[ndctl PATCH v2] ndctl: enable 'travis-ci'
by Vishal Verma
Add a .travis.yml config to enable Travis CI.
Also add the Travis CI status 'badge' to README.md
For now, this only does a compile test. It can be built upon in the
future to do more runtime testing. Since the travis environment uses
Ubuntu, this is useful regardless, as it will immediately catch any
build failures in an Ubuntu environment.
Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com>
---
v2: Fix the 'badge' to point to the pmem/ndctl repo instead of a
personal one used for testing.
.travis.yml | 23 +++++++++++++++++++++++
README.md | 2 ++
2 files changed, 25 insertions(+)
create mode 100644 .travis.yml
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..eb0c665
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,23 @@
+dist: xenial
+language: c
+sudo: required
+ccache: ccache
+
+git:
+ depth: 5
+ quiet: true
+
+before_install:
+ - sudo apt-get update -qq
+ - sudo apt-get install -qq --no-install-recommends -y systemd dh-systemd libkmod2 libkmod-dev libudev1 libudev-dev keyutils libkeyutils-dev libjson-c-dev libuuid1 asciidoctor jq kmod dracut build-essential git-core libelf-dev asciidoc binutils-dev
+ - sudo apt-get build-dep linux-image-$(uname -r)
+
+install:
+ - ./autogen.sh
+ - ./configure CFLAGS='-g -O2' --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib
+ - make -j$(nproc --all)
+ - sudo make install
+
+jobs:
+ include:
+ script: true
diff --git a/README.md b/README.md
index 7c420d5..690d152 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
# ndctl
+[](https://trav...
+
Utility library for managing the libnvdimm (non-volatile memory device)
sub-system in the Linux kernel
--
2.20.1
1 year, 9 months
[ndctl PATCH] ndctl: enable 'travis-ci'
by Vishal Verma
Add a .travis.yml config to enable Travis CI.
Also add the Travis CI status 'badge' to README.md
For now, this only does a compile test. It can be built upon in the
future to do more runtime testing. Since the travis environment uses
Ubuntu, this is useful regardless, as it will immediately catch any
build failures in an Ubuntu environment.
Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com>
---
.travis.yml | 23 +++++++++++++++++++++++
README.md | 2 ++
2 files changed, 25 insertions(+)
create mode 100644 .travis.yml
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..eb0c665
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,23 @@
+dist: xenial
+language: c
+sudo: required
+ccache: ccache
+
+git:
+ depth: 5
+ quiet: true
+
+before_install:
+ - sudo apt-get update -qq
+ - sudo apt-get install -qq --no-install-recommends -y systemd dh-systemd libkmod2 libkmod-dev libudev1 libudev-dev keyutils libkeyutils-dev libjson-c-dev libuuid1 asciidoctor jq kmod dracut build-essential git-core libelf-dev asciidoc binutils-dev
+ - sudo apt-get build-dep linux-image-$(uname -r)
+
+install:
+ - ./autogen.sh
+ - ./configure CFLAGS='-g -O2' --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib
+ - make -j$(nproc --all)
+ - sudo make install
+
+jobs:
+ include:
+ script: true
diff --git a/README.md b/README.md
index 7c420d5..d2fe874 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
# ndctl
+[](htt...
