Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1581450imu; Wed, 16 Jan 2019 23:17:40 -0800 (PST) X-Google-Smtp-Source: ALg8bN5dz1Fkz3Og/vO/R4gf1xPi0dGKLUiu+7osIMcFy7LCGhgR/NFv2h/L2j6QQhzSDAXEpmM5 X-Received: by 2002:a62:4181:: with SMTP id g1mr13850572pfd.45.1547709460882; Wed, 16 Jan 2019 23:17:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547709460; cv=none; d=google.com; s=arc-20160816; b=eU+BVrwFdKt44xZQ/sENJp/M3kcs6apeIYE1yREoShHXNYXKjBtPfWbUynTlxzxX6f Z7muVleRmVTvlsif9xReI81isXetZWoNjc/rn7xhChrwH/B+zeZS0mpd6dSO2WonSyU+ uc2/Ppkr2ft+oalpkiJfodvJ/goqb0470uyYbIUxcZGZagqr1Ita67EWsc5ThM5+x5U+ u4qBs1snvkcB/4Ia2F93KolTzfWHziTAz7hTbepsgv8Ru1V+OZu5EWsyWy0IXKaILOdD /SWA1EfHjXnxoIoyERkhD/FICE4HtsG3wnSJ+xTWzjLsiQmvT5aOcXyLI4SdHi5xOXhM GeyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=fqavfFFoBnTEqPaLDWGOznQU69q5cYmtpsNuznnDYpE=; b=G9ow+1jraEOJJAkFIIZ8MgZttD/9FT+bRkMdHE2dvB2BTzE0sBbCUSPAVNZf90cZmE rRZh4vYRdneCQAnc/ve2GKhDe8B2bB3LFj9AAuA2kYBWJgn9Hyz77FhhSVaZT+M6Th+d YTFhGkeOK/VPBou6p31McqkE7OnGYJzEkT/2NiacqJzFUpDQPBCQWVEsuFR7qaeI2Dya zt4iCQVnXYOc9OSDPscaUs2rAWETH0DXdhNJOQDa7YAyqrf9GDCJaDovANtw94PdMgNJ Ak6gxvIDLCZ6+bZr9hVfEOmdUGjxeUtLmLYR6yRKzlbJDVGQN5XTldcDYOr52Pcil5uP K0Vw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=JI+IUnQZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g8si1018251pli.50.2019.01.16.23.17.25; Wed, 16 Jan 2019 23:17:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=JI+IUnQZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729723AbfAPVYn (ORCPT + 99 others); Wed, 16 Jan 2019 16:24:43 -0500 Received: from mail-pf1-f194.google.com ([209.85.210.194]:37995 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729635AbfAPVYi (ORCPT ); Wed, 16 Jan 2019 16:24:38 -0500 Received: by mail-pf1-f194.google.com with SMTP id q1so3680315pfi.5 for ; Wed, 16 Jan 2019 13:24:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fqavfFFoBnTEqPaLDWGOznQU69q5cYmtpsNuznnDYpE=; b=JI+IUnQZKvI7ocgF3nbSpMNuXyCYGrTQJb37G0E2cgyDYZ+mzS3QMHa8UoXe4RMqtm 0P3fiuYxMRht56r4EYPG7JAJmCUgSoJ4r+5YgSCjC+UnMm5b5uqlRtM933oKBCWTOp4p Z5C0G4tLOu4+PnvaGFyl8sQ5AH+dz+rrMhXQ0vDJ/tZZ8+az6uTGOzBKg/9M8VOhMUS9 lMTqX053EdKm70CXRB8uVRZlSyn5W8z8oCDUPWn2LBuyGXVQr8aYUaw0HjC2CfPgmC9V kG7mG84Raq4oiFIlt5SeIrMwW1AOToQcCILbjyEymlA6OJP4EAqRYq9KQfHn4Olq6s2+ Oe2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fqavfFFoBnTEqPaLDWGOznQU69q5cYmtpsNuznnDYpE=; b=Tiea7pzi4rUbK+FTZBvcmE8Xop5NzbhgBAw8Kh23tz7FTxm4EIMXh7MYqqwYGRs49C Z4L3rhIHN2YSOnsH3666gAJDt7NA+vV3+qCvRAed4/pwkqA5RD97A3SnnIemckoOn+5A QdnKo+IibVN1bULIJT3FROfECCRomFHEXVy/PrJGau3MiQOgRTuMGODc1O64PgCqFw6g qMUcJxoHNH6bIMXnAUuX20luw/GXvCEGDpwGyST8qmOEU7M+y5tKVq6KPEK+OoG67RRW 3J43bIpeoSudrvjFa7G6R0oMNDssg8TrM7Smmcet5VAxCPdmvQWA6mptT4QqPefRNp6E tAxA== X-Gm-Message-State: AJcUukeWmXA+Dd7CwV3IuVyAOAebCbA9SAq2BR024MX5Pu8w1Mp/wkSg mzPYgj2dauNAdnikJV5eSJKcCS5hP4IYk+wRnKM= X-Received: by 2002:a63:bd51:: with SMTP id d17mr10877817pgp.443.1547673878052; Wed, 16 Jan 2019 13:24:38 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Dexuan-Linux