From patchwork Wed Dec 14 22:00:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 13073597 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15A3BBA27 for ; Wed, 14 Dec 2022 22:00:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1671055227; x=1702591227; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JccO0gN9kEfLD1TxKiyJlWK0f5UxLjSFMPXrUfOVJeA=; b=DQnzIOGMZSmlvOBrJKVxKXJyIH43mFSqCisD3jIgy99drGpEo1ZoXyvI 6OMgy2JZI9whr4W5sbI593scD9n2itupfth4kuYvKGggvRCyekMhCrX38 OEv/9yJqc6uJHhb56qcxoydzRFFMVyVhR/lQz+BFDjNaUe5kaWaGdDCed vhDNFHNEgde+gdiFIU4sjsPVHuYo6n9dH1qvI9DmkiWLQo8sTiUyrIekQ DcUcwukLX4USZGv9skLpYLfIaRa9teTYPiUFGu/h0om6MjRSQmJBb0rPH Gll0ORzRmq1vuUshpgSlAoBhkMCl1dkk2TPx4YRAg5FkDt7bDSz80WgrN Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="316159212" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="316159212" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:26 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="679907672" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="679907672" Received: from djiang5-desk3.ch.intel.com ([143.182.136.137]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:26 -0800 Subject: [ndctl PATCH v2 1/4] ndctl: add CXL bus detection From: Dave Jiang To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev Cc: vishal.l.verma@intel.com Date: Wed, 14 Dec 2022 15:00:25 -0700 Message-ID: <167105522584.3034751.8329537593759406601.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> References: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/1.4 Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a CXL bus type, and detect whether a 'dimm' is backed by the CXL subsystem. Reviewed-by: Alison Schofield Signed-off-by: Dave Jiang --- v2: - Improve commit log. (Vishal) --- ndctl/lib/libndctl.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ ndctl/lib/libndctl.sym | 1 + ndctl/lib/private.h | 1 + ndctl/libndctl.h | 1 + 4 files changed, 56 insertions(+) diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c index ad54f0626510..10422e24d38b 100644 --- a/ndctl/lib/libndctl.c +++ b/ndctl/lib/libndctl.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -876,6 +877,48 @@ static enum ndctl_fwa_method fwa_method_to_method(const char *fwa_method) return NDCTL_FWA_METHOD_RESET; } +static int is_ndbus_cxl(const char *ctl_base) +{ + char *path, *ppath, *subsys; + char tmp_path[PATH_MAX]; + int rc; + + /* get the real path of ctl_base */ + path = realpath(ctl_base, NULL); + if (!path) + return -errno; + + /* setup to get the nd bridge device backing the ctl */ + sprintf(tmp_path, "%s/device", path); + free(path); + + path = realpath(tmp_path, NULL); + if (!path) + return -errno; + + /* get the parent dir of the ndbus, which should be the nvdimm-bridge */ + ppath = dirname(path); + + /* setup to get the subsystem of the nvdimm-bridge */ + sprintf(tmp_path, "%s/%s", ppath, "subsystem"); + free(path); + + path = realpath(tmp_path, NULL); + if (!path) + return -errno; + + subsys = basename(path); + + /* check if subsystem is cxl */ + if (!strcmp(subsys, "cxl")) + rc = 1; + else + rc = 0; + + free(path); + return rc; +} + static void *add_bus(void *parent, int id, const char *ctl_base) { char buf[SYSFS_ATTR_SIZE]; @@ -919,6 +962,11 @@ static void *add_bus(void *parent, int id, const char *ctl_base) else bus->has_of_node = 1; + if (is_ndbus_cxl(ctl_base)) + bus->has_cxl = 1; + else + bus->has_cxl = 0; + sprintf(path, "%s/device/nfit/dsm_mask", ctl_base); if (sysfs_read_attr(ctx, path, buf) < 0) bus->nfit_dsm_mask = 0; @@ -1050,6 +1098,11 @@ NDCTL_EXPORT int ndctl_bus_has_of_node(struct ndctl_bus *bus) return bus->has_of_node; } +NDCTL_EXPORT int ndctl_bus_has_cxl(struct ndctl_bus *bus) +{ + return bus->has_cxl; +} + NDCTL_EXPORT int ndctl_bus_is_papr_scm(struct ndctl_bus *bus) { char buf[SYSFS_ATTR_SIZE]; diff --git a/ndctl/lib/libndctl.sym b/ndctl/lib/libndctl.sym index 75c32b9d4967..2892544d1985 100644 --- a/ndctl/lib/libndctl.sym +++ b/ndctl/lib/libndctl.sym @@ -464,4 +464,5 @@ LIBNDCTL_27 { } LIBNDCTL_26; LIBNDCTL_28 { ndctl_dimm_disable_master_passphrase; + ndctl_bus_has_cxl; } LIBNDCTL_27; diff --git a/ndctl/lib/private.h b/ndctl/lib/private.h index e5c56295556d..46bc8908bd90 100644 --- a/ndctl/lib/private.h +++ b/ndctl/lib/private.h @@ -163,6 +163,7 @@ struct ndctl_bus { int regions_init; int has_nfit; int has_of_node; + int has_cxl; char *bus_path; char *bus_buf; size_t buf_len; diff --git a/ndctl/libndctl.h b/ndctl/libndctl.h index c52e82a6f826..91ef0f42f654 100644 --- a/ndctl/libndctl.h +++ b/ndctl/libndctl.h @@ -133,6 +133,7 @@ struct ndctl_bus *ndctl_bus_get_next(struct ndctl_bus *bus); struct ndctl_ctx *ndctl_bus_get_ctx(struct ndctl_bus *bus); int ndctl_bus_has_nfit(struct ndctl_bus *bus); int ndctl_bus_has_of_node(struct ndctl_bus *bus); +int ndctl_bus_has_cxl(struct ndctl_bus *bus); int ndctl_bus_is_papr_scm(struct ndctl_bus *bus); unsigned int ndctl_bus_get_major(struct ndctl_bus *bus); unsigned int ndctl_bus_get_minor(struct ndctl_bus *bus); From patchwork Wed Dec 14 22:00:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 13073600 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 59415BA24 for ; Wed, 14 Dec 2022 22:00:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1671055255; x=1702591255; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mwVah/u+qM7VhJ72QMALIWdkabtUltYcykRGgJ72ORQ=; b=EpqNRzsuSJamZu2Q4rOqy5WC5+d0GHWXzHEbjl0mToz2Qkj/zFjWpRsG crqK9YOsUZzFEHB0u6Smk8G55Uh90r9XHW4SW4Ysz/7jNS98CsKLRDXnY xFRxQ8S/YHeVv+ACLhOfHYf0X2nLkOpAkPDbPoOM+NNtFYFT8UVF+gClB tsg0x4tfdaFB+EnPsv0ddraHbxGkv9xWihf8EcepO95tRD5VsK9Kkwid7 yAf1mS2ZTQIRrxL8nKWfWCFBfygQjmGIPNULymGPjv14+5hXEqXz5OYrS d1y6qUGCNhJILzFfzpc5lZbktEtv+pQbXhGeSVOLN308vCIZttKj0FIvH A==; X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="316159244" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="316159244" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:32 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="679907729" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="679907729" Received: from djiang5-desk3.ch.intel.com ([143.182.136.137]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:32 -0800 Subject: [ndctl PATCH v2 2/4] ndctl/libndctl: Add bus_prefix for CXL From: Dave Jiang To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev Cc: vishal.l.verma@intel.com Date: Wed, 14 Dec 2022 15:00:31 -0700 Message-ID: <167105523165.3034751.4940603908511673299.