+
Utility library for managing the libnvdimm (non-volatile memory device)
sub-system in the Linux kernel
--
2.20.1
1 year, 9 months
[PATCH v5 1/2] libnvdimm/security: provide fix for secure-erase to use zero-key
by Dave Jiang
Add a zero key in order to standardize hardware that want a key of 0's to
be passed. Some platforms defaults to a zero-key with security enabled
rather than allow the OS to enable the security. The zero key would allow
us to manage those platform as well. This also adds a fix to secure erase
so it can use the zero key to do crypto erase. Some other security commands
already use zero keys. This introduces a standard zero-key to allow
unification of semantics cross nvdimm security commands.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
v5:
- Updated commit message and header. (Dan)
v4: No change
v3:
- Add note in commit header about syncing zero key usage. (Dan)
v2:
- Make patch header explicitly zero key (Dan)
- Declare global static zero key (Dan)
- Make nfit_test explicitly test zero key (Dan)
drivers/nvdimm/security.c | 17 ++++++++++++-----
tools/testing/nvdimm/test/nfit.c | 11 +++++++++--
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index f8bb746a549f..6bea6852bf27 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -22,6 +22,8 @@ static bool key_revalidate = true;
module_param(key_revalidate, bool, 0444);
MODULE_PARM_DESC(key_revalidate, "Require key validation at init.");
+static const char zero_key[NVDIMM_PASSPHRASE_LEN];
+
static void *key_data(struct key *key)
{
struct encrypted_key_payload *epayload = dereference_key_locked(key);
@@ -286,8 +288,9 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
{
struct device *dev = &nvdimm->dev;
struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
- struct key *key;
+ struct key *key = NULL;
int rc;
+ const void *data;
/* The bus lock should be held at the top level of the call stack */
lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
@@ -319,11 +322,15 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
return -EOPNOTSUPP;
}
- key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY);
- if (!key)
- return -ENOKEY;
+ if (keyid != 0) {
+ key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY);
+ if (!key)
+ return -ENOKEY;
+ data = key_data(key);
+ } else
+ data = zero_key;
- rc = nvdimm->sec.ops->erase(nvdimm, key_data(key), pass_type);
+ rc = nvdimm->sec.ops->erase(nvdimm, data, pass_type);
dev_dbg(dev, "key: %d erase%s: %s\n", key_serial(key),
pass_type == NVDIMM_MASTER ? "(master)" : "(user)",
rc == 0 ? "success" : "fail");
diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c
index b579f962451d..cad719876ef4 100644
--- a/tools/testing/nvdimm/test/nfit.c
+++ b/tools/testing/nvdimm/test/nfit.c
@@ -225,6 +225,8 @@ static struct workqueue_struct *nfit_wq;
static struct gen_pool *nfit_pool;
+static const char zero_key[NVDIMM_PASSPHRASE_LEN];
+
static struct nfit_test *to_nfit_test(struct device *dev)
{
struct platform_device *pdev = to_platform_device(dev);
@@ -1059,8 +1061,7 @@ static int nd_intel_test_cmd_secure_erase(struct nfit_test *t,
struct device *dev = &t->pdev.dev;
struct nfit_test_sec *sec = &dimm_sec_info[dimm];
- if (!(sec->state & ND_INTEL_SEC_STATE_ENABLED) ||
- (sec->state & ND_INTEL_SEC_STATE_FROZEN)) {
+ if (sec->state & ND_INTEL_SEC_STATE_FROZEN) {
nd_cmd->status = ND_INTEL_STATUS_INVALID_STATE;
dev_dbg(dev, "secure erase: wrong security state\n");
} else if (memcmp(nd_cmd->passphrase, sec->passphrase,
@@ -1068,6 +1069,12 @@ static int nd_intel_test_cmd_secure_erase(struct nfit_test *t,
nd_cmd->status = ND_INTEL_STATUS_INVALID_PASS;
dev_dbg(dev, "secure erase: wrong passphrase\n");
} else {
+ if (!(sec->state & ND_INTEL_SEC_STATE_ENABLED)
+ && (memcmp(nd_cmd->passphrase, zero_key,
+ ND_INTEL_PASSPHRASE_SIZE) != 0)) {
+ dev_dbg(dev, "invalid zero key\n");
+ return 0;
+ }
memset(sec->passphrase, 0, ND_INTEL_PASSPHRASE_SIZE);
memset(sec->master_passphrase, 0, ND_INTEL_PASSPHRASE_SIZE);
sec->state = 0;
1 year, 9 months
[PATCH AUTOSEL 5.0 061/262] mm/resource: Return real error codes from walk failures
by Sasha Levin
From: Dave Hansen <dave.hansen(a)linux.intel.com>
[ Upstream commit 5cd401ace914dc68556c6d2fcae0c349444d5f86 ]
walk_system_ram_range() can return an error code either becuase
*it* failed, or because the 'func' that it calls returned an
error. The memory hotplug does the following:
ret = walk_system_ram_range(..., func);
if (ret)
return ret;
and 'ret' makes it out to userspace, eventually. The problem
s, walk_system_ram_range() failues that result from *it* failing
(as opposed to 'func') return -1. That leads to a very odd
-EPERM (-1) return code out to userspace.
