[v10,01/12] ndctl: add support for display security state
diff mbox series

Message ID 154837123008.37086.76497287122377987.stgit@djiang5-desk3.ch.intel.com
State New
Headers show
Series
  • ndctl: add security support
Related show

Commit Message

Dave Jiang Jan. 24, 2019, 11:07 p.m. UTC
Adding libndctl API call for retrieving security state for a DIMM and also
adding support to ndctl list for displaying security state.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---
 Documentation/ndctl/ndctl-list.txt |    8 ++++++++
 ndctl/lib/dimm.c                   |   33 +++++++++++++++++++++++++++++++++
 ndctl/lib/libndctl.sym             |    1 +
 ndctl/libndctl.h                   |   11 +++++++++++
 util/json.c                        |   17 +++++++++++++++++
 5 files changed, 70 insertions(+)

Patch
diff mbox series

diff --git a/Documentation/ndctl/ndctl-list.txt b/Documentation/ndctl/ndctl-list.txt
index e24c8f40..bdd69add 100644
--- a/Documentation/ndctl/ndctl-list.txt
+++ b/Documentation/ndctl/ndctl-list.txt
@@ -98,6 +98,14 @@  include::xable-region-options.txt[]
 -D::
 --dimms::
 	Include dimm info in the listing
+[verse]
+{
+  "dev":"nmem0",
+  "id":"cdab-0a-07e0-ffffffff",
+  "handle":0,
+  "phys_id":0,
+  "security:":"disabled"
+}
 
 -H::
 --health::
diff --git a/ndctl/lib/dimm.c b/ndctl/lib/dimm.c
index 11a7efe9..712223fc 100644
--- a/ndctl/lib/dimm.c
+++ b/ndctl/lib/dimm.c
@@ -598,3 +598,36 @@  NDCTL_EXPORT unsigned long ndctl_dimm_get_available_labels(
 
 	return strtoul(buf, NULL, 0);
 }
+
+NDCTL_EXPORT enum ndctl_security_state ndctl_dimm_get_security(
+		struct ndctl_dimm *dimm)
+{
+	struct ndctl_ctx *ctx = ndctl_dimm_get_ctx(dimm);
+	char *path = dimm->dimm_buf;
+	int len = dimm->buf_len;
+	char buf[64];
+	int rc;
+
+	if (snprintf(path, len, "%s/security", dimm->dimm_path) >= len) {
+		err(ctx, "%s: buffer too small!\n",
+				ndctl_dimm_get_devname(dimm));
+		return NDCTL_SECURITY_INVALID;
+	}
+
+	rc = sysfs_read_attr(ctx, path, buf);
+	if (rc < 0)
+		return NDCTL_SECURITY_INVALID;
+
+	if (strcmp(buf, "disabled") == 0)
+		return NDCTL_SECURITY_DISABLED;
+	else if (strcmp(buf, "unlocked") == 0)
+		return NDCTL_SECURITY_UNLOCKED;
+	else if (strcmp(buf, "locked") == 0)
+		return NDCTL_SECURITY_LOCKED;
+	else if (strcmp(buf, "frozen") == 0)
+		return NDCTL_SECURITY_FROZEN;
+	else if (strcmp(buf, "overwrite") == 0)
+		return NDCTL_SECURITY_OVERWRITE;
+
+	return NDCTL_SECURITY_INVALID;
+}
diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym
index 275db92e..0888c824 100644
--- a/ndctl/lib/libndctl.sym
+++ b/ndctl/lib/libndctl.sym
@@ -390,4 +390,5 @@  LIBNDCTL_19 {
 global:
 	ndctl_cmd_xlat_firmware_status;
 	ndctl_cmd_submit_xlat;
+	ndctl_dimm_get_security;
 } LIBNDCTL_18;
diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h
index e55a5932..e228c64f 100644
--- a/ndctl/libndctl.h
+++ b/ndctl/libndctl.h
@@ -684,6 +684,17 @@  int ndctl_dimm_fw_update_supported(struct ndctl_dimm *dimm);
 int ndctl_cmd_xlat_firmware_status(struct ndctl_cmd *cmd);
 int ndctl_cmd_submit_xlat(struct ndctl_cmd *cmd);
 
+enum ndctl_security_state {
+	NDCTL_SECURITY_INVALID = -1,
+	NDCTL_SECURITY_DISABLED = 0,
+	NDCTL_SECURITY_UNLOCKED,
+	NDCTL_SECURITY_LOCKED,
+	NDCTL_SECURITY_FROZEN,
+	NDCTL_SECURITY_OVERWRITE,
+};
+
+enum ndctl_security_state ndctl_dimm_get_security(struct ndctl_dimm *dimm);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
diff --git a/util/json.c b/util/json.c
index 5c3424e2..9dc420ce 100644
--- a/util/json.c
+++ b/util/json.c
@@ -164,6 +164,7 @@  struct json_object *util_dimm_to_json(struct ndctl_dimm *dimm,
 	unsigned int handle = ndctl_dimm_get_handle(dimm);
 	unsigned short phys_id = ndctl_dimm_get_phys_id(dimm);
 	struct json_object *jobj;
+	enum ndctl_security_state sstate;
 
 	if (!jdimm)
 		return NULL;
@@ -243,6 +244,22 @@  struct json_object *util_dimm_to_json(struct ndctl_dimm *dimm,
 		json_object_object_add(jdimm, "flag_smart_event", jobj);
 	}
 
+	sstate = ndctl_dimm_get_security(dimm);
+	if (sstate == NDCTL_SECURITY_DISABLED)
+		jobj = json_object_new_string("disabled");
+	else if (sstate == NDCTL_SECURITY_UNLOCKED)
+		jobj = json_object_new_string("unlocked");
+	else if (sstate == NDCTL_SECURITY_LOCKED)
+		jobj = json_object_new_string("locked");
+	else if (sstate == NDCTL_SECURITY_FROZEN)
+		jobj = json_object_new_string("frozen");
+	else if (sstate == NDCTL_SECURITY_OVERWRITE)
+		jobj = json_object_new_string("overwrite");
+	else
+		jobj = NULL;
+	if (jobj)
+		json_object_object_add(jdimm, "security", jobj);
+
 	return jdimm;
  err:
 	json_object_put(jdimm);