The decision to suspend your account. Waiting for payment.
by linux-nvdimm@lists.01.org
Hello!
I'm a programmer who cracked your email account and device about half year ago.
You entered a password on one of the insecure site you visited, and I catched it.
Of course you can will change your password, or already made it.
But it doesn't matter, my rat software update it every time.
Please don't try to contact me or find me, it is impossible, since I sent you an email from your email account.
Through your e-mail, I uploaded malicious code to your Operation System.
I saved all of your contacts with friends, colleagues, relatives and a complete history of visits to the Internet resources.
Also I installed a rat software on your device and long tome spying for you.
You are not my only victim, I usually lock devices and ask for a ransom.
But I was struck by the sites of intimate content that you very often visit.
I am in shock of your reach fantasies! Wow! I've never seen anything like this!
I did not even know that SUCH content could be so exciting!
So, when you had fun on intime sites (you know what I mean!)
I made screenshot with using my program from your camera of yours device.
After that, I jointed them to the content of the currently viewed site.
Will be funny when I send these photos to your contacts! And if your relatives see it?
BUT I'm sure you don't want it. I definitely would not want to ...
I will not do this if you pay me a little amount.
I think $715 is a nice price for it!
I accept only Bitcoins.
My BTC wallet: 18cFCmESfC6PKn8LL6HPbtK2EWLLdsryXp
If you have difficulty with this - Ask Google "how to make a payment on a bitcoin wallet". It's easy.
After receiving the above amount, all your data will be immediately removed automatically.
My virus will also will be destroy itself from your operating system.
My Trojan have auto alert, after this email is looked, I will be know it!
You have 2 days (48 hours) for make a payment.
If this does not happen - all your contacts will get crazy shots with your dirty life!
And so that you do not obstruct me, your device will be locked (also after 48 hours)
Do not take this frivolously! This is the last warning!
Various security services or antiviruses won't help you for sure (I have already collected all your data).
Here are the recommendations of a professional:
Antiviruses do not help against modern malicious code. Just do not enter your passwords on unsafe sites!
I hope you will be prudent.
Bye.
1 year, 4 months
[PATCH 1/5] libnvdimm, namespace: release labels properly on error
by Wei Yang
In init_active_labels(), it iterates on ndr_mappings to create its
corresponding labels. When there is an error, it is supposed to release
those labels created. But current implementation doesn't handle this
well in two aspects:
* when error happens during ndd check, labels are not released
* just labels on current nd_mapping released, previous ones are lost
This patch extracts labels releasing code to error branch and release
labels on all nd_mapping besides only current one. By goto error branch
on error, it release all labels allocated.
Signed-off-by: Wei Yang <richardw.yang(a)linux.intel.com>
---
drivers/nvdimm/namespace_devs.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c
index 9471b9ca04f5..234c0c79726a 100644
--- a/drivers/nvdimm/namespace_devs.c
+++ b/drivers/nvdimm/namespace_devs.c
@@ -2451,7 +2451,7 @@ static struct device **create_namespaces(struct nd_region *nd_region)
static int init_active_labels(struct nd_region *nd_region)
{
- int i;
+ int i, errno = -ENOMEM;
for (i = 0; i < nd_region->ndr_mappings; i++) {
struct nd_mapping *nd_mapping = &nd_region->mapping[i];
@@ -2476,7 +2476,8 @@ static int init_active_labels(struct nd_region *nd_region)
dev_name(&nd_mapping->nvdimm->dev),
test_bit(NDD_LOCKED, &nvdimm->flags)
? "locked" : "disabled");
- return -ENXIO;
+ errno = -ENXIO;
+ goto error;
}
nd_mapping->ndd = ndd;
atomic_inc(&nvdimm->busy);
@@ -2500,16 +2501,20 @@ static int init_active_labels(struct nd_region *nd_region)
mutex_unlock(&nd_mapping->lock);
}
- if (j >= count)
- continue;
+ if (j < count)
+ goto error;
+ }
+
+ return 0;
+error:
+ for (; i >= 0; i--) {
+ struct nd_mapping *nd_mapping = &nd_region->mapping[i];
mutex_lock(&nd_mapping->lock);
nd_mapping_free_labels(nd_mapping);
mutex_unlock(&nd_mapping->lock);
- return -ENOMEM;
}
-
- return 0;
+ return errno;
}
int nd_region_register_namespaces(struct nd_region *nd_region, int *err)
--
2.19.1
1 year, 4 months
Make sense to add ->pagesize in daxfs vm_ops ?
by jane.chu@oracle.com
Hi,
The /proc/<pid>/smaps MMUPageSize field for a mapping backed by
a daxfs(xfs,ext4) on a namespace created in 2MiB alignment is 4KB.
