On Mon, Jul 2, 2018 at 9:58 PM, Elliott, Robert (Persistent Memory)
wrote:
>
>> > Since it contains a high-value password, I recommend zeroing
>> > cmd->passphrase before calling kfree() so that data isn't seen
>> > by a subsequent kmalloc() caller (and make sure the compiler
>> > cannot optimize
> > Since it contains a high-value password, I recommend zeroing
> > cmd->passphrase before calling kfree() so that data isn't seen
> > by a subsequent kmalloc() caller (and make sure the compiler
> > cannot optimize away the clearing code).
> >
> > Also, check if the ndctl() call chain makes
On Mon, Jul 2, 2018 at 4:39 PM, Dave Jiang wrote:
> Adding support to allow query the security status of the Intel nvdimms and
> also unlock the dimm via the kernel key management APIs. The passphrase is
> expected to be pulled from userspace through keyutils. Moving the Intel
> related bits to
On Mon, Jul 2, 2018 at 6:45 PM, Elliott, Robert (Persistent Memory)
wrote:
>
>
>> -Original Message-
>> From: Linux-nvdimm [mailto:linux-nvdimm-boun...@lists.01.org] On Behalf Of
>> Dave Jiang
>> Sent: Monday, July 2, 2018 6:39 PM
>> To: dan.j.willi...@intel.com
>> Cc:
> -Original Message-
> From: Linux-nvdimm [mailto:linux-nvdimm-boun...@lists.01.org] On Behalf Of
> Dave Jiang
> Sent: Monday, July 2, 2018 6:39 PM
> To: dan.j.willi...@intel.com
> Cc: dhowe...@redhat.com; alison.schofi...@intel.com;
> keyri...@vger.kernel.org; keesc...@chromium.org;
On Mon, Jul 2, 2018 at 4:39 PM, Dave Jiang wrote:
> The generated dimm id is needed for the sysfs attribute as well as being
> used as the identifier/description for the security key. Since it's
> constant and should never change, store it as a member of struct nvdimm.
>
> Signed-off-by: Dave
On Mon, Jul 2, 2018 at 4:39 PM, Dave Jiang wrote:
> Adding command definition for security commands defined in Intel DSM
> specification v1.7. This includes "get security state", "set passphrase",
> "unlock unit", "freeze lock", "secure erase", "ovewrite", and
> "overwrite query". Since we are
Adding nfit_test support for DSM functions "Get Security State",
"Set Passphrase", "Disable Passphrase", "Unlock Unit", "Freeze Lock",
and "Secure Erase" for the fake DIMMs.
Also adding a sysfs knob in order to put the DIMMs in "locked" state. The
order of testing DIMM unlocking would be.
1a. Set
Adding support to allow query the security status of the Intel nvdimms and
also unlock the dimm via the kernel key management APIs. The passphrase is
expected to be pulled from userspace through keyutils. Moving the Intel
related bits to its own source file as well.
Signed-off-by: Dave Jiang
---
Adding theory of operation for the security support that's going into
libnvdimm.
Signed-off-by: Dave Jiang
---
Documentation/nvdimm/security | 70 +
1 file changed, 70 insertions(+)
create mode 100644 Documentation/nvdimm/security
diff --git
Adding support for setting and/or updating passphrase on the Intel nvdimms.
The passphrase is pulled from userspace through the kernel key management.
We trigger the update via writing "update" to the sysfs attribute
"security". The state of the security can also be read via the "security"
In order to access the nfit_test context via sideband sysfs knobs, the
dimm_dev needs to be more than struct device in order to point back to
struct nfit_test. Wrapping the original struct device with a struct
nfit_dimm_dev and saving the nfit_test as private driver data. Also
changing the
Adding support to disable passphrase (security) for the Intel nvdimm. The
passphrase used for disabling is pulled from userspace via the kernel
key management. The action is triggered by writing "disable" to the sysfs
attribute "security". libnvdimm will support the generic disable API call.
Adding support for freeze security on Intel nvdimm. This locks out any
changes to security for the DIMM unless a reboot is done. This is triggered
by writing "freeze" to the "security" sysfs attribute. libnvdimm will
support the generic freeze_lock API call.
Signed-off-by: Dave Jiang
---
Prepping the libnvdimm to support security management by adding a keyring
in order to provide passphrase management through the kernel key management
APIs.
