summaryrefslogtreecommitdiffstats
path: root/drivers/nvdimm/security.c
diff options
context:
space:
mode:
authorDave Jiang <dave.jiang@intel.com>2022-11-30 20:23:07 +0100
committerDan Williams <dan.j.williams@intel.com>2022-12-01 21:42:35 +0100
commit15a8348707ffd2a37516db9bede88cc0bb467e0b (patch)
tree5c442b67c66518f03d389316b09c5f3090a336e8 /drivers/nvdimm/security.c
parentcxl/pmem: add provider name to cxl pmem dimm attribute group (diff)
downloadlinux-15a8348707ffd2a37516db9bede88cc0bb467e0b.tar.xz
linux-15a8348707ffd2a37516db9bede88cc0bb467e0b.zip
libnvdimm: Introduce CONFIG_NVDIMM_SECURITY_TEST flag
nfit_test overrode the security_show() sysfs attribute function in nvdimm dimm_devs in order to allow testing of security unlock. With the introduction of CXL security commands, the trick to override security_show() becomes significantly more complicated. By introdcing a security flag CONFIG_NVDIMM_SECURITY_TEST, libnvdimm can just toggle the check via a compile option. In addition the original override can can be removed from tools/testing/nvdimm/. The flag will also be used to bypass cpu_cache_invalidate_memregion() when set in a different commit. This allows testing on QEMU with nfit_test or cxl_test since cpu_cache_has_invalidate_memregion() checks whether X86_FEATURE_HYPERVISOR cpu feature flag is set on x86. Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Signed-off-by: Dave Jiang <dave.jiang@intel.com> Link: https://lore.kernel.org/r/166983618758.2734609.18031639517065867138.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/nvdimm/security.c')
-rw-r--r--drivers/nvdimm/security.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 92af4c3ca0d3..6814339b3dab 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -177,6 +177,10 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
|| !nvdimm->sec.flags)
return -EIO;
+ /* cxl_test needs this to pre-populate the security state */
+ if (IS_ENABLED(CONFIG_NVDIMM_SECURITY_TEST))
+ nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
+
/* No need to go further if security is disabled */
if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
return 0;