This source file includes following definitions.
- key_data
- nvdimm_put_key
- nvdimm_request_key
- nvdimm_get_key_payload
- nvdimm_lookup_user_key
- nvdimm_get_user_key_payload
- nvdimm_key_revalidate
- __nvdimm_security_unlock
- nvdimm_security_unlock
- check_security_state
- security_disable
- security_update
- security_erase
- security_overwrite
- __nvdimm_security_overwrite_query
- nvdimm_security_overwrite_query
- nvdimm_security_store
1
2
3
4 #include <linux/module.h>
5 #include <linux/device.h>
6 #include <linux/ndctl.h>
7 #include <linux/slab.h>
8 #include <linux/io.h>
9 #include <linux/mm.h>
10 #include <linux/cred.h>
11 #include <linux/key.h>
12 #include <linux/key-type.h>
13 #include <keys/user-type.h>
14 #include <keys/encrypted-type.h>
15 #include "nd-core.h"
16 #include "nd.h"
17
18 #define NVDIMM_BASE_KEY 0
19 #define NVDIMM_NEW_KEY 1
20
21 static bool key_revalidate = true;
22 module_param(key_revalidate, bool, 0444);
23 MODULE_PARM_DESC(key_revalidate, "Require key validation at init.");
24
25 static const char zero_key[NVDIMM_PASSPHRASE_LEN];
26
27 static void *key_data(struct key *key)
28 {
29 struct encrypted_key_payload *epayload = dereference_key_locked(key);
30
31 lockdep_assert_held_read(&key->sem);
32
33 return epayload->decrypted_data;
34 }
35
36 static void nvdimm_put_key(struct key *key)
37 {
38 if (!key)
39 return;
40
41 up_read(&key->sem);
42 key_put(key);
43 }
44
45
46
47
48
49
50 static struct key *nvdimm_request_key(struct nvdimm *nvdimm)
51 {
52 struct key *key = NULL;
53 static const char NVDIMM_PREFIX[] = "nvdimm:";
54 char desc[NVDIMM_KEY_DESC_LEN + sizeof(NVDIMM_PREFIX)];
55 struct device *dev = &nvdimm->dev;
56
57 sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id);
58 key = request_key(&key_type_encrypted, desc, "");
59 if (IS_ERR(key)) {
60 if (PTR_ERR(key) == -ENOKEY)
61 dev_dbg(dev, "request_key() found no key\n");
62 else
63 dev_dbg(dev, "request_key() upcall failed\n");
64 key = NULL;
65 } else {
66 struct encrypted_key_payload *epayload;
67
68 down_read(&key->sem);
69 epayload = dereference_key_locked(key);
70 if (epayload->decrypted_datalen != NVDIMM_PASSPHRASE_LEN) {
71 up_read(&key->sem);
72 key_put(key);
73 key = NULL;
74 }
75 }
76
77 return key;
78 }
79
80 static const void *nvdimm_get_key_payload(struct nvdimm *nvdimm,
81 struct key **key)
82 {
83 *key = nvdimm_request_key(nvdimm);
84 if (!*key)
85 return zero_key;
86
87 return key_data(*key);
88 }
89
90 static struct key *nvdimm_lookup_user_key(struct nvdimm *nvdimm,
91 key_serial_t id, int subclass)
92 {
93 key_ref_t keyref;
94 struct key *key;
95 struct encrypted_key_payload *epayload;
96 struct device *dev = &nvdimm->dev;
97
98 keyref = lookup_user_key(id, 0, 0);
99 if (IS_ERR(keyref))
100 return NULL;
101
102 key = key_ref_to_ptr(keyref);
103 if (key->type != &key_type_encrypted) {
104 key_put(key);
105 return NULL;
106 }
107
108 dev_dbg(dev, "%s: key found: %#x\n", __func__, key_serial(key));
109
110 down_read_nested(&key->sem, subclass);
111 epayload = dereference_key_locked(key);
112 if (epayload->decrypted_datalen != NVDIMM_PASSPHRASE_LEN) {
113 up_read(&key->sem);
114 key_put(key);
115 key = NULL;
116 }
117 return key;
118 }
119
120 static const void *nvdimm_get_user_key_payload(struct nvdimm *nvdimm,
121 key_serial_t id, int subclass, struct key **key)
122 {
123 *key = NULL;
124 if (id == 0) {
125 if (subclass == NVDIMM_BASE_KEY)
126 return zero_key;
127 else
128 return NULL;
129 }
130
131 *key = nvdimm_lookup_user_key(nvdimm, id, subclass);
132 if (!*key)
133 return NULL;
134
135 return key_data(*key);
136 }
137
138
139 static int nvdimm_key_revalidate(struct nvdimm *nvdimm)