Signed-off-by: Dave Jiang
---
drivers/nvdimm/dimm.c | 90 +
include/linux/libnvdimm.h |
The following series implements security support for nvdimm. Mostly adding
new security DSM support from the Intel NVDIMM DSM spec v1.7, but also
adding generic support libnvdimm for other vendors. The most important
security features are unlocking locked nvdimms, and updating/setting security
The generated dimm id is needed for the sysfs attribute as well as being
used as the identifier/description for the security key. Since it's
constant and should never change, store it as a member of struct nvdimm.
Signed-off-by: Dave Jiang
---
drivers/acpi/nfit/core.c | 33
Adding command definition for security commands defined in Intel DSM
specification v1.7. This includes "get security state", "set passphrase",
"unlock unit", "freeze lock", "secure erase", "ovewrite", and
"overwrite query". Since we are adding a lot of Intel definitions, moving
the relevant bits
On Wed, Jun 27, 2018 at 03:22:51PM -0600, Ross Zwisler wrote:
> Inodes using DAX should only ever have exceptional entries in their page
> caches. Make this clear by warning if the iteration in
> dax_layout_busy_page() ever sees a non-exceptional entry, and by adding a
> comment for the
On 6/28/2018 1:37 PM, Dan Williams wrote:
On Thu, Jun 28, 2018 at 12:28 PM, wrote:
Hi, Dan,
I'm concerned about this check
+ if (!ndctl_test_attempt(test, KERNEL_VERSION(4, 19, 0)))
I read it as: this ndctl test only works for upstream kernel 4.19 and above.
For Linux distributors,
Follow the lead of xfs_break_dax_layouts() and add synchronization between
operations in ext4 which remove blocks from an inode (hole punch, truncate
down, etc.) and pages which are pinned due to DAX DMA operations.
Signed-off-by: Ross Zwisler
Reviewed-by: Jan Kara
Reviewed-by: Lukas Czerner
On Mon, Jul 02, 2018 at 09:59:48AM +0200, Lukas Czerner wrote:
> On Fri, Jun 29, 2018 at 09:13:00AM -0600, Ross Zwisler wrote:
> > On Fri, Jun 29, 2018 at 02:02:23PM +0200, Lukas Czerner wrote:
> > > On Wed, Jun 27, 2018 at 03:22:52PM -0600, Ross Zwisler wrote:
> > > > Follow the lead of
On Fri, Jun 29, 2018 at 09:13:00AM -0600, Ross Zwisler wrote:
> On Fri, Jun 29, 2018 at 02:02:23PM +0200, Lukas Czerner wrote:
> > On Wed, Jun 27, 2018 at 03:22:52PM -0600, Ross Zwisler wrote:
> > > Follow the lead of xfs_break_dax_layouts() and add synchronization between
> > > operations in ext4
On Sun 01-07-18 14:18:48, Huaisheng Ye wrote:
> From: Huaisheng Ye
>
> If ext2_get_blocks returns negative result, ext2_iomap_begin
> will return for error case.
> Adjust the judging condition of ret value will be useful for
> code simplification.
>
> Signed-off-by: Huaisheng Ye
I'm sorry but
On Mon 02-07-18 14:23:42, Huaisheng Ye wrote:
> On Mon, 02 Jul 2018 03:26:00 +0800 Al Viro
> wrote
> > On Sun, Jul 01, 2018 at 02:18:47PM +0800, Huaisheng Ye wrote:
> > > From: Huaisheng Ye
> > >
> > > The type of offset within struct iomap is loff_t, which represents
> >
On Fri 29-06-18 09:13:00, Ross Zwisler wrote:
> On Fri, Jun 29, 2018 at 02:02:23PM +0200, Lukas Czerner wrote:
> > On Wed, Jun 27, 2018 at 03:22:52PM -0600, Ross Zwisler wrote:
> > > Follow the lead of xfs_break_dax_layouts() and add synchronization between
> > > operations in ext4 which remove
> -Original Message-
> From: Dan Williams [mailto:dan.j.willi...@intel.com]
> Sent: Sunday, July 1, 2018 3:12 AM
> To: Qi, Fuli/斉 福利
> Cc: linux-nvdimm@lists.01.org; Verma, Vishal L ;
> Mizuma,
> Masayoshi/水間 理仁 ; Gotou, Yasunori/五島 康文
>
> Subject: Re: Question about ndctl unit tests
>
On Mon, 02 Jul 2018 03:26:00 +0800 Al Viro
wrote
> On Sun, Jul 01, 2018 at 02:18:47PM +0800, Huaisheng Ye wrote:
> > From: Huaisheng Ye
> >
> > The type of offset within struct iomap is loff_t, which represents
> > file offset of mapping.
> >
> > In ext2_iomap_begin,
28 matches
Mail list logo
