Skip to content

Commit

Permalink
cxl/pmem: Enforce keyctl ABI for PMEM security
Browse files Browse the repository at this point in the history 
Preclude the possibility of user tooling sending device secrets in the
clear into the kernel by marking the security commands as exclusive.
This mandates the usage of the keyctl ABI for managing the device
passphrase.

Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/166993221008.1995348.11651567302609703175.stgit@dwillia2-xfh.jf.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
  • Loading branch information
@djbw
djbw committed Dec 3, 2022
1 parent bf3e5da commit 07cb5f7
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions drivers/cxl/core/mbox.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds)
rc = 0;
}

/*
* Setup permanently kernel exclusive commands, i.e. the
* mechanism is driven through sysfs, keyctl, etc...
*/
set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds);
set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds);
set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds);
set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE,
cxlds->exclusive_cmds);

out:
kvfree(gsl);
return rc;
Expand Down

0 comments on commit 07cb5f7

Please sign in to comment.