Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp125154imu;
        Tue, 8 Jan 2019 16:03:40 -0800 (PST)
X-Google-Smtp-Source: ALg8bN6FDazOp5g5Mx9kOhZfqWL4afq51imygGXcYaU33JvF1bt6kcZvrzvbj5upFaaBNS4VxwRQ
X-Received: by 2002:a17:902:9887:: with SMTP id s7mr3727841plp.199.1546992219962;
        Tue, 08 Jan 2019 16:03:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1546992219; cv=none;
        d=google.com; s=arc-20160816;
        b=alm//MfOMNygaSyX4yKrAcSJPEAApJIBYneGt8zmhsy3T1joI12tVZLiRGESw7YvRV
         Zk5rjDdUNaFwljGxatlpXSkhM46HC2HTPxjVdmHjE5Ri5aXk7cc7CnIm/Zsu4zxlGVjb
         um9lNZ9hXx/s4EZnuCjP5EyDTtngta5+c4VEo+v8jbgRLpiRopSLK6xaxZ6iL0Ch2iCj
         qLt704Vs/wwEnG5kXPc8olWIpC9eCsd0RSf3rxs3HPTHif7st5CyET64fvuI7Kf2iRum
         RSqcDNUgqhWp3uzYGRo+9dX+BbF+6ostHRevt2TjL+6PhLQQKRMFDRx7INQjBJCOBVOo
         CSIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=HtCFKH6WaKZLZfxKQl817UpJfz065Vj+MgIv87PvbVg=;
        b=B1XvufNA3DdbvF032G1IB2TQvHkUUlzksoMW3z4b7KWD1uHphb6D6EvHoSgyBR6+Mf
         2KgbkJTjXwz5M4bbgfqWnvXsOPPgA38d7cm+5JFiBqrXM7FJvk3N6nHkx+yBXfywHrss
         H2OBKSMT4QF2Ff56P+YI//KdBrau06kReqNYDdP9ZB41ERw6IxyVhYGaM4IXhz0r+gjh
         Szqt18rhQ2CgzS2BGupXii9nEwS0abutf+D8M2tgxspN1/NIi4SvAn847K/uXAEBO5Ut
         gDG0Se3uiHrO1t8FRh1wPEITvZXCbl93L7ubbM53jXhR68itDt/oNPEUDENhoJVHy7Qe
         lt7Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=DJEWjO52;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i5si7230176pgn.243.2019.01.08.16.03.24;
        Tue, 08 Jan 2019 16:03:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=DJEWjO52;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729386AbfAIACS (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Tue, 8 Jan 2019 19:02:18 -0500
Received: from mail-oi1-f195.google.com ([209.85.167.195]:42679 "EHLO
        mail-oi1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728112AbfAIACR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 8 Jan 2019 19:02:17 -0500
Received: by mail-oi1-f195.google.com with SMTP id w13so4864316oiw.9
        for <linux-kernel@vger.kernel.org>; Tue, 08 Jan 2019 16:02:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=intel-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=HtCFKH6WaKZLZfxKQl817UpJfz065Vj+MgIv87PvbVg=;
        b=DJEWjO52Er7uAWcq5f9yaZGdclO5Coe/lpVRairTZyU8b58uNnjVA+bjFmNSVtOCiX
         dkDFvjSXa4q6aJsP198azW1ZT84oU7RH8lEhO/2S54zJHSB0W0YKmAm+GN8wjbVbWwFS
         W0pjsplZPZkCPUYRbKgC084WjvEIaaRUVtkAtVZFUCVKYBFr1WcBNk6eHu5U+/0O4kMo
         ry7Ja2dwnUEfnVyzh6RnZ9Em9pSav+8RkKuXtEQRuS/yjvvFlovN+O2YgC3acrk0KAH0
         V1RoySpjUbgdHjmp0tSVhErOs3y/l6Dbg8BRlFS3xqCWHG9vDRw3UCzAZDUncxWm13La
         x60A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=HtCFKH6WaKZLZfxKQl817UpJfz065Vj+MgIv87PvbVg=;
        b=jSFzmodc/rmXcXpMGreft3i+JR+cpqWkQqHNL7A0UJjvDhHZdhmwz/d5oIZYdJEWmz
         eeZro8yPuk7mcrfNyy8BAdo4a/+PKPppAdo5d0wp6IRKojnyhZGbu2mWSE/fY8Tee2Jn
         esiZlGpw3B3BLZC9u0KB2qMLEK96bd/6NiRBXC44Ios+nkrjsaaitH/H1k9gbydm240g
         wdCxLA574wfA2xPXgtCBCnhdkjdK0lrw73YYKT31jY1CehivfbfLK+PDzGpVKP6hsSwJ