140 {
141 struct key *key;
142 int rc;
143 const void *data;
144
145 if (!nvdimm->sec.ops->change_key)
146 return -EOPNOTSUPP;
147
148 data = nvdimm_get_key_payload(nvdimm, &key);
149
150
151
152
153
154 rc = nvdimm->sec.ops->change_key(nvdimm, data, data, NVDIMM_USER);
155 if (rc < 0) {
156 nvdimm_put_key(key);
157 return rc;
158 }
159
160 nvdimm_put_key(key);
161 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
162 return 0;
163 }
164
165 static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
166 {
167 struct device *dev = &nvdimm->dev;
168 struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
169 struct key *key;
170 const void *data;
171 int rc;
172
173
174 lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
175
176 if (!nvdimm->sec.ops || !nvdimm->sec.ops->unlock
177 || !nvdimm->sec.flags)
178 return -EIO;
179
180
181 if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
182 return 0;
183
184 if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
185 dev_dbg(dev, "Security operation in progress.\n");
186 return -EBUSY;
187 }
188
189
190
191
192
193
194
195
196 if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags)) {
197 if (!key_revalidate)
198 return 0;
199
200 return nvdimm_key_revalidate(nvdimm);
201 } else
202 data = nvdimm_get_key_payload(nvdimm, &key);
203
204 rc = nvdimm->sec.ops->unlock(nvdimm, data);
205 dev_dbg(dev, "key: %d unlock: %s\n", key_serial(key),
206 rc == 0 ? "success" : "fail");
207
208 nvdimm_put_key(key);
209 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
210 return rc;
211 }
212
213 int nvdimm_security_unlock(struct device *dev)
214 {
215 struct nvdimm *nvdimm = to_nvdimm(dev);
216 int rc;
217
218 nvdimm_bus_lock(dev);
219 rc = __nvdimm_security_unlock(nvdimm);
220 nvdimm_bus_unlock(dev);
221 return rc;
222 }
223
224 static int check_security_state(struct nvdimm *nvdimm)
225 {
226 struct device *dev = &nvdimm->dev;
227
228 if (test_bit(NVDIMM_SECURITY_FROZEN, &nvdimm->sec.flags)) {
229 dev_dbg(dev, "Incorrect security state: %#lx\n",
230 nvdimm->sec.flags);
231 return -EIO;
232 }
233
234 if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
235 dev_dbg(dev, "Security operation in progress.\n");
236 return -EBUSY;
237 }
238
239 return 0;
240 }
241
242 static int security_disable(struct nvdimm *nvdimm, unsigned int keyid)
243 {
244 struct device *dev = &nvdimm->dev;
245 struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
246 struct key *key;
247 int rc;
248 const void *data;
249
250
251 lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
252
253 if (!nvdimm->sec.ops || !nvdimm->sec.ops->disable
254 || !nvdimm->sec.flags)
255 return -EOPNOTSUPP;
256
257 rc = check_security_state(nvdimm);
258 if (rc)
259 return rc;
260
261 data = nvdimm_get_user_key_payload(nvdimm, keyid,
262 NVDIMM_BASE_KEY, &key);
263 if (!data)
264 return -ENOKEY;
265
266 rc = nvdimm->sec.ops->disable(nvdimm, data);
267 dev_dbg(dev, "key: %d disable: %s\n", key_serial(key),
268 rc == 0 ? "success" : "fail");
269
270 nvdimm_put_key(key);
271 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
272 return rc;
273 }
274
275 static int security_update(struct nvdimm *nvdimm, unsigned int keyid,
276 unsigned int new_keyid,
277 enum nvdimm_passphrase_type pass_type)
278 {
279 struct device *dev = &nvdimm->dev;
280 struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
281 struct key *key, *newkey;
282 int rc;
283 const void *data, *newdata;
284
285
286 lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
287
288 if (!nvdimm->sec.ops || !nvdimm->sec.ops->change_key
289 || !nvdimm->sec.flags)
290 return -EOPNOTSUPP;
291
