On Thu, 01 Dec 2022 14:03:30 -0800 Dan Williams <[email protected]> wrote:
> Preclude the possibility of user tooling sending device secrets in the > clear into the kernel by marking the security commands as exclusive. > This mandates the usage of the keyctl ABI for managing the device > passphrase. > > Signed-off-by: Dan Williams <[email protected]> Seems reasonable. Reviewed-by: Jonathan Cameron <[email protected]> > --- > drivers/cxl/core/mbox.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c > index 8747db329087..35dd889f1d3a 100644 > --- a/drivers/cxl/core/mbox.c > +++ b/drivers/cxl/core/mbox.c > @@ -704,6 +704,16 @@ int cxl_enumerate_cmds(struct cxl_dev_state *cxlds) > rc = 0; > } > > + /* > + * Setup permanently kernel exclusive commands, i.e. the > + * mechanism is driven through sysfs, keyctl, etc... > + */ > + set_bit(CXL_MEM_COMMAND_ID_SET_PASSPHRASE, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_DISABLE_PASSPHRASE, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_UNLOCK, cxlds->exclusive_cmds); > + set_bit(CXL_MEM_COMMAND_ID_PASSPHRASE_SECURE_ERASE, > + cxlds->exclusive_cmds); > + > out: > kvfree(gsl); > return rc; >