Make walk_system_ram_range() return -EINVAL for internal
failures to keep userspace less confused.
This return code is compatible with all the callers that I
audited.
Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Reviewed-by: Bjorn Helgaas <bhelgaas(a)google.com>
Acked-by: Michael Ellerman <mpe(a)ellerman.id.au> (powerpc)
Cc: Dan Williams <dan.j.williams(a)intel.com>
Cc: Dave Jiang <dave.jiang(a)intel.com>
Cc: Ross Zwisler <zwisler(a)kernel.org>
Cc: Vishal Verma <vishal.l.verma(a)intel.com>
Cc: Tom Lendacky <thomas.lendacky(a)amd.com>
Cc: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: linux-nvdimm(a)lists.01.org
Cc: linux-kernel(a)vger.kernel.org
Cc: linux-mm(a)kvack.org
Cc: Huang Ying <ying.huang(a)intel.com>
Cc: Fengguang Wu <fengguang.wu(a)intel.com>
Cc: Borislav Petkov <bp(a)suse.de>
Cc: Yaowei Bai <baiyaowei(a)cmss.chinamobile.com>
Cc: Takashi Iwai <tiwai(a)suse.de>
Cc: Jerome Glisse <jglisse(a)redhat.com>
Cc: Benjamin Herrenschmidt <benh(a)kernel.crashing.org>
Cc: Paul Mackerras <paulus(a)samba.org>
Cc: linuxppc-dev(a)lists.ozlabs.org
Cc: Keith Busch <keith.busch(a)intel.com>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
kernel/resource.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/resource.c b/kernel/resource.c
index 915c02e8e5dd..ca7ed5158cff 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -382,7 +382,7 @@ static int __walk_iomem_res_desc(resource_size_t start, resource_size_t end,
int (*func)(struct resource *, void *))
{
struct resource res;
- int ret = -1;
+ int ret = -EINVAL;
while (start < end &&
!find_next_iomem_res(start, end, flags, desc, first_lvl, &res)) {
@@ -462,7 +462,7 @@ int walk_system_ram_range(unsigned long start_pfn, unsigned long nr_pages,
unsigned long flags;
struct resource res;
unsigned long pfn, end_pfn;
- int ret = -1;
+ int ret = -EINVAL;
start = (u64) start_pfn << PAGE_SHIFT;
end = ((u64)(start_pfn + nr_pages) << PAGE_SHIFT) - 1;
--
2.19.1
1 year, 9 months
[PATCH 1/2] ndctl: add warning about overwrite taking a long time
by Dave Jiang
Add warning note in man page that overwrite may take a long time to
execute.
Suggested-by: Robert Elliot <elliott(a)hpe.com>
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
Documentation/ndctl/ndctl-sanitize-dimm.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index 797820dd..ebf4b995 100644
--- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
+++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
@@ -49,7 +49,8 @@ include::xable-dimm-options.txt[]
Wipe the entire DIMM, including label data. This can take significant
time, and the command is non-blocking. With this option, the overwrite
request is merely submitted to the NVDIMM, and the completion is
- asynchronous.
+ asynchronous. Depending on the medium and capacity, overwrite may take
+ tens of minutes to many hours.
-m::
--master_passphrase::
1 year, 9 months
[ndctl PATCH v3 0/5] Add the support for Hyper-V virtual NVDIMM
by Dexuan Cui
Hi all,
I polished the first 2 patches following Vishal and Dan's comments.
And, I dropped this v2 patch:
[ndctl,v2,3/4] ndctl, lib: implement ndctl_dimm_get_cmd_family()
and re-implemented the support for "ndctl monitor" for Hyper-V by following
Vishal/Dan's suggestions. Thank you!
Please review the patchset.
