linux-pci.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dan Williams <dan.j.williams@intel.com>
To: Lukas Wunner <lukas@wunner.de>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>,
	Gavin Hindman <gavin.hindman@intel.com>,
	Linuxarm <linuxarm@huawei.com>,
	"Weiny, Ira" <ira.weiny@intel.com>,
	Linux PCI <linux-pci@vger.kernel.org>,
	linux-cxl@vger.kernel.org, CHUCK_LEVER <chuck.lever@oracle.com>
Subject: Re: [RFC PATCH 0/1] DOE usage with pcie/portdrv
Date: Wed, 11 May 2022 12:42:24 -0700	[thread overview]
Message-ID: <CAPcyv4idjqiY9CV=sghDbWqQS_PM2Z0xWxr2MsrMxS-XqU1F=w@mail.gmail.com> (raw)
In-Reply-To: <20220511191345.GA26623@wunner.de>

On Wed, May 11, 2022 at 12:14 PM Lukas Wunner <lukas@wunner.de> wrote:
>
> On Mon, May 09, 2022 at 10:48:06AM +0100, Jonathan Cameron wrote:
> > On Sat, 7 May 2022 12:18:48 +0200 Lukas Wunner <lukas@wunner.de> wrote:
> > > I'm still somewhat undecided on the kernel vs. user space question.
> >
> > Likewise.  I feel a few more prototypes are needed to come to clear
> > conclusion.
>
> Gavin Hindman (+cc) raised an important point off-list:
>
> When an IDE-capable device is runtime suspended to D3hot and later
> runtime resumed to D0, it may not preserve its internal state.
> (The No_Soft_Reset bit in the Power Management Control/Status Register
> tells us whether the device is capable of preserving internal state
> over a transition to D3hot, see PCIe r6.0, sec. 7.5.2.2.)

I think power-management effects relative to IDE is a soft spot of the
specification. If the link goes down then yes, IDE needs to be
re-established, but as far as I can see that's a policy tradeoff to
support runtime reset or support link encryption.

> Likewise, when an IDE-capable device is reset (e.g. due to Downstream
> Port Containment, AER or a bus reset initiated by user space),
> internal state is lost and must be reconstructed by pci_restore_state().
> That state includes the SPDM session or IDE encryption.
>
> If setting up an SPDM session is dependent on user space, the kernel
> would have to leave a device in an inoperable state after runtime resume
> or reset, until user space gets around to initiate SPDM.

Yes, this seems acceptable from the perspective of server platforms
that can make the power management vs security tradeoff.

>
> I think that would be a terrible user experience.  We've gone to great
> lengths to make reset recovery as seamless and quick as possible.
> (E.g. hot-plugged NVMe drives survive a reset without the driver being
> unbound, those would be prime candidates for IDE encryption.)
> It won't help the acceptance of IDE if it breaks that seamlessness.
>
> So that's a strong argument for an in-kernel SPDM implementation.

The SPDM message passing will always need to be supported in-kernel.
It's the certificate parsing and attestation flow that is proposed to
be in userspace. So perform CMA with userspace up-calls, and then
insert a key-id into the kernel for ongoing SPDM message passing.

  parent reply	other threads:[~2022-05-11 19:42 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-03 15:34 [RFC PATCH 0/1] DOE usage with pcie/portdrv Jonathan Cameron
2022-05-03 15:34 ` [RFC PATCH 1/1] pcie/portdrv: Hack in DOE and CDAT support Jonathan Cameron
2022-05-06 22:40 ` [RFC PATCH 0/1] DOE usage with pcie/portdrv Dan Williams
2022-05-07 10:18   ` Lukas Wunner
2022-05-09  9:48     ` Jonathan Cameron
2022-05-11 19:13       ` Lukas Wunner
2022-05-11 19:19         ` Lukas Wunner
2022-05-11 19:43           ` Dan Williams
2022-05-14 13:55             ` Lukas Wunner
2022-05-16 17:01               ` Dan Williams
2022-05-27  9:39                 ` Lukas Wunner
2022-05-18 13:43               ` Christoph Hellwig
2022-05-18 15:08                 ` Dan Williams
2022-05-20  5:42                 ` Lukas Wunner
2022-05-20 15:37                   ` Dan Williams
2022-05-20 15:42                     ` Chuck Lever III
2022-05-11 19:42         ` Dan Williams [this message]
2022-05-11 20:22           ` Hindman, Gavin
2022-05-11 21:04             ` Dan Williams
2022-05-14 13:31           ` Lukas Wunner
2022-05-16 16:53             ` Dan Williams
2022-05-09  9:33   ` Jonathan Cameron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPcyv4idjqiY9CV=sghDbWqQS_PM2Z0xWxr2MsrMxS-XqU1F=w@mail.gmail.com' \
    --to=dan.j.williams@intel.com \
    --cc=Jonathan.Cameron@huawei.com \
    --cc=chuck.lever@oracle.com \
    --cc=gavin.hindman@intel.com \
    --cc=ira.weiny@intel.com \
    --cc=linux-cxl@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=linuxarm@huawei.com \
    --cc=lukas@wunner.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).