Cui Date: Wed, 16 Jan 2019 13:24:26 -0800 Message-ID: Subject: Re: nvdimm crash at boot To: Dan Williams Cc: Kees Cook , Dave Jiang , linux-nvdimm , LKML , Dexuan Cui Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 8, 2019 at 4:49 PM Dan Williams wrote: > > On Tue, Jan 8, 2019 at 4:02 PM Dan Williams wrote: > > > > On Tue, Jan 8, 2019 at 3:55 PM Kees Cook wrote: > > > > > > On Tue, Jan 8, 2019 at 3:54 PM Dan Williams wrote: > > > > > > > > On Tue, Jan 8, 2019 at 3:34 PM Kees Cook wrote: > > > > > > > > > > On Tue, Jan 8, 2019 at 3:28 PM Dan Williams wrote: > > > > > > Ah, thanks for the report! The key difference is that you don't define > > > > > > a "label area", so the driver bails out early and never initializes > > > > > > the security state. > > > > > > > > > > > > This should fix it up. > > > > > > > > > > > > diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c > > > > > > index 4890310df874..636cdb06ee17 100644 > > > > > > --- a/drivers/nvdimm/dimm_devs.c > > > > > > +++ b/drivers/nvdimm/dimm_devs.c > > > > > > @@ -514,7 +514,7 @@ static umode_t nvdimm_visible(struct kobject > > > > > > *kobj, struct attribute *a, int n) > > > > > > > > > > > > if (a != &dev_attr_security.attr) > > > > > > return a->mode; > > > > > > - if (nvdimm->sec.state < 0) > > > > > > + if (!nvdimm->sec.ops || nvdimm->sec.state < 0) > > > > > > return 0; > > > > > > /* Are there any state mutation ops? */ > > > > > > if (nvdimm->sec.ops->freeze || nvdimm->sec.ops->disable > > > > > > > > > > Okay, cool. I wasn't sure if that test needed a deeper check. :) > > > > > > > > > > Fixes: 37833fb7989a9 ("acpi/nfit, libnvdimm: Add freeze security > > > > > support to Intel nvdimm") > > > > > Tested-by: Kees Cook > > > > > > > > > > > > > Actually, looking closer this should have been avoided by the fact > > > > that __nvdimm_create() initializes the security state early and that > > > > nvdimm->sec.state should have saved us. > > > > > > > > I'll dig a bit deeper with your qemu config. > > > > > > Maybe something goes weird with pstore stealing the region? > > > > No, pstore is off the hook. I was just able to reproduce locally and > > I'm not doing anything with pstore. > > Huh, this fixes it: > > diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h > index 5440f11b0907..7315977b64da 100644 > --- a/include/linux/libnvdimm.h > +++ b/include/linux/libnvdimm.h > @@ -160,6 +160,7 @@ static inline struct nd_blk_region_desc *to_blk_region_desc( > } > > enum nvdimm_security_state { > + NVDIMM_SECURITY_ERROR = -1, > NVDIMM_SECURITY_DISABLED, > NVDIMM_SECURITY_UNLOCKED, > NVDIMM_SECURITY_LOCKED, > > Apparently I was wrong to think an enum was a signed int without > actually making a signed value a possibility. I would have a expected > the compiler to give me a "statement has no effect" for testing for a > negative value against an effectively unsigned quantity. Thanks for the one-line patch! It fixed the same crash for me. -- Dexuan