         7pdEo3mXlE0nF0k2nD0bXjpQA7H0J+2D6+BqgyhJJdtb57BskVv0gFX6PLGhdVurOOby
         NoYQ==
X-Gm-Message-State: AJcUukdMfoFYuEeh2wV+eo75APB81WYgOYYhxBkTXltwmw76duuW4e+Z
        4kc7PKBB8wIF0qXoVzUDfOMUhQL9rkiuSYEbM/k+/w==
X-Received: by 2002:aca:d905:: with SMTP id q5mr2558283oig.0.1546992136616;
 Tue, 08 Jan 2019 16:02:16 -0800 (PST)
MIME-Version: 1.0
References: <CAGXu5jKUP9o-ZgW5Wa5-9DHeQNZ5VA3cLBCJ0P7AVkTQ5tqHtQ@mail.gmail.com>
 <CAPcyv4iZZEM3D8vta_sge7a4iMgPZ5a1AnunXa4DKUaWauZk1g@mail.gmail.com>
 <CAGXu5j+z_yRPgE0HO=Sjo_VwwDDPJ+VLxbxwKgbb2cUAB5jmwg@mail.gmail.com>
 <CAPcyv4jhFGMzBrWHS_9q0Fe2MersRXz31VG3H2dJfujx1CJGhQ@mail.gmail.com> <CAGXu5jKrhvUduv_XUYF94YM=bBfPGNkPrZ_EkvRKB0pDY_6uOw@mail.gmail.com>
In-Reply-To: <CAGXu5jKrhvUduv_XUYF94YM=bBfPGNkPrZ_EkvRKB0pDY_6uOw@mail.gmail.com>
From:   Dan Williams <dan.j.williams@intel.com>
Date:   Tue, 8 Jan 2019 16:02:05 -0800
Message-ID: <CAPcyv4jQ1Og_mEVjb77xdM263MugzK7_yrR_zi498JFrOrhSrg@mail.gmail.com>
Subject: Re: nvdimm crash at boot
To:     Kees Cook <keescook@chromium.org>
Cc:     Dave Jiang <dave.jiang@intel.com>,
        linux-nvdimm <linux-nvdimm@lists.01.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 8, 2019 at 3:55 PM Kees Cook <keescook@chromium.org> wrote:
>
> On Tue, Jan 8, 2019 at 3:54 PM Dan Williams <dan.j.williams@intel.com> wrote:
> >
> > On Tue, Jan 8, 2019 at 3:34 PM Kees Cook <keescook@chromium.org> wrote:
> > >
> > > On Tue, Jan 8, 2019 at 3:28 PM Dan Williams <dan.j.williams@intel.com> wrote:
> > > > Ah, thanks for the report! The key difference is that you don't define
> > > > a "label area", so the driver bails out early and never initializes
> > > > the security state.
> > > >
> > > > This should fix it up.
> > > >
> > > > diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
> > > > index 4890310df874..636cdb06ee17 100644
> > > > --- a/drivers/nvdimm/dimm_devs.c
> > > > +++ b/drivers/nvdimm/dimm_devs.c
> > > > @@ -514,7 +514,7 @@ static umode_t nvdimm_visible(struct kobject
> > > > *kobj, struct attribute *a, int n)
> > > >
> > > >         if (a != &dev_attr_security.attr)
> > > >                 return a->mode;
> > > > -       if (nvdimm->sec.state < 0)
> > > > +       if (!nvdimm->sec.ops || nvdimm->sec.state < 0)
> > > >                 return 0;
> > > >         /* Are there any state mutation ops? */
> > > >         if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable
> > >
> > > Okay, cool. I wasn't sure if that test needed a deeper check. :)
> > >
> > > Fixes: 37833fb7989a9 ("acpi/nfit, libnvdimm: Add freeze security
> > > support to Intel nvdimm")
> > > Tested-by: Kees Cook <keescook@chromium.org>
> > >
> >
> > Actually, looking closer this should have been avoided by the fact
> > that __nvdimm_create() initializes the security state early and that
> > nvdimm->sec.state should have saved us.
> >
> > I'll dig a bit deeper with your qemu config.
>
> Maybe something goes weird with pstore stealing the region?

No, pstore is off the hook. I was just able to reproduce locally and
I'm not doing anything with pstore.