aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Williams <[email protected]>2022-12-01 14:03:30 -0800
committerDan Williams <[email protected]>2022-12-02 23:52:32 -0800
commit07cb5f705b4fe9e1386a610da4cb3c063267714f (patch)
treea8c8ac96b4b098695fb5b4a821b39ce268c5b4a5
parentbf3e5da8cb43a671b32fc125fa81b8f6a3677192 (diff)
cxl/pmem: Enforce keyctl ABI for PMEM security
Preclude the possibility of user tooling sending device secrets in the clear into the kernel by marking the security commands as exclusive. This mandates the usage of the keyctl ABI for managing the device passphrase. Reviewed-by: Davidlohr Bueso <[email protected]> Reviewed-by: Dave Jiang <[email protected]> Reviewed-by: Jonathan Cameron <[email protected]> Link: https://lore.kernel.org/r/166993221008.1995348.11651567302609703175.stgit@dwillia2-xfh.jf.intel.com Signed-off-by: Dan Williams <[email protected]>
-rw-r--r--drivers/cxl/core/mbox.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
index 8747db329087..35dd889f1d3a 100644
--- a/drivers/cxl/core/mbox.c
+++ b/drivers/cxl/core/mbox.c
@@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds)
rc = 0;
}
+ /*
+ * Setup permanently kernel exclusive commands, i.e. the
+ * mechanism is driven through sysfs, keyctl, etc...
+ */
+ set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds);
+ set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds);
+ set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds);
+ set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE,
+ cxlds->exclusive_cmds);
+
out:
kvfree(gsl);
return rc;