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> References: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/1.4 Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When the 'ndbus' is backed by CXL, setup the bus_prefix for dimm object appropriately. Signed-off-by: Dave Jiang --- v2: - improve commit log. (Vishal) --- ndctl/lib/libndctl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c index 10422e24d38b..d2e800bc840a 100644 --- a/ndctl/lib/libndctl.c +++ b/ndctl/lib/libndctl.c @@ -2012,6 +2012,12 @@ static void *add_dimm(void *parent, int id, const char *dimm_base) goto out; } rc = add_papr_dimm(dimm, dimm_base); + } else if (ndctl_bus_has_cxl(bus)) { + dimm->bus_prefix = strdup("cxl"); + if (!dimm->bus_prefix) { + rc = -ENOMEM; + goto out; + } } if (rc == -ENODEV) { From patchwork Wed Dec 14 22:00:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 13073598 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2B01BA24 for ; Wed, 14 Dec 2022 22:00:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1671055238; x=1702591238; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jzJLupQfWR0UE6bmX9NmgrmSiT/W0DNSMzNsbh18xuE=; b=OfKw6pNJErlsMPUVyYKelo76fhg1/nHSx+GO+jsWAEdAYcIDi363JAoK uqqK/PFGUaOuTYmUbnPWMw0HP7Uq1X4OqKpAsoECjg/B86trRl/7dKR1X NZTjk7zd3GGQCwuG5rr9dl4saVQZAbsaurLd5paCxGm+QaSJJwLEgpqiE bsvaWVacSXi52jVZl99pxTuO7z/PhLHBA+mJ4cS6ONagKWuDtA7Ee9sO4 NtqgPiqbNFwJCuSqcOt6bguqc82HZzI01WObWGDxI9Sw/C+Txi/O/62bi 5s6VBUHO9Yx5+sLfUaGaKCzynxIW7Yb2oy1esEC9cFFZg5gjUu7MPUHb6 A==; X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="317233546" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="317233546" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:37 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="791406252" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="791406252" Received: from djiang5-desk3.ch.intel.com ([143.182.136.137]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:37 -0800 Subject: [ndctl PATCH v2 3/4] ndctl/libndctl: Allow retrievng of unique_id for CXL mem dev From: Dave Jiang To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev Cc: vishal.l.verma@intel.com Date: Wed, 14 Dec 2022 15:00:37 -0700 Message-ID: <167105523734.3034751.3059263405298786126.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> References: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/1.4 Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 With bus_prefix, retrieve the unique_id of CXL mem device. This will allow selecting a specific CXL mem device for the security test code. Signed-off-by: Dave Jiang --- v2: - Fix commit subject. (Vishal) --- ndctl/lib/libndctl.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c index d2e800bc840a..c569178b9a3a 100644 --- a/ndctl/lib/libndctl.c +++ b/ndctl/lib/libndctl.c @@ -1749,6 +1749,33 @@ NDCTL_EXPORT void ndctl_dimm_refresh_flags(struct ndctl_dimm *dimm) parse_papr_flags(dimm, buf); } +static int populate_cxl_dimm_attributes(struct ndctl_dimm *dimm, + const char *dimm_base) +{ + int rc = 0; + char buf[SYSFS_ATTR_SIZE]; + struct ndctl_ctx *ctx = dimm->bus->ctx; + char *path = calloc(1, strlen(dimm_base) + 100); + const char *bus_prefix = dimm->bus_prefix; + + if (!path) + return -ENOMEM; + + sprintf(path, "%s/%s/id", dimm_base, bus_prefix); + if (sysfs_read_attr(ctx, path, buf) == 0) { + dimm->unique_id = strdup(buf); + if (!dimm->unique_id) { + rc = -ENOMEM; + goto err_read; + } + } + + err_read: + + free(path); + return rc; +} + static int populate_dimm_attributes(struct ndctl_dimm *dimm, const char *dimm_base) { @@ -2018,6 +2045,7 @@ static void *add_dimm(void *parent, int id, const char *dimm_base) rc = -ENOMEM; goto out; } + rc = populate_cxl_dimm_attributes(dimm, dimm_base); } if (rc == -ENODEV) { From patchwork Wed Dec 14 22:00:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 13073599 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95BBCBA24 for ; Wed, 14 Dec 2022 22:00:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1671055243; x=1702591243; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OrlQ0dJDRVsfwVt/hAjdRAYA8Ox139BU6LnDt4ev0fU=; b=UBkHCr9yW9rcJtRfQnBc/GK0lnRERdTJd6XAyMEL0jjbmBzuGZDhC0LD HbxF2xjODDcJVDKrmRLTSTsa0NDr4e+Ez8hlp3nNd7zRwIko2iFYWCye9 TNtoG5vAWixjmt9xxkNkvm71Txl7MZ5dsmsggTjajt1jiTGWK2qw9MMlS A5mXqlzavs764E2EtzJnC7SP345qTrBihixWOhKM5Xl+DhqlASYtA+az3 mFuuOgNe938r1NOV/LJXVlJ4NHh+iwA4vQWs0ulkdMT0V3rVgzftzsvjP ZbV5dkyo60KdxfBCc0GLoE+FjMFsNls2qVFjudX3JQdQpFAG866pQ0VkM w==; X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="317233572" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="317233572" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:43 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="791406269" X-IronPort-AV: E=Sophos;i="5.96,245,1665471600"; d="scan'208";a="791406269" Received: from djiang5-desk3.ch.intel.com ([143.182.136.137]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2022 14:00:43 -0800 Subject: [ndctl PATCH v2 4/4] ndctl/test: Add CXL test for security From: Dave Jiang To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev Cc: vishal.l.verma@intel.com Date: Wed, 14 Dec 2022 15:00:42 -0700 Message-ID: <167105524289.3034751.7668584473744316324.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> References: <167105505204.3034751.8113387624258581781.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/1.4 Precedence: bulk X-Mailing-List: nvdimm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Create security-cxl.sh based off of security.sh for nfit security testing. The test will test a cxl_test based security commands enabling through nvdimm. Signed-off-by: Dave Jiang --- v2: - Have test share common code. (Vishal) - Add cxl test to cxl test suite. (Dan) --- test/common | 7 +++++ test/cxl-security | 40 ++++++++++++++++++++++++++++ test/cxl-security.sh | 5 ++++ test/meson.build | 6 +++- test/nfit-security | 40 ++++++++++++++++++++++++++++ test/nfit-security.sh | 5 ++++ test/security.sh | 70 ++++++++++++++++++------------------------------- 7 files changed, 126 insertions(+), 47 deletions(-) create mode 100644 test/cxl-security create mode 100755 test/cxl-security.sh create mode 100644 test/nfit-security create mode 100755 test/nfit-security.sh diff --git a/test/common b/test/common index 44cc352f6009..b2519c17b34c 100644 --- a/test/common +++ b/test/common @@ -47,6 +47,7 @@ fi # NFIT_TEST_BUS0="nfit_test.0" NFIT_TEST_BUS1="nfit_test.1" +CXL_TEST_BUS="cxl_test" ACPI_BUS="ACPI.NFIT" E820_BUS="e820" @@ -125,6 +126,12 @@ _cleanup() modprobe -r nfit_test } +_cxl_cleanup() +{ + $NDCTL disable-region -b $CXL_TEST_BUS all + modprobe -r cxl_test +} + # json2var # stdin: json # diff --git a/test/cxl-security b/test/cxl-security new file mode 100644 index 000000000000..9a28ffd82b0b --- /dev/null +++ b/test/cxl-security @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2022, Intel Corp. All rights reserved. + +detect() +{ + dev="$($NDCTL list -b "$CXL_TEST_BUS" -D | jq -r 'sort_by(.id) | .