Received: by 10.213.65.68 with SMTP id h4csp1772925imn; Thu, 29 Mar 2018 10:43:57 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+pYGP6I2BMERc0kxFS7RgjDKNINSZRBfyyWO5oac0v+NKPjieQkKXwle7c/edtMSnZ9lX0 X-Received: by 2002:a17:902:aa98:: with SMTP id d24-v6mr2774989plr.220.1522345437688; Thu, 29 Mar 2018 10:43:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522345437; cv=none; d=google.com; s=arc-20160816; b=TQUWsYHjB8VpKDMPC3HKi8uQc/pOBdJYicAqqs6OB4rZw3OFhVG5PjPLOWQGSnH0Ox pu0afWvG0gmXHOvyYjE9lbeck6mEH8W6sCSzsMj9LI21xGKJQQ1jToRp+v+Z1WZYHyHQ iS8xlwRNFKdBnfx3Z4EqhOz05B68BTKAAR/lcyN5qUrbdYgRHA9FiY3yU8g4Pmmjwjea bLeozhDqubjA1qNf20qf0Cw9fBwMzPYLEriXvujSCZVQ36S62Q503AbiRUw4eSERk/ol VHaxU9xX+8/x2Bpzk2qMy9AGOpX1EmZmMWAQxcgqNwRjP7CyKFtqnSLANFhKtyAEXOGd Bn2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=zvLmWzTb+L+ADBjWi9ucUEcVFtZoRYKTBJvsP2eXwEY=; b=OylowtHv6UNLImS9viGTAHjLHXivRe7ZIv8cofjNS+hnA0q0WvcLS9KMKCiBdntdcE IVmNa+UnSUYDi8iglhG/RZ/2BYcx3jYm+qK1ISdcXSXgUVT93LZkc9S8NQXOwF7WV6j3 YXf36bFlslazh3R4DdN3HQ713SbuC5/IdGIMd1Sb6Dp5i+9BCO2aShpQxhUIBi8lNHnA tVDY+KWe/IHDB/3p9gGbDLZ9dq2UcmL5B4Je31Ku/TrhUN6ALkFMUoUErzn358IHm2Ih FiiOmM3qql/kWv5zcBvmmciyTtlwtde+5SeffQscIlKkQxK5+4KN1JA5gfakST2oBtFk 9Byw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l15si4295036pgn.826.2018.03.29.10.43.43; Thu, 29 Mar 2018 10:43:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752131AbeC2Rme (ORCPT + 99 others); Thu, 29 Mar 2018 13:42:34 -0400 Received: from mga01.intel.com ([192.55.52.88]:40704 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751193AbeC2Rmc (ORCPT ); Thu, 29 Mar 2018 13:42:32 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Mar 2018 10:42:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,378,1517904000"; d="scan'208";a="32540944" Received: from sbauer-z170x-ud5.lm.intel.com (HELO sbauer-Z170X-UD5) ([10.232.112.135]) by fmsmga002.fm.intel.com with ESMTP; 29 Mar 2018 10:42:31 -0700 Date: Thu, 29 Mar 2018 11:16:42 -0600 From: Scott Bauer To: Jonas Rabenstein Cc: Christoph Hellwig , Jonathan Derrick , Jens Axboe , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 08/11] block: sed-opal: ioctl for writing to shadow mbr Message-ID: <20180329171641.5cgnpldzq7j3ndhp@sbauer-Z170X-UD5> References: <9f94be9c32887aacdcba75bd6a3902d0350eb987.1521482296.git.jonas.rabenstein@studium.uni-erlangen.de> <20180319195224.GA3380@lst.de> <20180320093604.qge2sdnc5jrud6kg@studium.uni-erlangen.de> <20180320220907.zdzf7baag6haaonm@sbauer-Z170X-UD5> <20180321014321.xlkcyvcyr6j3usix@studium.uni-erlangen.de> <20180329173002.5mmhnl4urj4wovyo@studium.uni-erlangen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180329173002.5mmhnl4urj4wovyo@studium.uni-erlangen.de> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 29, 2018 at 07:30:02PM +0200, Jonas Rabenstein wrote: > Hi, > On Wed, Mar 21, 2018 at 02:43:21AM +0100, Jonas Rabenstein wrote: > > On Tue, Mar 20, 2018 at 04:09:08PM -0600, Scott Bauer wrote: > > > On Tue, Mar 20, 2018 at 10:36:04AM +0100, Jonas Rabenstein wrote: > > > > On Mon, Mar 19, 2018 at 08:52:24PM +0100, Christoph Hellwig wrote: > > > > > On Mon, Mar 19, 2018 at 07:36:50PM +0100, Jonas Rabenstein wrote: > > > > > I hate doing this as an ioctls. Can we make this a sysfs binary file > > > > > so that people can use dd or cat to write the shadow mbr? > > > > I already thought about providing a sysfs interface for all that instead > > > > of using ioctls. But as I am pretty new to kernel programming I do not > > > > have all the required insight. Especially, as writing the mbr requires > > > > the sed-opal password I am unsure how a clean sysfs interface to provide > > > > the password together with a simple dd would look like. > Just wanted to ask, how to proceed with those patches/what I should do. > Using sysfs instead of an ioctl is probably easier to use from userspace > _if_ there is a good way to provide the password - which I do not know > of :( > If nobody else could think of a solution, shall writes to the shadow mbr > remain unsupported? > > I'ld really appreciate feedback and possible solutions, > Jonas Yeah, having to autheticate to write the MBR is a real bummer. Theoretically you could dd a the pw struct + the shador MBR into sysfs. But that's a pretty disgusting hack just to use sysfs. The other method I thought of was to authenticate via ioctl then write via sysfs. We already save the PW in-kernel for unlocks, so perhaps we can re-use the save-for-unlock to do shadow MBR writes via sysfs? Re-using an already exposed ioctl for another purpose seems somewhat dangerous? In the sense that what if the user wants to write the smbr but doesn't want to unlock on suspends, or does not want their PW hanging around in the kernel. Overall I think the ioctl is still the best path forward due to the authentication problem. But am still willing to hear others opinions if they do have an idea. I can say yes to the Ioctl, but we really need Jens and Christophs Okay on it. I have some free time tomorrow to work on this, so let me goof with it tomorrow and over the weekend and I'll see if there is a sane way to get sysfs to work.