It's understandable because both xfs and ext4's vm_operations_struct
are missing vm_ops->pagesize() - a callback that could potentially
retrieve the alignment value from the driver as implemented for
dax_vm_ops for device-dax.
1GiB aligned /dev/dax2.0 :
7f19c0000000-7f1a40000000 rw-s 00000000 00:06 928839
/dev/dax2.0
Size: 2097152 kB
KernelPageSize: 1048576 kB
MMUPageSize: 1048576 kB
/mnt_nm4/file2GB backed by /dev/pmem4 that is 2MiB aligned :
7fd3d5600000-7fd415600000 rw-p 00000000 103:03 195
/mnt_nm4/file2GB
Size: 1048576 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Things work because xfs_file_mmap() always does
if (IS_DAX(file_inode(filp)))
vma->vm_flags |= VM_HUGEPAGE;
Since it knows that it only support 2 pagesizes if S_DAX is set:
4K or 2M, it can always try dax_iomap_pmd_fault(), and that fails
then fall back to dax_iomap_pte_fault() later.
If the /dev/pmem device is created in 4K alignment and 4K pagesize
was intended, the extra code that needs to be executed per page fault
is unnecessary right?
7efdce200000-7efe0e200000 rw-p 00000000 103:02 195
/mnt_nm3_4Kalign/file_2G
Size: 1048576 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
..
VmFlags: rd wr mr mw me ac sd mm hg <= VM_HUGEPAGE set in 4K alignment
Would it make sense to add vm_ops->pagesize() op to xfs, and make
xfs_file_mmap() to check the pagesize() instead of always setting
VM_HUGEPAGE? Same for ext4.
Doing so bring the additional benefit of exposing the true MMUPageSize
to users through procfs besides for daxfs not making assumptions on
pagesize.
thanks!
-jane
1 year, 4 months
Мисс Кира нужен ваш ответ / Miss Kira Needs Your Response
by Miss Genzo
Привет дорогой
Меня зовут мисс Кира Гензо. Мне 17 лет, я пишу, чтобы сказать вам, что я сирота. Я единственный ребенок моих родителей.
Я искал ваш адрес электронной почты в онлайн-каталоге баз данных электронной почты с помощью поиска в Интернете, и я хочу сообщить вам о своей заинтересованности переехать в вашу страну в целях безопасности.
Я китайский, я говорю по-английски и по-китайски. Мой отец умер от болезней сердца в последние несколько месяцев, и я искренне нуждаюсь в вашей помощи, потому что моя жизнь в опасности.
Я хочу обсудить и разобраться с очень важным делом с вами.
После получения вашего ответа я напишу больше деталей для вас.
Пожалуйста, ответьте на мой личный адрес электронной почты kige032767(a)hotmail.com немедленно
Я жду вашего следующего ответа.
Ответить только на мой личный адрес электронной почты: kige032767(a)hotmail.com
Спасибо
Любовь,
Кира.
Skype ID: Live: bekee32767
_________________________________________________________________________________
Отказ от ответственности: Это электронное письмо (включая вложения) отправляется только предполагаемому получателю и может содержать конфиденциальную и конфиденциальную информацию. Если вы не являетесь предполагаемым получателем, вы не можете использовать, сохранять, раскрывать, копировать, распечатывать, распространять или распространять какую-либо часть этого электронного письма. Если вы получили это письмо по ошибке, удалите это письмо (включая вложения) из вашей системы и немедленно уведомите отправителя, ответив на это письмо. Не гарантируется, что передача по электронной почте будет своевременной, безопасной, безошибочной или без вирусов. Отправитель не несет ответственности за любые потери, ошибки, упущения или повреждения, вызванные передачей электронной почты.
Hello dear,
My Name is Miss Kira Genzo, I am a 17 years old girl, I am writing you to let you know that I'm an Orphan, I am the only child of my parents.
I search your email address from the online e-mail Database Directory through the Internet search, I would like to communicate with you about my interest plan in relocating to your country for my safety.
I am a Chinese, and I can speak English and Chinese. My father has died of a heart attack for the past few months and I sincerely need your help now because my life is in Danger.
I want to discuss and handle a very important business with you.
I will write you more details of the business when I receive your reply.
Please reply immediately to my personal email address kige032767(a)hotmail.com
I wait for your next reply.
Reply only to my private email address: kige032767(a)hotmail.com
Thank you.
Love,
Kira.
