diff mbox series

libnvdimm: prevent nvdimm from requesting key when security is disabled

Message ID 156893679671.13979.11441470387200549191.stgit@djiang5-desk3.ch.intel.com (mailing list archive)
State Superseded
Headers show
Series libnvdimm: prevent nvdimm from requesting key when security is disabled | expand

Commit Message

Dave Jiang Sept. 19, 2019, 11:46 p.m. UTC 
Current implementation attempts to request keys from the keyring even when
security is not enabled. Change behavior so when security is disabled it
will skip key request.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
 drivers/nvdimm/security.c |    4 ++++
 1 file changed, 4 insertions(+)

Comments

Dan Williams Sept. 20, 2019, 6:48 p.m. UTC | #1 
On Thu, Sep 19, 2019 at 4:46 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Current implementation attempts to request keys from the keyring even when
> security is not enabled. Change behavior so when security is disabled it
> will skip key request.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>

Patch looks good, but lets also include some details of the failure
mode this causes so others can track if this issue is impacting them.
A "Fixes:" and "Cc: <stable@...>" tag also seem appropriate.
Johannes Thumshirn Sept. 23, 2019, 9:30 a.m. UTC | #2 
Thanks,
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
diff mbox series

Patch

diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 9e45b207ff01..89b85970912d 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -177,6 +177,10 @@  static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
 			|| !nvdimm->sec.flags)
 		return -EIO;
 
+	/* No need to go further if security is disabled */
+	if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
+		return 0;
+
 	if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
 		dev_dbg(dev, "Security operation in progress.\n");
 		return -EBUSY;