292 rc = check_security_state(nvdimm);
293 if (rc)
294 return rc;
295
296 data = nvdimm_get_user_key_payload(nvdimm, keyid,
297 NVDIMM_BASE_KEY, &key);
298 if (!data)
299 return -ENOKEY;
300
301 newdata = nvdimm_get_user_key_payload(nvdimm, new_keyid,
302 NVDIMM_NEW_KEY, &newkey);
303 if (!newdata) {
304 nvdimm_put_key(key);
305 return -ENOKEY;
306 }
307
308 rc = nvdimm->sec.ops->change_key(nvdimm, data, newdata, pass_type);
309 dev_dbg(dev, "key: %d %d update%s: %s\n",
310 key_serial(key), key_serial(newkey),
311 pass_type == NVDIMM_MASTER ? "(master)" : "(user)",
312 rc == 0 ? "success" : "fail");
313
314 nvdimm_put_key(newkey);
315 nvdimm_put_key(key);
316 if (pass_type == NVDIMM_MASTER)
317 nvdimm->sec.ext_flags = nvdimm_security_flags(nvdimm,
318 NVDIMM_MASTER);
319 else
320 nvdimm->sec.flags = nvdimm_security_flags(nvdimm,
321 NVDIMM_USER);
322 return rc;
323 }
324
325 static int security_erase(struct nvdimm *nvdimm, unsigned int keyid,
326 enum nvdimm_passphrase_type pass_type)
327 {
328 struct device *dev = &nvdimm->dev;
329 struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
330 struct key *key = NULL;
331 int rc;
332 const void *data;
333
334
335 lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
336
337 if (!nvdimm->sec.ops || !nvdimm->sec.ops->erase
338 || !nvdimm->sec.flags)
339 return -EOPNOTSUPP;
340
341 rc = check_security_state(nvdimm);
342 if (rc)
343 return rc;
344
345 if (!test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.ext_flags)
346 && pass_type == NVDIMM_MASTER) {
347 dev_dbg(dev,
348 "Attempt to secure erase in wrong master state.\n");
349 return -EOPNOTSUPP;
350 }
351
352 data = nvdimm_get_user_key_payload(nvdimm, keyid,
353 NVDIMM_BASE_KEY, &key);
354 if (!data)
355 return -ENOKEY;
356
357 rc = nvdimm->sec.ops->erase(nvdimm, data, pass_type);
358 dev_dbg(dev, "key: %d erase%s: %s\n", key_serial(key),
359 pass_type == NVDIMM_MASTER ? "(master)" : "(user)",
360 rc == 0 ? "success" : "fail");
361
362 nvdimm_put_key(key);
363 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
364 return rc;
365 }
366
367 static int security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)
368 {
369 struct device *dev = &nvdimm->dev;
370 struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
371 struct key *key = NULL;
372 int rc;
373 const void *data;
374
375
376 lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
377
378 if (!nvdimm->sec.ops || !nvdimm->sec.ops->overwrite
379 || !nvdimm->sec.flags)
380 return -EOPNOTSUPP;
381
382 if (dev->driver == NULL) {
383 dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
384 return -EINVAL;
385 }
386
387 rc = check_security_state(nvdimm);
388 if (rc)
389 return rc;
390
391 data = nvdimm_get_user_key_payload(nvdimm, keyid,
392 NVDIMM_BASE_KEY, &key);
393 if (!data)
394 return -ENOKEY;
395
396 rc = nvdimm->sec.ops->overwrite(nvdimm, data);
397 dev_dbg(dev, "key: %d overwrite submission: %s\n", key_serial(key),
398 rc == 0 ? "success" : "fail");
399
400 nvdimm_put_key(key);
401 if (rc == 0) {
402 set_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags);
403 set_bit(NDD_WORK_PENDING, &nvdimm->flags);
404 set_bit(NVDIMM_SECURITY_OVERWRITE, &nvdimm->sec.flags);
405
406
407
408
409 get_device(dev);
410 queue_delayed_work(system_wq, &nvdimm->dwork, 0);
411 }
412
413 return rc;
414 }
415
416 void __nvdimm_security_overwrite_query(struct nvdimm *nvdimm)
417 {
418 struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(&nvdimm->dev);
419 int rc;
420 unsigned int tmo;
421
422
423 lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
424
425
426
427
428
429 if (!test_bit(NDD_WORK_PENDING, &nvdimm->flags))
