[PATCH 11/11] acpi/nfit: prevent indiscriminate DSM payload dumping for security DSMs

Fri, 09 Nov 2018 14:15:01 -0800 

Right now when debug is enabled, we dump the command buffer
indescriminately. This exposes the clear text payload for security DSMs.
Introducing a kernel config to only dump the payload if the config option
is turned on so the production kernels can leave this option off and not
expose the passphrases.

Signed-off-by: Dave Jiang <dave.ji...@intel.com>
---
 drivers/acpi/nfit/Kconfig |    7 +++++++
 drivers/acpi/nfit/core.c  |   24 +++++++++++++++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/drivers/acpi/nfit/Kconfig b/drivers/acpi/nfit/Kconfig
index f7c57e33499e..a0a8eabda2e8 100644
--- a/drivers/acpi/nfit/Kconfig
+++ b/drivers/acpi/nfit/Kconfig
@@ -13,3 +13,10 @@ config ACPI_NFIT
 
          To compile this driver as a module, choose M here:
          the module will be called nfit.
+
+config NFIT_SECURITY_DEBUG
+       bool "Turn on debugging for NVDIMM security features"
+       depends on ACPI_NFIT
+       help
+         Turning on debug output for NVDIMM security DSM commands. This
+         should not be turned on on a production kernel.
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 867e6fea3737..baaf5308de35 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -405,6 +405,21 @@ static u8 nfit_dsm_revid(unsigned family, unsigned func)
        return id;
 }
 
+static bool is_security_cmd(unsigned int cmd, unsigned int func,
+               unsigned int family)
+{
+       if (cmd != ND_CMD_CALL)
+               return false;
+
+       if (family == NVDIMM_FAMILY_INTEL) {
+               if (func >= NVDIMM_INTEL_GET_SECURITY_STATE &&
+                               func <= NVDIMM_INTEL_MASTER_SECURE_ERASE)
+                       return true;
+       }
+
+       return false;
+}
+
 int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm,
                unsigned int cmd, void *buf, unsigned int buf_len, int *cmd_rc)
 {
@@ -489,9 +504,12 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, 
struct nvdimm *nvdimm,
 
        dev_dbg(dev, "%s cmd: %d: func: %d input length: %d\n",
                dimm_name, cmd, func, in_buf.buffer.length);
-       print_hex_dump_debug("nvdimm in  ", DUMP_PREFIX_OFFSET, 4, 4,
-                       in_buf.buffer.pointer,
-                       min_t(u32, 256, in_buf.buffer.length), true);
+       if ((call_pkg && !is_security_cmd(cmd, func, call_pkg->nd_family)) ||
+                       IS_ENABLED(CONFIG_NFIT_SECURITY_DEBUG)) {
+               print_hex_dump_debug("nvdimm in  ", DUMP_PREFIX_OFFSET, 4, 4,
+                               in_buf.buffer.pointer,
+                               min_t(u32, 256, in_buf.buffer.length), true);
+       }
 
        /* call the BIOS, prefer the named methods over _DSM if available */
        if (nvdimm && cmd == ND_CMD_GET_CONFIG_SIZE

_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

Reply via email to