drivers/nvdimm/security.c
Source file repositories/reference/linux-study-clean/drivers/nvdimm/security.c
File Facts
- System
- Linux kernel
- Corpus path
drivers/nvdimm/security.c- Extension
.c- Size
- 15135 bytes
- Lines
- 579
- Domain
- Driver Families
- Bucket
- drivers/nvdimm
- Inferred role
- Driver Families: implementation source
- Status
- source implementation candidate
Why This File Exists
Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/module.hlinux/device.hlinux/ndctl.hlinux/slab.hlinux/io.hlinux/mm.hlinux/cred.hlinux/key.hlinux/key-type.hkeys/user-type.hkeys/encrypted-type.hnd-core.hnd.h
Detected Declarations
enum nvdimmsec_op_idsfunction nvdimm_put_keyfunction nvdimm_put_keyfunction nvdimm_key_revalidatefunction __nvdimm_security_unlockfunction request_keyfunction nvdimm_security_unlockfunction check_security_statefunction security_disablefunction security_updatefunction security_erasefunction security_overwritefunction __nvdimm_security_overwrite_queryfunction nvdimm_security_overwrite_queryfunction nvdimm_security_store
Annotated Snippet
if (epayload->decrypted_datalen != NVDIMM_PASSPHRASE_LEN) {
up_read(&key->sem);
key_put(key);
key = NULL;
}
}
return key;
}
static const void *nvdimm_get_key_payload(struct nvdimm *nvdimm,
struct key **key)
{
*key = nvdimm_request_key(nvdimm);
if (!*key)
return zero_key;
return key_data(*key);
}
static struct key *nvdimm_lookup_user_key(struct nvdimm *nvdimm,
key_serial_t id, int subclass)
{
key_ref_t keyref;
struct key *key;
struct encrypted_key_payload *epayload;
struct device *dev = &nvdimm->dev;
keyref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
if (IS_ERR(keyref))
return NULL;
key = key_ref_to_ptr(keyref);
if (key->type != &key_type_encrypted) {
key_put(key);
return NULL;
}
dev_dbg(dev, "%s: key found: %#x\n", __func__, key_serial(key));
down_read_nested(&key->sem, subclass);
epayload = dereference_key_locked(key);
if (epayload->decrypted_datalen != NVDIMM_PASSPHRASE_LEN) {
up_read(&key->sem);
key_put(key);
key = NULL;
}
return key;
}
static const void *nvdimm_get_user_key_payload(struct nvdimm *nvdimm,
key_serial_t id, int subclass, struct key **key)
{
*key = NULL;
if (id == 0) {
if (subclass == NVDIMM_BASE_KEY)
return zero_key;
else
return NULL;
}
*key = nvdimm_lookup_user_key(nvdimm, id, subclass);
if (!*key)
return NULL;
return key_data(*key);
}
static int nvdimm_key_revalidate(struct nvdimm *nvdimm)
{
struct key *key;
int rc;
const void *data;
if (!nvdimm->sec.ops->change_key)
return -EOPNOTSUPP;
data = nvdimm_get_key_payload(nvdimm, &key);
/*
* Send the same key to the hardware as new and old key to
* verify that the key is good.
*/
rc = nvdimm->sec.ops->change_key(nvdimm, data, data, NVDIMM_USER);
if (rc < 0) {
nvdimm_put_key(key);
return rc;
}
Annotation
- Immediate include surface: `linux/module.h`, `linux/device.h`, `linux/ndctl.h`, `linux/slab.h`, `linux/io.h`, `linux/mm.h`, `linux/cred.h`, `linux/key.h`.
- Detected declarations: `enum nvdimmsec_op_ids`, `function nvdimm_put_key`, `function nvdimm_put_key`, `function nvdimm_key_revalidate`, `function __nvdimm_security_unlock`, `function request_key`, `function nvdimm_security_unlock`, `function check_security_state`, `function security_disable`, `function security_update`.
- Atlas domain: Driver Families / drivers/nvdimm.
- Implementation status: source implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.