430 return;
431
432 tmo = nvdimm->sec.overwrite_tmo;
433
434 if (!nvdimm->sec.ops || !nvdimm->sec.ops->query_overwrite
435 || !nvdimm->sec.flags)
436 return;
437
438 rc = nvdimm->sec.ops->query_overwrite(nvdimm);
439 if (rc == -EBUSY) {
440
441
442 tmo += 10;
443 queue_delayed_work(system_wq, &nvdimm->dwork, tmo * HZ);
444 nvdimm->sec.overwrite_tmo = min(15U * 60U, tmo);
445 return;
446 }
447
448 if (rc < 0)
449 dev_dbg(&nvdimm->dev, "overwrite failed\n");
450 else
451 dev_dbg(&nvdimm->dev, "overwrite completed\n");
452
453 if (nvdimm->sec.overwrite_state)
454 sysfs_notify_dirent(nvdimm->sec.overwrite_state);
455 nvdimm->sec.overwrite_tmo = 0;
456 clear_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags);
457 clear_bit(NDD_WORK_PENDING, &nvdimm->flags);
458 put_device(&nvdimm->dev);
459 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
460 nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_MASTER);
461 }
462
463 void nvdimm_security_overwrite_query(struct work_struct *work)
464 {
465 struct nvdimm *nvdimm =
466 container_of(work, typeof(*nvdimm), dwork.work);
467
468 nvdimm_bus_lock(&nvdimm->dev);
469 __nvdimm_security_overwrite_query(nvdimm);
470 nvdimm_bus_unlock(&nvdimm->dev);
471 }
472
473 #define OPS \
474 C( OP_FREEZE, "freeze", 1), \
475 C( OP_DISABLE, "disable", 2), \
476 C( OP_UPDATE, "update", 3), \
477 C( OP_ERASE, "erase", 2), \
478 C( OP_OVERWRITE, "overwrite", 2), \
479 C( OP_MASTER_UPDATE, "master_update", 3), \
480 C( OP_MASTER_ERASE, "master_erase", 2)
481 #undef C
482 #define C(a, b, c) a
483 enum nvdimmsec_op_ids { OPS };
484 #undef C
485 #define C(a, b, c) { b, c }
486 static struct {
487 const char *name;
488 int args;
489 } ops[] = { OPS };
490 #undef C
491
492 #define SEC_CMD_SIZE 32
493 #define KEY_ID_SIZE 10
494
495 ssize_t nvdimm_security_store(struct device *dev, const char *buf, size_t len)
496 {
497 struct nvdimm *nvdimm = to_nvdimm(dev);
498 ssize_t rc;
499 char cmd[SEC_CMD_SIZE+1], keystr[KEY_ID_SIZE+1],
500 nkeystr[KEY_ID_SIZE+1];
501 unsigned int key, newkey;
502 int i;
503
504 rc = sscanf(buf, "%"__stringify(SEC_CMD_SIZE)"s"
505 " %"__stringify(KEY_ID_SIZE)"s"
506 " %"__stringify(KEY_ID_SIZE)"s",
507 cmd, keystr, nkeystr);
508 if (rc < 1)
509 return -EINVAL;
510 for (i = 0; i < ARRAY_SIZE(ops); i++)
511 if (sysfs_streq(cmd, ops[i].name))
512 break;
513 if (i >= ARRAY_SIZE(ops))
514 return -EINVAL;
515 if (ops[i].args > 1)
516 rc = kstrtouint(keystr, 0, &key);
517 if (rc >= 0 && ops[i].args > 2)
518 rc = kstrtouint(nkeystr, 0, &newkey);
519 if (rc < 0)
520 return rc;
521
522 if (i == OP_FREEZE) {
523 dev_dbg(dev, "freeze\n");
524 rc = nvdimm_security_freeze(nvdimm);
525 } else if (i == OP_DISABLE) {
526 dev_dbg(dev, "disable %u\n", key);
527 rc = security_disable(nvdimm, key);
528 } else if (i == OP_UPDATE || i == OP_MASTER_UPDATE) {
529 dev_dbg(dev, "%s %u %u\n", ops[i].name, key, newkey);
530 rc = security_update(nvdimm, key, newkey, i == OP_UPDATE
531 ? NVDIMM_USER : NVDIMM_MASTER);
532 } else if (i == OP_ERASE || i == OP_MASTER_ERASE) {
533 dev_dbg(dev, "%s %u\n", ops[i].name, key);
534 if (atomic_read(&nvdimm->busy)) {
535 dev_dbg(dev, "Unable to secure erase while DIMM active.\n");
536 return -EBUSY;
537 }
538 rc = security_erase(nvdimm, key, i == OP_ERASE
539 ? NVDIMM_USER : NVDIMM_MASTER);
540 } else if (i == OP_OVERWRITE) {
541 dev_dbg(dev, "overwrite %u\n", key);
542 if (atomic_read(&nvdimm->busy)) {
543 dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
544 return -EBUSY;
545 }
546 rc = security_overwrite(nvdimm, key);
547 } else
548 return -EINVAL;
549
550 if (rc == 0)
551 rc = len;
552 return rc;
553 }