Commit a7f526ba authored by Changpeng Liu's avatar Changpeng Liu Committed by Ben Walker
Browse files

nvme/opal: check Security Protocol 00h before sending TCG SP 



A Security Receive command with the Security Protocol field cleared to
00h shall return information about the security protocols supported by
the controller, so we can check the TCG security protocol is supported
or not before sending it.

Fix issue #1961.

Change-Id: Id061defe45db981b276e2794fd0b59f8db70b7f4
Signed-off-by: default avatarChangpeng Liu <changpeng.liu@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/8083


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: default avatarNiklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: default avatarShuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
Reviewed-by: default avatarBen Walker <benjamin.walker@intel.com>
parent 1136107e

lib/nvme/nvme_opal.c

+30 −0
Original line number Diff line number Diff line
@@ -841,7 +841,37 @@ static int 
opal_discovery0(struct spdk_opal_dev *dev, void *payload, uint32_t payload_size)

{

	int ret;

	uint16_t i, sp_list_len;

	uint8_t *sp_list;

	bool sp_tcg_supported = false;



	/* NVMe 1.4 chapter 5.25.2 Security Protocol 00h */

	ret = spdk_nvme_ctrlr_security_receive(dev->ctrlr, SPDK_SCSI_SECP_INFO, 0,

					       0, payload, payload_size);

	if (ret) {

		return ret;

	}



	/* spc4r31 chapter 7.7.1.3 Supported security protocols list description */

	sp_list_len = from_be16(payload + 6);

	sp_list = (uint8_t *)payload + 8;



	if (sp_list_len + 8 > (int)payload_size) {

		return -EINVAL;

	}



	for (i = 0; i < sp_list_len; i++) {

		if (sp_list[i] == SPDK_SCSI_SECP_TCG) {

			sp_tcg_supported = true;

			break;

		}

	}



	if (!sp_tcg_supported) {

		return -ENOTSUP;

	}



	memset(payload, 0, payload_size);

	ret = spdk_nvme_ctrlr_security_receive(dev->ctrlr, SPDK_SCSI_SECP_TCG, LV0_DISCOVERY_COMID,

					       0, payload, payload_size);

	if (ret) {