Skype ID: live:bekee32767
_________________________________________________________________________________
DISCLAIMER: This email (including attachments) is addressed to the intended recipient only and may contain information that is privileged and confidential. If you are not the intended recipient, you must not use, retain, disclose, copy, print, disseminate or distribute any part of this email. If you have received this email in error, please delete this email (including attachments) from your system and notify the sender immediately by replying to this email. Email transmission cannot be guaranteed to be timely, secure, error or virus-free. The sender accepts no liability for any loss, error, omissions or damage arising as a result of email transmission.
1 year, 4 months
[PATCH] ndctl: make command be the same as function names for security functions
by Dave Jiang
Fix a few inconsistencies in the ndctl command name versus the function name.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
ndctl/builtin.h | 6 +++---
ndctl/dimm.c | 18 +++++++++---------
ndctl/ndctl.c | 6 +++---
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/ndctl/builtin.h b/ndctl/builtin.h
index 60c3623f..681a69ff 100644
--- a/ndctl/builtin.h
+++ b/ndctl/builtin.h
@@ -32,9 +32,9 @@ int cmd_bat(int argc, const char **argv, struct ndctl_ctx *ctx);
#endif
int cmd_update_firmware(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_inject_smart(int argc, const char **argv, struct ndctl_ctx *ctx);
-int cmd_passphrase_setup(int argc, const char **argv, struct ndctl_ctx *ctx);
-int cmd_passphrase_update(int argc, const char **argv, struct ndctl_ctx *ctx);
-int cmd_passphrase_remove(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_remove_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_freeze_security(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_sanitize_dimm(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_load_keys(int argc, const char **argv, struct ndctl_ctx *ctx);
diff --git a/ndctl/dimm.c b/ndctl/dimm.c
index d4e2090f..35e3190e 100644
--- a/ndctl/dimm.c
+++ b/ndctl/dimm.c
@@ -841,7 +841,7 @@ static int action_update(struct ndctl_dimm *dimm, struct action_context *actx)
return rc;
}
-static int action_passphrase_setup(struct ndctl_dimm *dimm,
+static int action_setup_passphrase(struct ndctl_dimm *dimm,
struct action_context *actx)
{
if (ndctl_dimm_get_security(dimm) < 0) {
@@ -857,7 +857,7 @@ static int action_passphrase_setup(struct ndctl_dimm *dimm,
param.master_pass ? ND_MASTER_KEY : ND_USER_KEY);
}
-static int action_passphrase_update(struct ndctl_dimm *dimm,
+static int action_update_passphrase(struct ndctl_dimm *dimm,
struct action_context *actx)
{
if (ndctl_dimm_get_security(dimm) < 0) {
@@ -870,7 +870,7 @@ static int action_passphrase_update(struct ndctl_dimm *dimm,
param.master_pass ? ND_MASTER_KEY : ND_USER_KEY);
}
-static int action_passphrase_remove(struct ndctl_dimm *dimm,
+static int action_remove_passphrase(struct ndctl_dimm *dimm,
struct action_context *actx)
{
if (ndctl_dimm_get_security(dimm) < 0) {
@@ -1335,9 +1335,9 @@ int cmd_update_firmware(int argc, const char **argv, struct ndctl_ctx *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
-int cmd_passphrase_update(int argc, const char **argv, struct ndctl_ctx *ctx)
+int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx)
{
- int count = dimm_action(argc, argv, ctx, action_passphrase_update,
+ int count = dimm_action(argc, argv, ctx, action_update_passphrase,
key_options,
"ndctl update-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
@@ -1346,9 +1346,9 @@ int cmd_passphrase_update(int argc, const char **argv, struct ndctl_ctx *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
-int cmd_passphrase_setup(int argc, const char **argv, struct ndctl_ctx *ctx)
+int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx)
{
- int count = dimm_action(argc, argv, ctx, action_passphrase_setup,
+ int count = dimm_action(argc, argv, ctx, action_setup_passphrase,
key_options,
"ndctl setup-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
@@ -1357,9 +1357,9 @@ int cmd_passphrase_setup(int argc, const char **argv, struct ndctl_ctx *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
-int cmd_passphrase_remove(int argc, const char **argv, void *ctx)
+int cmd_remove_passphrase(int argc, const char **argv, void *ctx)
{
- int count = dimm_action(argc, argv, ctx, action_passphrase_remove,
