Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp156910imu; Tue, 8 Jan 2019 16:49:22 -0800 (PST) X-Google-Smtp-Source: ALg8bN68gdx9lpOFZhwSOcRW8UY7Dd1tUN6swTM/fBoZZgTqXKPk4Dod+QB28p2wfSQw0FOdR+8x X-Received: by 2002:a17:902:8e8a:: with SMTP id bg10mr3987691plb.192.1546994962030; Tue, 08 Jan 2019 16:49:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546994962; cv=none; d=google.com; s=arc-20160816; b=xbvEkKDjCzgAa9f1whuUK+WAuc2qWRbcoX30KkFr5rmvvFtTyFeS4cZ8vmb+PnFCXR X1+wgnw6JG23/BIgVn3g77HOlmgZ5+03WoVubQTZ5pB2ApMITjhP+D/+olLBgAECU47e 4GpJQfSJJm9qx1DT9+Wb8jfxwbYrfxTPKJTAZkXgb+b1GwIiR8xMkr6AMFkxVCR2dbT3 7H33/bHcLQuMKK4250pndRbpNybJuIP+c9CekxWu/YF9alAeON7NIbCFYAqK+V/Kej8r vOLT8hx8m5EwKlkybpf77At9zHoSSqXM6hZLALybKsDFq3Ab3T01CEbnotN1CUpjyqWd 7QvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=HtTT53Z4RiPetJJelUtKNLzl3kIY5mvjgwGyfEY6q5g=; b=KFMDZhm+hdNFS0OrVICdZ+Qct4mpCs4TQO6iK4KvFTqKMfYJ5wZ2+nnKyBX45ffHDg ac48eSmajGzzF2YtcYMu2idSHoozKyjO6BaAjlDmxRlKRwblhHVlhIWVr2+fn2zhjCOC BY+xylurnY7YJ8NmfhuvsWfSaQHgGrCkYF6xbHiAeNg5pZgqeMjAtMknVuBvYZKKUrlH Y5FtLCY48wwVmRKjFB+wURxL2LfY1MtvET1IaC5VbkrEbq9QuOKjdivL8qYLOIEOVugv yExRLoW+TmnLW0AWO2gRnj6XQpKJaBFN5dXmeuP2vFWUbhKSG21oesR8vnXEPAMwqq9N f16Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b="Bqd/XiwS"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y188si5826259pfb.59.2019.01.08.16.49.06; Tue, 08 Jan 2019 16:49:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b="Bqd/XiwS"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729182AbfAIAqa (ORCPT + 99 others); Tue, 8 Jan 2019 19:46:30 -0500 Received: from mail-ot1-f66.google.com ([209.85.210.66]:45060 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728469AbfAIAqa (ORCPT ); Tue, 8 Jan 2019 19:46:30 -0500 Received: by mail-ot1-f66.google.com with SMTP id 32so5222654ota.12 for ; Tue, 08 Jan 2019 16:46:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HtTT53Z4RiPetJJelUtKNLzl3kIY5mvjgwGyfEY6q5g=; b=Bqd/XiwS8IopsT72fnCioVA0Rp3sH0NgGHI/dN3V9z1ndmqCf1/O1XBz2RgqO5qfRE ubIdjusVLpk/GPngxp/C7U2zWGovfEVb45Z3Vzg5AUrW1nKL1sheyTFzamADI9VQaMw8 gqlGRVINM0fuw9N6PeOZ6Mnp3CbQjA77xsyNGklpehXSYxS625aRGHXxnqUSxfv3xCaO fyZc3BRGydKPjPJ0ZwQL0fDhkl4Ty9ej6WV9m0zevBRHjn8h1K43Em2CMMmJtdZ9EOB/ OTdBgVBKXWinmtGPdv4g4mCBo3oVRXgY2ovWaCkY9Cc5Z67mw9GbYjkMIsCWOqaqUj7d yZ3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HtTT53Z4RiPetJJelUtKNLzl3kIY5mvjgwGyfEY6q5g=; b=IVWBHurGAN2QqbkNulqTYO8i9F39GnvCa1fUr3QIeZozJ8mPVgR9FnzAfcIAPqkXtp mGHohpcxHItpSUPRGSw89Is+m7SJqaiD8fkBSYf+scu5/9eXNgixYEES4650hiHqa6jn 2AltTWSNqz8TlWWOASJP0GdPmreizEIm4vvzGxKZB/XXo2BvPu3LYFwK0aO/+Ytyo6vs G/O1JckTokxWIQZGX98Cb6ITe7+cP7jpW02Clx6RccS33/MYUP8ogJcrs6VY/LmIWb8R pZnMp3JqgVS9Ry0N8HURuie18ywerD3Vjfq6hXpU7Ntd5VCpa+y3bTvGURJrdtE8sygM AQ5Q== X-Gm-Message-State: AJcUukcOjH6cyfNYd9fwPsBYLlrhX/+Gm/mfA925Iwco8Wi5qi5HWMF9 E5o7yl9TNcZ2so6v9ZKhTeJR3B4vRmSoNdr4mo+Orw== X-Received: by 2002:a9d:5cc2:: with SMTP id r2mr2645637oti.367.1546994789198; Tue, 08 Jan 2019 16:46:29 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Dan Williams Date: Tue, 8 Jan 2019 16:46:17 -0800 Message-ID: Subject: Re: nvdimm crash at boot To: Kees Cook Cc: Dave Jiang , linux-nvdimm , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 8, 2019 at 4:02 PM Dan Williams wrote: > > On Tue, Jan 8, 2019 at 3:55 PM Kees Cook wrote: > > > > On Tue, Jan 8, 2019 at 3:54 PM Dan Williams wrote: > > > > > > On Tue, Jan 8, 2019 at 3:34 PM Kees Cook wrote: > > > > > > > > On Tue, Jan 8, 2019 at 3:28 PM Dan Williams wrote: > > > > > Ah, thanks for the report! The key difference is that you don't define > > > > > a "label area", so the driver bails out early and never initializes > > > > > the security state. > > > > > > > > > > This should fix it up. > > > > > > > > > > diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c > > > > > index 4890310df874..636cdb06ee17 100644 > > > > > --- a/drivers/nvdimm/dimm_devs.c > > > > > +++ b/drivers/nvdimm/dimm_devs.c > > > > > @@ -514,7 +514,7 @@ static umode_t nvdimm_visible(struct kobject > > > > > *kobj, struct attribute *a, int n) > > > > > > > > > > if (a != &dev_attr_security.attr) > > > > > return a->mode; > > > > > - if (nvdimm->sec.state < 0) > > > > > + if (!nvdimm->sec.ops || nvdimm->sec.state < 0) > > > > > return 0; > > > > > /* Are there any state mutation ops? */ > > > > > if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable > > > > > > > > Okay, cool. I wasn't sure if that test needed a deeper check. :) > > > > > > > > Fixes: 37833fb7989a9 ("acpi/nfit, libnvdimm: Add freeze security > > > > support to Intel nvdimm") > > > > Tested-by: Kees Cook > > > > > > > > > > Actually, looking closer this should have been avoided by the fact > > > that __nvdimm_create() initializes the security state early and that > > > nvdimm->sec.state should have saved us. > > > > > > I'll dig a bit deeper with your qemu config. > > > > Maybe something goes weird with pstore stealing the region? > > No, pstore is off the hook. I was just able to reproduce locally and > I'm not doing anything with pstore. Huh, this fixes it: diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h index 5440f11b0907..7315977b64da 100644 --- a/include/linux/libnvdimm.h +++ b/include/linux/libnvdimm.h @@ -160,6 +160,7 @@ static inline struct nd_blk_region_desc *to_blk_region_desc( } enum nvdimm_security_state { + NVDIMM_SECURITY_ERROR = -1, NVDIMM_SECURITY_DISABLED, NVDIMM_SECURITY_UNLOCKED, NVDIMM_SECURITY_LOCKED, Apparently I was wrong to think an enum was a signed int without actually making a signed value a possibility. I would have a expected the compiler to give me a "statement has no effect" for testing for a negative value against an effectively unsigned quantity.