--- /dev/null
+From c85b574ae4ffb5f24c5c11479643f81216789417 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 24 Sep 2019 10:34:49 -0700
+Subject: libnvdimm: prevent nvdimm from requesting key when security is
+ disabled
+
+From: Dave Jiang <dave.jiang@intel.com>
+
+[ Upstream commit 674f31a352da5e9f621f757b9a89262f486533a0 ]
+
+Current implementation attempts to request keys from the keyring even when
+security is not enabled. Change behavior so when security is disabled it
+will skip key request.
+
+Error messages seen when no keys are installed and libnvdimm is loaded:
+
+ request-key[4598]: Cannot find command to construct key 661489677
+ request-key[4606]: Cannot find command to construct key 34713726
+
+Cc: stable@vger.kernel.org
+Fixes: 4c6926a23b76 ("acpi/nfit, libnvdimm: Add unlock of nvdimm support for Intel DIMMs")
+Signed-off-by: Dave Jiang <dave.jiang@intel.com>
+Link: https://lore.kernel.org/r/156934642272.30222.5230162488753445916.stgit@djiang5-desk3.ch.intel.com
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvdimm/security.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
+index a570f2263a424..5b7ea93edb935 100644
+--- a/drivers/nvdimm/security.c
++++ b/drivers/nvdimm/security.c
+@@ -177,6 +177,10 @@ static int __nvdimm_security_unlock(struct nvdimm *nvdimm)
+ || nvdimm->sec.state < 0)
+ return -EIO;
+
++ /* No need to go further if security is disabled */
++ if (nvdimm->sec.state == NVDIMM_SECURITY_DISABLED)
++ return 0;
++
+ if (test_bit(NDD_SECURITY_OVERWRITE, &nvdimm->flags)) {
+ dev_dbg(dev, "Security operation in progress.\n");
+ return -EBUSY;
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