+ int count = dimm_action(argc, argv, ctx, action_remove_passphrase,
base_options,
"ndctl remove-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
diff --git a/ndctl/ndctl.c b/ndctl/ndctl.c
index 04bf56d6..b5c3bf88 100644
--- a/ndctl/ndctl.c
+++ b/ndctl/ndctl.c
@@ -88,9 +88,9 @@ static struct cmd_struct commands[] = {
{ "inject-smart", { cmd_inject_smart } },
{ "wait-scrub", { cmd_wait_scrub } },
{ "start-scrub", { cmd_start_scrub } },
- { "setup-passphrase", { cmd_passphrase_setup } },
- { "update-passphrase", { cmd_passphrase_update } },
- { "remove-passphrase", { cmd_passphrase_remove } },
+ { "setup-passphrase", { cmd_setup_passphrase } },
+ { "update-passphrase", { cmd_update_passphrase } },
+ { "remove-passphrase", { cmd_remove_passphrase } },
{ "freeze-security", { cmd_freeze_security } },
{ "sanitize-dimm", { cmd_sanitize_dimm } },
{ "load-keys", { cmd_load_keys } },
1 year, 4 months
[PATCH] ndctl: security documentation update
by Dave Jiang
In order to avoid terminology confusion, update the security man pages so
that when we are talking about keys, we are exclusively talking about the
key encryption key. The encrypted keys with payload will be referred to as
passphrase instead.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
Documentation/ndctl/intel-nvdimm-security.txt | 14 +++++++-------
Documentation/ndctl/ndctl-freeze-security.txt | 4 ++++
Documentation/ndctl/ndctl-remove-passphrase.txt | 10 +++++++---
Documentation/ndctl/ndctl-sanitize-dimm.txt | 6 +++++-
Documentation/ndctl/ndctl-setup-passphrase.txt | 16 ++++++++--------
Documentation/ndctl/ndctl-update-passphrase.txt | 17 ++++++++---------
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/Documentation/ndctl/intel-nvdimm-security.txt b/Documentation/ndctl/intel-nvdimm-security.txt
index dc114df9..1b9e2434 100644
--- a/Documentation/ndctl/intel-nvdimm-security.txt
+++ b/Documentation/ndctl/intel-nvdimm-security.txt
@@ -58,10 +58,10 @@ of the nvdimm driver, it will:
3. Finally, create the unlock DSM, copy the decrypted payload into the DSM
passphrase field, and issue the DSM to unlock the DIMM.
-If the DIMM is already unlocked, the kernel will attempt to revalidate the key.
-This can be overriden with a kernel module parameter. If we fail to revalidate
-the key, the kernel will freeze the security and disallow any further security
-configuration changes.
+If the DIMM is already unlocked, the kernel will attempt to revalidate the
+passphrase. This can be overriden with a kernel module parameter. If we fail
+to revalidate the passphrase, the kernel will freeze the security and disallow
+any further security configuration changes.
SETUP USER PASSPHRASE
----------------------
@@ -126,9 +126,9 @@ will be issued first before overwrite.
SECURITY FREEZE
---------------
-This operation requires no key to succeed. ndctl will issue the DSM command
-and upon completion, the security commands besides status query will be locked
-out until the next boot.
+This operation requires no passphrase to succeed. ndctl will issue the DSM
+command and upon completion, the security commands besides status query will
+be locked out until the next boot.
MASTER PASSPHRASE SETUP, UPDATE, and CRYPTO ERASE
-----------------------------------------------------------
diff --git a/Documentation/ndctl/ndctl-freeze-security.txt b/Documentation/ndctl/ndctl-freeze-security.txt
index 43ea81eb..46ec30d2 100644
--- a/Documentation/ndctl/ndctl-freeze-security.txt
+++ b/Documentation/ndctl/ndctl-freeze-security.txt
@@ -55,6 +55,10 @@ OPTIONS
<dimm>::
include::xable-dimm-options.txt[]
+-v::
+--verbose::
+ Emit debug messages.
+
include::intel-nvdimm-security.txt[]
include::../copyright.txt[]
diff --git a/Documentation/ndctl/ndctl-remove-passphrase.txt b/Documentation/ndctl/ndctl-remove-passphrase.txt
index df83eaee..04722337 100644
--- a/Documentation/ndctl/ndctl-remove-passphrase.txt
+++ b/Documentation/ndctl/ndctl-remove-passphrase.txt
@@ -14,15 +14,19 @@ SYNOPSIS
DESCRIPTION
-----------
-Search the user key ring for the associated NVDIMM key. If not found,
-attempt to load the key blob. After disabling the passphrase successfully,
-remove the key and the key blob.
+Search the user key ring for the associated passphrase. If not found,
+attempt to load the passphrase blob. After disabling the passphrase
+successfully, remove the passphrase and the passphrase blob.
OPTIONS
-------
<dimm>::
include::xable-dimm-options.txt[]
+-v::
+--verbose::
+ Emit debug messages.