[0].dev')" + [ -n "$dev" ] || err "$LINENO" + id="$($NDCTL list -b "$CXL_TEST_BUS" -D | jq -r 'sort_by(.id) | .[0].id')" + [ -n "$id" ] || err "$LINENO" +} + +lock_dimm() +{ + $NDCTL disable-dimm "$dev" + test_dimm_path="" + + nmem_rpath=$(readlink -f "/sys/bus/nd/devices/${dev}") + nmem_bus=$(dirname ${nmem_rpath}); + bus_provider_path="${nmem_bus}/provider" + test -e "$bus_provider_path" || err "$LINENO" + bus_provider=$(cat ${bus_provider_path}) + + [[ "$bus_provider" == "$CXL_TEST_BUS" ]] || err "$LINENO" + bus="cxl" + nmem_provider_path="/sys/bus/nd/devices/${dev}/${bus}/provider" + nmem_provider=$(cat ${nmem_provider_path}) + + test_dimm_path=$(readlink -f /sys/bus/$bus/devices/${nmem_provider}) + test_dimm_path=$(dirname $(dirname ${test_dimm_path}))/security_lock + + test -e "$test_dimm_path" + + # now lock the dimm + echo 1 > "${test_dimm_path}" + sstate="$(get_security_state)" + if [ "$sstate" != "locked" ]; then + echo "Incorrect security state: $sstate expected: locked" + err "$LINENO" + fi +} diff --git a/test/cxl-security.sh b/test/cxl-security.sh new file mode 100755 index 000000000000..d81ad3fe69d9 --- /dev/null +++ b/test/cxl-security.sh @@ -0,0 +1,5 @@ +#!/bin/bash -Ex +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2022 Intel Corporation. All rights reserved. + +$(dirname $0)/security.sh cxl diff --git a/test/meson.build b/test/meson.build index e0aaf5c6eaa9..a956885f6df6 100644 --- a/test/meson.build +++ b/test/meson.build @@ -215,9 +215,11 @@ if get_option('destructive').enabled() endif if get_option('keyutils').enabled() - security = find_program('security.sh') + nfit_security = find_program('nfit-security.sh') + cxl_security = find_program('cxl-security.sh') tests += [ - [ 'security.sh', security, 'ndctl' ] + [ 'nfit-security.sh', nfit_security, 'ndctl' ], + [ 'cxl-security.sh', cxl_security, 'cxl' ], ] endif diff --git a/test/nfit-security b/test/nfit-security new file mode 100644 index 000000000000..a05274ab801b --- /dev/null +++ b/test/nfit-security @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2022, Intel Corp. All rights reserved. + +detect() +{ + dev="$($NDCTL list -b "$NFIT_TEST_BUS0" -D | jq -r .[0].dev)" + [ -n "$dev" ] || err "$LINENO" + id="$($NDCTL list -b "$NFIT_TEST_BUS0" -D | jq -r .[0].id)" + [ -n "$id" ] || err "$LINENO" +} + +lock_dimm() +{ + $NDCTL disable-dimm "$dev" + # convert nmemX --> test_dimmY + # For now this is the only user of such a conversion so we can leave it + # inline. Once a subsequent user arrives we can refactor this to a + # helper in test/common: + # get_test_dimm_path "nfit_test.0" "nmem3" + handle="$($NDCTL list -b "$NFIT_TEST_BUS0" -d "$dev" -i | jq -r .[].dimms[0].handle)" + test_dimm_path="" + for test_dimm in /sys/devices/platform/"$NFIT_TEST_BUS0"/nfit_test_dimm/test_dimm*; do + td_handle_file="$test_dimm/handle" + test -e "$td_handle_file" || continue + td_handle="$(cat "$td_handle_file")" + if [[ "$td_handle" -eq "$handle" ]]; then + test_dimm_path="$test_dimm" + break + fi + done + test -d "$test_dimm_path" + + # now lock the dimm + echo 1 > "${test_dimm_path}/lock_dimm" + sstate="$(get_security_state)" + if [ "$sstate" != "locked" ]; then + echo "Incorrect security state: $sstate expected: locked" + err "$LINENO" + fi +} diff --git a/test/nfit-security.sh b/test/nfit-security.sh new file mode 100755 index 000000000000..3df9392438ab --- /dev/null +++ b/test/nfit-security.sh @@ -0,0 +1,5 @@ +#!