Dexuan Cui (5):
libndctl: Implement the "smart_get_health" dimm-op for Hyper-V
libndctl: Implement the smart_get_shutdown_count dimm-op for Hyper-V
ndctl, monitor: Don't require the support of ND_CMD_SMART_THRESHOLD
libndctl: Add a new dimm-op cmd_is_supported()
libndctl: Implement the "cmd_is_supported" dimm-op for Hyper-V
ndctl/lib/Makefile.am | 1 +
ndctl/lib/hyperv.c | 183 ++++++++++++++++++++++++++++++++++++++++++
ndctl/lib/hyperv.h | 38 +++++++++
ndctl/lib/libndctl.c | 7 ++
ndctl/lib/private.h | 4 +
ndctl/monitor.c | 12 +--
ndctl/ndctl.h | 1 +
7 files changed, 238 insertions(+), 8 deletions(-)
create mode 100644 ndctl/lib/hyperv.c
create mode 100644 ndctl/lib/hyperv.h
--
2.19.1
1 year, 9 months
[PATCH v2] ndctl: add support to allow zero key for secure erase
by Dave Jiang
Providing a way for crypto-erase to pass in a key that is with 0's as
payload.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
v2:
- Make zero key option explicit with -z parameter. Otherwise we will look
for a key. (Dan)
Documentation/ndctl/ndctl-sanitize-dimm.txt | 4 ++++
ndctl/dimm.c | 16 +++++++++++++---
ndctl/util/keys.c | 12 +++++++-----
ndctl/util/keys.h | 1 +
4 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index 7f57a115..797820dd 100644
--- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
+++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
@@ -56,6 +56,10 @@ include::xable-dimm-options.txt[]
Indicate that we are using the master passphrase to perform the erase.
This only is applicable to the 'crypto-erase' option.
+-z::
+--zero-key::
+ Passing in a key with payload that is just 0's.
+
--verbose::
Emit debug messages.
diff --git a/ndctl/dimm.c b/ndctl/dimm.c
index cc0bec04..b2b09b6a 100644
--- a/ndctl/dimm.c
+++ b/ndctl/dimm.c
@@ -49,6 +49,7 @@ static struct parameters {
const char *kek;
bool crypto_erase;
bool overwrite;
+ bool zero_key;
bool master_pass;
bool force;
bool json;
@@ -904,6 +905,7 @@ static int action_sanitize_dimm(struct ndctl_dimm *dimm,
struct action_context *actx)
{
int rc;
+ enum ndctl_key_type key_type;
if (ndctl_dimm_get_security(dimm) < 0) {
error("%s: security operation not supported\n",
@@ -927,8 +929,14 @@ static int action_sanitize_dimm(struct ndctl_dimm *dimm,
}
if (param.crypto_erase) {
- rc = ndctl_dimm_secure_erase_key(dimm, param.master_pass ?
- ND_MASTER_KEY : ND_USER_KEY);
+ if (param.zero_key)
+ key_type = ND_ZERO_KEY;
+ else if (param.master_pass)
+ key_type = ND_MASTER_KEY;
+ else
+ key_type = ND_USER_KEY;
+
+ rc = ndctl_dimm_secure_erase_key(dimm, key_type);
if (rc < 0)
return rc;
}
@@ -1057,7 +1065,9 @@ OPT_STRING('k', "key-handle", ¶m.kek, "key-handle", \
OPT_BOOLEAN('c', "crypto-erase", ¶m.crypto_erase, \
"crypto erase a dimm"), \
OPT_BOOLEAN('o', "overwrite", ¶m.overwrite, \
- "overwrite a dimm")
+ "overwrite a dimm"), \
+OPT_BOOLEAN('z', "zero-key", ¶m.zero_key, \
+ "pass in a zero key")
#define MASTER_OPTIONS() \
OPT_BOOLEAN('m', "master-passphrase", ¶m.master_pass, \
diff --git a/ndctl/util/keys.c b/ndctl/util/keys.c
index c1f2e843..c091cc5c 100644
--- a/ndctl/util/keys.c
+++ b/ndctl/util/keys.c