+
include::intel-nvdimm-security.txt[]
include::../copyright.txt[]
diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index 06ce06c8..eb3d37c4 100644
--- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
+++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
@@ -19,7 +19,7 @@ is the default method, and the other is overwrite the NVDIMM. ndctl will
search the user key ring for the associated NVDIMM. If not found,
attempt to load the key blob from the default location.
Security is disabled for the dimm after operation and ndctl will remove
-the key from the key ring and delete the associated key blob file.
+the passphrase from the key ring and delete the associated passphrase blob file.
OPTIONS
-------
@@ -43,6 +43,10 @@ include::xable-dimm-options.txt[]
instead of the user passphrase. This only is applicable to the
crypto-erase option.
+-v::
+--verbose::
+ Emit debug messages.
+
include::intel-nvdimm-security.txt[]
include::../copyright.txt[]
diff --git a/Documentation/ndctl/ndctl-setup-passphrase.txt b/Documentation/ndctl/ndctl-setup-passphrase.txt
index 76b55492..e9ffd7c3 100644
--- a/Documentation/ndctl/ndctl-setup-passphrase.txt
+++ b/Documentation/ndctl/ndctl-setup-passphrase.txt
@@ -18,15 +18,15 @@ DESCRIPTION
-----------
Enable the security passphrase for one or more NVDIMMs.
-Prerequisite for command to succeed:
-1. The master key has already been loaded into the user key ring.
-2. ndctl install-encrypt-key has been executed successfully.
+Prerequisite for command to succeed is that the key encryption key has already been loaded
+into the user key ring. See kernel doc on how to do this:
+https://www.kernel.org/doc/html/latest/security/keys/trusted-encrypted.html
-The encrypted key blobs will be created by ndctl in {ndctl_keysdir} directory
-with the file name of "nvdimm_<dimm unique id>_<hostname>.blob".
+The passphrase blobs will be created by ndctl in {ndctl_keysdir} directory
+with the file name of "nvdimm_<dimm-unique-id>_<hostname>.blob".
-The command will fail if the nvdimm key is already in the user key ring and/or
-the key blob already resides in {ndctl_keysdir}.
+The command will fail if the passphrase is already in the user key ring and/or
+the passphrase blob already resides in {ndctl_keysdir}.
OPTIONS
-------
@@ -47,7 +47,7 @@ include::xable-dimm-options.txt[]
-v::
--verbose::
- Emit debug messages for the namespace check process.
+ Emit debug messages.
include::intel-nvdimm-security.txt[]
diff --git a/Documentation/ndctl/ndctl-update-passphrase.txt b/Documentation/ndctl/ndctl-update-passphrase.txt
index 2a43f2bb..c09e4780 100644
--- a/Documentation/ndctl/ndctl-update-passphrase.txt
+++ b/Documentation/ndctl/ndctl-update-passphrase.txt
@@ -17,14 +17,13 @@ SYNOPSIS
DESCRIPTION
-----------
Update the security passphrase for one or more NVDIMMs.
-Prerequisite for command to succeed:
+Prerequisites for command to succeed:
1. The master key has already been loaded into the user key ring.
-2. ndctl install-encrypt-key has been executed successfully.
-3. setup-passphrase has successfully been executed previously on the NVDIMM
+2. setup-passphrase has successfully been executed previously on the NVDIMM
or NVDIMM has been successfully unlocked by the kernel.
-The updated key blobs will be created by ndctl in {ndctl_keysdir} directory
-with the file name of "nvdimm_<dimm unique id>_<hostname>.blob".
+The updated passphrase blobs will be created by ndctl in {ndctl_keysdir}
+directory with the file name of "nvdimm_<dimm-unique-id>_<hostname>.blob".
OPTIONS
-------
@@ -33,12 +32,12 @@ include::xable-dimm-options.txt[]
-k::
--key_handle=::
- The new encryption key (master) key handle, used for sealing the DIMM
+ The new master key handle, used for sealing the DIMM
encrypted keys. The format is <key type>:<key description>.
i.e. trusted:nvdimm-master
This key is expected to be loaded in the kernel's user keyring.
- This parameter is optional. If none provided, ndctl will determine
- the current key handle from the encrypted key for the NVDIMM.
+ This parameter is optional. If not provided, ndctl will determine
+ the current master key handle from the passphrase payload for the NVDIMM.
-m::
--master-passphrase::
@@ -47,7 +46,7 @@ include::xable-dimm-options.txt[]
-v::
--verbose::
- Emit debug messages for the namespace check process.
+ Emit debug messages.
include::intel-nvdimm-security.txt[]
1 year, 4 months