libnvdimm/security: Quiet security operations
The security implementation is too chatty. For example, the common case is that security is not enabled / setup, and booting a qemu configuration currently yields: nvdimm nmem0: request_key() found no key nvdimm nmem0: failed to unlock dimm: -126 nvdimm nmem1: request_key() found no key nvdimm nmem1: failed to unlock dimm: -126 Convert all security related log messages to debug level. Cc: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This commit is contained in:
parent
1f4883f300
commit
37379cfc66
|
@ -62,7 +62,7 @@ static int nvdimm_probe(struct device *dev)
|
||||||
*/
|
*/
|
||||||
rc = nvdimm_security_unlock(dev);
|
rc = nvdimm_security_unlock(dev);
|
||||||
if (rc < 0)
|
if (rc < 0)
|
||||||
dev_err(dev, "failed to unlock dimm: %d\n", rc);
|
dev_dbg(dev, "failed to unlock dimm: %d\n", rc);
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -56,9 +56,9 @@ static struct key *nvdimm_request_key(struct nvdimm *nvdimm)
|
||||||
key = request_key(&key_type_encrypted, desc, "");
|
key = request_key(&key_type_encrypted, desc, "");
|
||||||
if (IS_ERR(key)) {
|
if (IS_ERR(key)) {
|
||||||
if (PTR_ERR(key) == -ENOKEY)
|
if (PTR_ERR(key) == -ENOKEY)
|
||||||
dev_warn(dev, "request_key() found no key\n");
|
dev_dbg(dev, "request_key() found no key\n");
|
||||||
else
|
else
|
||||||
dev_warn(dev, "request_key() upcall failed\n");
|
dev_dbg(dev, "request_key() upcall failed\n");
|
||||||
key = NULL;
|
key = NULL;
|
||||||
} else {
|
} else {
|
||||||
struct encrypted_key_payload *epayload;
|
struct encrypted_key_payload *epayload;
|
||||||
|
@ -145,7 +145,7 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
||||||
dev_warn(dev, "Security operation in progress.\n");
|
dev_dbg(dev, "Security operation in progress.\n");
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -204,13 +204,13 @@ int nvdimm_security_disable(struct nvdimm *nvdimm, unsigned int keyid)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
||||||
dev_warn(dev, "Incorrect security state: %d\n",
|
dev_dbg(dev, "Incorrect security state: %d\n",
|
||||||
nvdimm->sec.state);
|
nvdimm->sec.state);
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
||||||
dev_warn(dev, "Security operation in progress.\n");
|
dev_dbg(dev, "Security operation in progress.\n");
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -244,7 +244,7 @@ int nvdimm_security_update(struct nvdimm *nvdimm, unsigned int keyid,
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
||||||
dev_warn(dev, "Incorrect security state: %d\n",
|
dev_dbg(dev, "Incorrect security state: %d\n",
|
||||||
nvdimm->sec.state);
|
nvdimm->sec.state);
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
@ -297,24 +297,24 @@ int nvdimm_security_erase(struct nvdimm *nvdimm, unsigned int keyid,
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
if (atomic_read(&nvdimm->busy)) {
|
if (atomic_read(&nvdimm->busy)) {
|
||||||
dev_warn(dev, "Unable to secure erase while DIMM active.\n");
|
dev_dbg(dev, "Unable to secure erase while DIMM active.\n");
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
||||||
dev_warn(dev, "Incorrect security state: %d\n",
|
dev_dbg(dev, "Incorrect security state: %d\n",
|
||||||
nvdimm->sec.state);
|
nvdimm->sec.state);
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
||||||
dev_warn(dev, "Security operation in progress.\n");
|
dev_dbg(dev, "Security operation in progress.\n");
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nvdimm->sec.ext_state != NVDIMM_SECURITY_UNLOCKED
|
if (nvdimm->sec.ext_state != NVDIMM_SECURITY_UNLOCKED
|
||||||
&& pass_type == NVDIMM_MASTER) {
|
&& pass_type == NVDIMM_MASTER) {
|
||||||
dev_warn(dev,
|
dev_dbg(dev,
|
||||||
"Attempt to secure erase in wrong master state.\n");
|
"Attempt to secure erase in wrong master state.\n");
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
}
|
}
|
||||||
|
@ -348,23 +348,23 @@ int nvdimm_security_overwrite(struct nvdimm *nvdimm, unsigned int keyid)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
if (atomic_read(&nvdimm->busy)) {
|
if (atomic_read(&nvdimm->busy)) {
|
||||||
dev_warn(dev, "Unable to overwrite while DIMM active.\n");
|
dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dev->driver == NULL) {
|
if (dev->driver == NULL) {
|
||||||
dev_warn(dev, "Unable to overwrite while DIMM active.\n");
|
dev_dbg(dev, "Unable to overwrite while DIMM active.\n");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
if (nvdimm->sec.state >= NVDIMM_SECURITY_FROZEN) {
|
||||||
dev_warn(dev, "Incorrect security state: %d\n",
|
dev_dbg(dev, "Incorrect security state: %d\n",
|
||||||
nvdimm->sec.state);
|
nvdimm->sec.state);
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
|
||||||
dev_warn(dev, "Security operation in progress.\n");
|
dev_dbg(dev, "Security operation in progress.\n");
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -429,7 +429,7 @@ void __nvdimm_security_overwrite_query(struct nvdimm *nvdimm)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rc < 0)
|
if (rc < 0)
|
||||||
dev_warn(&nvdimm->dev, "overwrite failed\n");
|
dev_dbg(&nvdimm->dev, "overwrite failed\n");
|
||||||
else
|
else
|
||||||
dev_dbg(&nvdimm->dev, "overwrite completed\n");
|
dev_dbg(&nvdimm->dev, "overwrite completed\n");
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue