git.kernel.dk Git - linux-block.git/commit

author	Luca Boccassi <bluca@debian.org>
	Tue, 6 Dec 2022 09:29:13 +0000 (09:29 +0000)
committer	Jens Axboe <axboe@kernel.dk>
	Thu, 8 Dec 2022 16:17:45 +0000 (09:17 -0700)
commit	c1f480b2d092960ecf8bb0bd1f27982c33ada42a
tree	6f3397b8ed9b4fa595dd44fbe6581160a0a4f3ef	tree \| snapshot
parent	37754595e94779db869e6ef803f038fa956d08ff	commit \| diff

sed-opal: allow using IOC_OPAL_SAVE for locking too

Usually when closing a crypto device (eg: dm-crypt with LUKS) the
volume key is not required, as it requires root privileges anyway, and
root can deny access to a disk in many ways regardless. Requiring the
volume key to lock the device is a peculiarity of the OPAL
specification.

Given we might already have saved the key if the user requested it via
the 'IOC_OPAL_SAVE' ioctl, we can use that key to lock the device if no
key was provided here and the locking range matches, and the user sets
the appropriate flag with 'IOC_OPAL_SAVE'. This allows integrating OPAL
with tools and libraries that are used to the common behaviour and do
not ask for the volume key when closing a device.

Callers can always pass a non-zero key and it will be used regardless,
as before.

Suggested-by: Štěpán Horáček <stepan.horacek@gmail.com>
Signed-off-by: Luca Boccassi <bluca@debian.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Link: https://lore.kernel.org/r/20221206092913.4625-1-luca.boccassi@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

block/sed-opal.c		diff \| blob \| blame \| history
include/uapi/linux/sed-opal.h		diff \| blob \| blame \| history