@@ -612,17 +612,19 @@ int ndctl_dimm_remove_key(struct ndctl_dimm *dimm)
int ndctl_dimm_secure_erase_key(struct ndctl_dimm *dimm,
enum ndctl_key_type key_type)
{
- key_serial_t key;
+ key_serial_t key = 0;
int rc;
- key = check_dimm_key(dimm, true, key_type);
- if (key < 0)
- return key;
+ if (key_type != ND_ZERO_KEY) {
+ key = check_dimm_key(dimm, true, key_type);
+ if (key < 0)
+ return key;
+ }
if (key_type == ND_MASTER_KEY)
rc = run_key_op(dimm, key, ndctl_dimm_master_secure_erase,
"master crypto erase");
- else if (key_type == ND_USER_KEY)
+ else if (key_type == ND_USER_KEY || key_type == ND_ZERO_KEY)
rc = run_key_op(dimm, key, ndctl_dimm_secure_erase,
"crypto erase");
else
diff --git a/ndctl/util/keys.h b/ndctl/util/keys.h
index 30687a13..eab78d2f 100644
--- a/ndctl/util/keys.h
+++ b/ndctl/util/keys.h
@@ -9,6 +9,7 @@ enum ndctl_key_type {
ND_USER_OLD_KEY,
ND_MASTER_KEY,
ND_MASTER_OLD_KEY,
+ ND_ZERO_KEY,
};
#ifdef ENABLE_KEYUTILS
1 year, 9 months
企业采购成本控制与削减,我们有哪些策略、方法与技巧?
by 郑主任
-------- 转发邮件信息 --------
发件人:wg(a)fdb.org
发送日期:2019-3-27 11:07:38
收件人:linux-nvdimm(a)lists.01.org
~附~件~内~容~请~您~查~阅~
11:07:38
1 year, 9 months
[PATCH v4 1/2] libnvdimm/security: Support a zero-key for secure-erase
by Dave Jiang
Adding support to allow secure erase to happen when security state is not
enabled. Key data of 0's will be passed in.
Some other security commands already use zero keys. This is to unifiy
semantics cross commands with respect to using zero keys.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
v4: No change
v3:
- Add note in commit header about syncing zero key usage. (Dan)
v2:
- Make patch header explicitly zero key (Dan)
- Declare global static zero key (Dan)
- Make nfit_test explicitly test zero key (Dan)
drivers/nvdimm/security.c | 17 ++++++++++++-----
tools/testing/nvdimm/test/nfit.c | 11 +++++++++--
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index f8bb746a549f..6bea6852bf27 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -22,6 +22,8 @@ static bool key_revalidate = true;
module_param(key_revalidate, bool, 0444);
MODULE_PARM_DESC(key_revalidate, "Require key validation at init.");
+static const char zero_key[NVDIMM_PASSPHRASE_LEN];
+
static void *key_data(struct key *key)
{
struct encrypted_key_payload *epayload = dereference_key_locked(key);
@@ -286,8 +288,9 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
{
struct device *dev = &nvdimm->dev;
struct nvdimm_bus *nvdimm_bus = walk_to_nvdimm_bus(dev);
- struct key *key;
+ struct key *key = NULL;
int rc;
+ const void *data;
/* The bus lock should be held at the top level of the call stack */
lockdep_assert_held(&nvdimm_bus->reconfig_mutex);
@@ -319,11 +322,15 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
return -EOPNOTSUPP;
}
- key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY);
- if (!key)
- return -ENOKEY;
+ if (keyid != 0) {
+ key = nvdimm_lookup_user_key(nvdimm, keyid, NVDIMM_BASE_KEY);
+ if (!key)
+ return -ENOKEY;
+ data = key_data(key);
+ } else
+ data = zero_key;
- rc = nvdimm->sec.ops->erase(nvdimm, key_data(key), pass_type);
+ rc = nvdimm->sec.ops->erase(nvdimm, data, pass_type);
