From patchwork Sat Dec 22 19:44:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Williams X-Patchwork-Id: 10741451 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5D7FA13B5 for ; Sat, 22 Dec 2018 19:57:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44D7D28A37 for ; Sat, 22 Dec 2018 19:57:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 362A928A48; Sat, 22 Dec 2018 19:57:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 381D028A37 for ; Sat, 22 Dec 2018 19:57:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id BF6B521A07A92; Sat, 22 Dec 2018 11:57:04 -0800 (PST) X-Original-To: linux-nvdimm@lists.01.org Delivered-To: linux-nvdimm@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=dan.j.williams@intel.com; receiver=linux-nvdimm@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6F94121A143EF for ; Sat, 22 Dec 2018 11:57:02 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Dec 2018 11:57:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,385,1539673200"; d="scan'208";a="304377374" Received: from dwillia2-desk3.jf.intel.com (HELO dwillia2-desk3.amr.corp.intel.com) ([10.54.39.16]) by fmsmga006.fm.intel.com with ESMTP; 22 Dec 2018 11:57:02 -0800 Subject: [PATCH] libnvdimm/security: Quiet security operations From: Dan Williams To: linux-nvdimm@lists.01.org Date: Sat, 22 Dec 2018 11:44:26 -0800 Message-ID: <154550786663.3967862.7106966856597406852.stgit@dwillia2-desk3.amr.corp.intel.com> User-Agent: StGit/0.18-2-gc94f MIME-Version: 1.0 X-BeenThere: linux-nvdimm@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Linux-nvdimm developer list." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" X-Virus-Scanned: ClamAV using ClamSMTP The security implementation is too chatty. For example, the common case is that security is not enabled / setup, and booting a qemu configuration currently yields: nvdimm nmem0: request_key() found no key nvdimm nmem0: failed to unlock dimm: -126 nvdimm nmem1: request_key() found no key nvdimm nmem1: failed to unlock dimm: -126 Convert all security related log messages to debug level. Cc: Dave Jiang Signed-off-by: Dan Williams --- drivers/nvdimm/dimm.c | 2 +- drivers/nvdimm/security.c | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/nvdimm/dimm.c b/drivers/nvdimm/dimm.c index 1b3d9e7b2ffe..0cf58cabc9ed 100644 --- a/drivers/nvdimm/dimm.c +++ b/drivers/nvdimm/dimm.c @@ -62,7 +62,7 @@ static int nvdimm_probe(struct device *dev) */ rc = nvdimm_security_unlock(dev); if (rc < 0) - dev_err(dev, "failed to unlock dimm: %d\n", rc); + dev_dbg(dev, "failed to unlock dimm: %d\n", rc); /* diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c index d9a39dc251e9..f8bb746a549f 100644 --- a/drivers/nvdimm/security.c +++ b/drivers/nvdimm/security.c @@ -56,9 +56,9 @@ static struct key *nvdimm_request_key(struct nvdimm *nvdimm) key = request_key(&key_type_encrypted, desc, ""); if (IS_ERR(key)) { if (PTR_ERR(key) == -ENOKEY) - dev_warn(dev, "request_key() found no key\n"); + dev_dbg(dev, "request_key() found no key\n"); else - dev_warn(dev, "request_key() upcall failed\n"); + dev_dbg(dev, "request_key() upcall failed\n"); key = NULL; } else { struct encrypted_key_payload *epayload; @@ -145,7 +145,7 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm) return -EIO; if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) { - dev_warn(dev, "Security operation in progress.\n"); + dev_dbg(dev, "Security operation in progress.\n"); return -EBUSY; } @@ -204,13 +204,13 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid) return -EOPNOTSUPP; if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) { - dev_warn(dev, "Incorrect security state: %d\n", + dev_dbg(dev, "Incorrect security state: %d\n", nvdimm->sec.state); return -EIO; } if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) { - dev_warn(dev, "Security operation in progress.\n"); + dev_dbg(dev, "Security operation in progress.\n"); return -EBUSY; } @@ -244,7 +244,7 @@ int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid, return -EOPNOTSUPP; if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) { - dev_warn(dev, "Incorrect security state: %d\n", + dev_dbg(dev, "Incorrect security state: %d\n", nvdimm->sec.state); return -EIO; } @@ -297,24 +297,24 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid, return -EOPNOTSUPP; if (atomic_read(&nvdimm->busy)) { - dev_warn(dev, "Unable to secure erase while DIMM active.\n"); + dev_dbg(dev, "Unable to secure erase while DIMM active.\n"); return -EBUSY; } if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) { - dev_warn(dev, "Incorrect security state: %d\n", + dev_dbg(dev, "Incorrect security state: %d\n", nvdimm->sec.state); return -EIO; } if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) { - dev_warn(dev, "Security operation in progress.\n"); + dev_dbg(dev, "Security operation in progress.\n"); return -EBUSY; } if (nvdimm->sec.ext_state != NVDIMM_SECURITY_UNLOCKED && pass_type == NVDIMM_MASTER) { - dev_warn(dev, + dev_dbg(dev, "Attempt to secure erase in wrong master state.\n"); return -EOPNOTSUPP; } @@ -348,23 +348,23 @@ int nvdimm_security_overwrite(struct nvdimm *nvdimm, unsigned int keyid) return -EOPNOTSUPP; if (atomic_read(&nvdimm->busy)) { - dev_warn(dev, "Unable to overwrite while DIMM active.\n"); + dev_dbg(dev, "Unable to overwrite while DIMM active.\n"); return -EBUSY; } if (dev->driver == NULL) { - dev_warn(dev, "Unable to overwrite while DIMM active.\n"); + dev_dbg(dev, "Unable to overwrite while DIMM active.\n"); return -EINVAL; } if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) { - dev_warn(dev, "Incorrect security state: %d\n", + dev_dbg(dev, "Incorrect security state: %d\n", nvdimm->sec.state); return -EIO; } if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) { - dev_warn(dev, "Security operation in progress.\n"); + dev_dbg(dev, "Security operation in progress.\n"); return -EBUSY; } @@ -429,7 +429,7 @@ void __nvdimm_security_overwrite_query(struct nvdimm *nvdimm) } if (rc < 0) - dev_warn(&nvdimm->dev, "overwrite failed\n"); + dev_dbg(&nvdimm->dev, "overwrite failed\n"); else dev_dbg(&nvdimm->dev, "overwrite completed\n");