016 at 06:57:05AM -0700, Christoph Hellwig wrote: > On Tue, Nov 01, 2016 at 10:18:13AM +0200, Sagi Grimberg wrote: > > > + > > > + return nvme_insert_rq(q, req, 1, sec_submit_endio); > > > > No need to introduce nvme_insert_rq at all, just call > > blk_mq_insert_request (other

Re: [RFC PATCH 5/6] nvme: Add unlock_from_suspend

On Mon, Nov 07, 2016 at 01:45:42PM -0500, Keith Busch wrote: > On Tue, Nov 01, 2016 at 10:18:13AM +0200, Sagi Grimberg wrote: > > > - spin_lock_irq(>q_lock); > > > + spin_lock_irqsave(>q_lock, flags); > > > if (unlikely(nvmeq->cq_vector < 0)) { > > > if (ns && !test_bit(NVME_NS_DEAD,

Re: [RFC PATCH 5/6] nvme: Add unlock_from_suspend

On Tue, Nov 01, 2016 at 06:57:05AM -0700, Christoph Hellwig wrote: > On Tue, Nov 01, 2016 at 10:18:13AM +0200, Sagi Grimberg wrote: > > > + > > > + return nvme_insert_rq(q, req, 1, sec_submit_endio); > > > > No need to introduce nvme_insert_rq at all, just call > > blk_mq_insert_request (other

[RFC PATCH 0/6] Sed Opal

This Patch series implements a large portion of the Opal protocol for self encrypting devices. The driver has the capability of storing a locking range's password, either directly in the driver, or in the Kernel's key managment. The password can then be replayed during a resume from previous

[RFC PATCH 1/6] Include: Add definitions for sed

This patch adds the definitions and structures for the SED Opal code. Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- include/linux/sed-opal.h | 58 + include/linux/sed.h

[RFC PATCH 3/6] lib: Add Sed to Kconfig and Makefile

Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- lib/Kconfig | 12 lib/Makefile | 7 +++ 2 files changed, 19 insertions(+) diff --git a/lib/Kconfig b/lib/Kconfig index 260a80e..47c39ac 1006

[RFC PATCH 6/6] block: ioctl: Wire up Sed to block ioctls

Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- block/compat_ioctl.c | 14 block/ioctl.c| 200 ++- 2 files changed, 213 insertions(+), 1 deletion(-)

[RFC PATCH 4/6] include: Add sec_ops to block device operations

Signed-off-by: Scott Bauer <scott.ba...@intel.com> Signed-off-by: Rafael Antognolli <rafael.antogno...@intel.com> --- include/linux/blkdev.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index c47c358..6fceff1 100644 --- a/i