/bin/bash -Ex +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2022 Intel Corporation. All rights reserved. + +$(dirname $0)/security.sh nfit diff --git a/test/security.sh b/test/security.sh index 1aa848839ea7..04f630e1946e 100755 --- a/test/security.sh +++ b/test/security.sh @@ -17,15 +17,7 @@ trap 'err $LINENO' ERR setup() { - $NDCTL disable-region -b "$NFIT_TEST_BUS0" all -} - -detect() -{ - dev="$($NDCTL list -b "$NFIT_TEST_BUS0" -D | jq -r .[0].dev)" - [ -n "$dev" ] || err "$LINENO" - id="$($NDCTL list -b "$NFIT_TEST_BUS0" -D | jq -r .[0].id)" - [ -n "$id" ] || err "$LINENO" + $NDCTL disable-region -b "$TEST_BUS" all } setup_keys() @@ -78,44 +70,14 @@ post_cleanup() fi } -lock_dimm() -{ - $NDCTL disable-dimm "$dev" - # convert nmemX --> test_dimmY - # For now this is the only user of such a conversion so we can leave it - # inline. Once a subsequent user arrives we can refactor this to a - # helper in test/common: - # get_test_dimm_path "nfit_test.0" "nmem3" - handle="$($NDCTL list -b "$NFIT_TEST_BUS0" -d "$dev" -i | jq -r .[].dimms[0].handle)" - test_dimm_path="" - for test_dimm in /sys/devices/platform/"$NFIT_TEST_BUS0"/nfit_test_dimm/test_dimm*; do - td_handle_file="$test_dimm/handle" - test -e "$td_handle_file" || continue - td_handle="$(cat "$td_handle_file")" - if [[ "$td_handle" -eq "$handle" ]]; then - test_dimm_path="$test_dimm" - break - fi - done - test -d "$test_dimm_path" - - # now lock the dimm - echo 1 > "${test_dimm_path}/lock_dimm" - sstate="$(get_security_state)" - if [ "$sstate" != "locked" ]; then - echo "Incorrect security state: $sstate expected: locked" - err "$LINENO" - fi -} - get_frozen_state() { - $NDCTL list -i -b "$NFIT_TEST_BUS0" -d "$dev" | jq -r .[].dimms[0].security_frozen + $NDCTL list -i -b "$TEST_BUS" -d "$dev" | jq -r .[].dimms[0].security_frozen } get_security_state() { - $NDCTL list -i -b "$NFIT_TEST_BUS0" -d "$dev" | jq -r .[].dimms[0].security + $NDCTL list -i -b "$TEST_BUS" -d "$dev" | jq -r .[].dimms[0].security } setup_passphrase() @@ -192,7 +154,7 @@ test_4_security_unlock() echo "Incorrect security state: $sstate expected: unlocked" err "$LINENO" fi - $NDCTL disable-region -b "$NFIT_TEST_BUS0" all + $NDCTL disable-region -b "$TEST_BUS" all remove_passphrase } @@ -243,13 +205,26 @@ test_6_load_keys() fi } -check_min_kver "5.0" || do_skip "may lack security handling" +if [ "$1" = "nfit" ]; then + . $(dirname $0)/nfit-security + TEST_BUS="$NFIT_TEST_BUS0" + check_min_kver "5.0" || do_skip "may lack security handling" + KMOD_TEST="nfit_test" +elif [ "$1" = "cxl" ]; then + . $(dirname $0)/cxl-security + TEST_BUS="$CXL_TEST_BUS" + check_min_kver "6.2" || do_skip "may lack security handling" + KMOD_TEST="cxl_test" +else + do_skip "Missing input parameters" +fi + uid="$(keyctl show | grep -Eo "_uid.[0-9]+" | head -1 | cut -d. -f2-)" if [ "$uid" -ne 0 ]; then do_skip "run as root or with a sudo login shell for test to work" fi -modprobe nfit_test +modprobe "$KMOD_TEST" setup check_prereq "keyctl" rc=1 @@ -278,5 +253,10 @@ test_6_load_keys test_cleanup post_cleanup -_cleanup +if [ "$1" = "nfit" ]; then + _cleanup +elif [ "$1" = "cxl" ]; then + _cxl_cleanup +fi + exit 0