dev_dbg(dev, "key: %d erase%s: %s\n", key_serial(key),
pass_type == NVDIMM_MASTER ? "(master)" : "(user)",
rc == 0 ? "success" : "fail");
diff --git a/tools/testing/nvdimm/test/nfit.c b/tools/testing/nvdimm/test/nfit.c
index b579f962451d..cad719876ef4 100644
--- a/tools/testing/nvdimm/test/nfit.c
+++ b/tools/testing/nvdimm/test/nfit.c
@@ -225,6 +225,8 @@ static struct workqueue_struct *nfit_wq;
static struct gen_pool *nfit_pool;
+static const char zero_key[NVDIMM_PASSPHRASE_LEN];
+
static struct nfit_test *to_nfit_test(struct device *dev)
{
struct platform_device *pdev = to_platform_device(dev);
@@ -1059,8 +1061,7 @@ static int nd_intel_test_cmd_secure_erase(struct nfit_test *t,
struct device *dev = &t->pdev.dev;
struct nfit_test_sec *sec = &dimm_sec_info[dimm];
- if (!(sec->state & ND_INTEL_SEC_STATE_ENABLED) ||
- (sec->state & ND_INTEL_SEC_STATE_FROZEN)) {
+ if (sec->state & ND_INTEL_SEC_STATE_FROZEN) {
nd_cmd->status = ND_INTEL_STATUS_INVALID_STATE;
dev_dbg(dev, "secure erase: wrong security state\n");
} else if (memcmp(nd_cmd->passphrase, sec->passphrase,
@@ -1068,6 +1069,12 @@ static int nd_intel_test_cmd_secure_erase(struct nfit_test *t,
nd_cmd->status = ND_INTEL_STATUS_INVALID_PASS;
dev_dbg(dev, "secure erase: wrong passphrase\n");
} else {
+ if (!(sec->state & ND_INTEL_SEC_STATE_ENABLED)
+ && (memcmp(nd_cmd->passphrase, zero_key,
+ ND_INTEL_PASSPHRASE_SIZE) != 0)) {
+ dev_dbg(dev, "invalid zero key\n");
+ return 0;
+ }
memset(sec->passphrase, 0, ND_INTEL_PASSPHRASE_SIZE);
memset(sec->master_passphrase, 0, ND_INTEL_PASSPHRASE_SIZE);
sec->state = 0;
1 year, 9 months
[PATCH v4] nvdimm: btt_devs: fix a NULL pointer dereference
by Aditya Pakki
In case kmemdup fails, the fix releases resources and returns to
avoid the NULL pointer dereference.
Signed-off-by: Aditya Pakki <pakki001(a)umn.edu>
---
v3: Move kfree(nd_btt) to goto block.
v2: Replace incorrect kfree with ida_simple_remove, suggested by
Johannes Thumshirn
v1: Free nd_btt->id in case of failure and avoid double free, suggested
by Dan Williams
---
drivers/nvdimm/btt_devs.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/drivers/nvdimm/btt_devs.c b/drivers/nvdimm/btt_devs.c
index b72a303176c7..9486acc08402 100644
--- a/drivers/nvdimm/btt_devs.c
+++ b/drivers/nvdimm/btt_devs.c
@@ -198,14 +198,15 @@ static struct device *__nd_btt_create(struct nd_region *nd_region,
return NULL;
nd_btt->id = ida_simple_get(&nd_region->btt_ida, 0, 0, GFP_KERNEL);
- if (nd_btt->id < 0) {
- kfree(nd_btt);
- return NULL;
- }
+ if (nd_btt->id < 0)
+ goto out_nd_btt;
nd_btt->lbasize = lbasize;
- if (uuid)
+ if (uuid) {
uuid = kmemdup(uuid, 16, GFP_KERNEL);
+ if (!uuid)
+ goto out_put_id;
+ }
nd_btt->uuid = uuid;
dev = &nd_btt->dev;
dev_set_name(dev, "btt%d.%d", nd_region->id, nd_btt->id);
@@ -220,6 +221,13 @@ static struct device *__nd_btt_create(struct nd_region *nd_region,
return NULL;
}
return dev;
+
+out_put_id:
+ ida_simple_remove(&nd_region->btt_ida, nd_btt->id);
+
+out_nd_btt:
+ kfree(nd_btt);
+ return NULL;
}
struct device *nd_btt_create(struct nd_region *nd_region)
--
2.17.1
1 year, 9 months