From: Dave Jiang <dave.jiang@intel.com>
To: Davidlohr Bueso <dave@stgolabs.net>, dan.j.williams@intel.com
Cc: jonathan.cameron@huawei.com, ira.weiny@intel.com,
fan.ni@samsung.com, a.manzanares@samsung.com,
linux-cxl@vger.kernel.org
Subject: Re: [PATCH 4/7] cxl/mem: Support Sanitation
Date: Tue, 28 Feb 2023 10:28:27 -0700 [thread overview]
Message-ID: <7333903c-4ef9-6f1f-9767-e32f228149b3@intel.com> (raw)
In-Reply-To: <20230224194652.1990604-5-dave@stgolabs.net>
On 2/24/23 12:46 PM, Davidlohr Bueso wrote:
> Implement support for the non-pmem exclusive sanitize (aka overwrite),
> per CXL specs. This is the baseline for the sanitize-on-release
> functionality.
>
> To properly support this feature, create a 'security/sanitize' sysfs
> file that when read will list the current pmem security state and
> when written to, perform the requested operation.
I think this segment needs to be updated? The attrib is write only from
the code below.
DJ
>
> This operation can run in the background and the driver must wait
> for completion (no timeout), where the poller will awake every
> ~10 seconds (this could be further based on the size of the device).
>
> Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
> ---
> Documentation/ABI/testing/sysfs-bus-cxl | 14 ++++++
> drivers/cxl/core/mbox.c | 61 +++++++++++++++++++++++++
> drivers/cxl/core/memdev.c | 39 ++++++++++++++++
> drivers/cxl/cxlmem.h | 2 +
> 4 files changed, 116 insertions(+)
>
> diff --git a/Documentation/ABI/testing/sysfs-bus-cxl b/Documentation/ABI/testing/sysfs-bus-cxl
> index e9c432a5a841..b315d78b7e91 100644
> --- a/Documentation/ABI/testing/sysfs-bus-cxl
> +++ b/Documentation/ABI/testing/sysfs-bus-cxl
> @@ -66,6 +66,20 @@ Description:
> are available: frozen, locked, unlocked and disabled (which
> is also the case for any unsupported security features).
>
> +What: /sys/bus/cxl/devices/memX/security/sanitize
> +Date: February, 2023
> +KernelVersion: v6.4
> +Contact: linux-cxl@vger.kernel.org
> +Description:
> + (WO) Write a boolean 'true' string value to this attribute to
> + sanitize the device to securely re-purpose or decommission it.
> + This is done by ensuring that all user data and meta-data,
> + whether it resides in persistent capacity, volatile capacity,
> + or the LSA, is made permanently unavailable by whatever means
> + is appropriate for the media type. This causes all CPU caches
> + to be flushed. If this sysfs entry is not present then the
> + architecture does not support security features.
> +
> What: /sys/bus/cxl/devices/*/devtype
> Date: June, 2021
> KernelVersion: v5.14
> diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> index f2addb457172..885de3506735 100644
> --- a/drivers/cxl/core/mbox.c
> +++ b/drivers/cxl/core/mbox.c
> @@ -1,6 +1,7 @@
> // SPDX-License-Identifier: GPL-2.0-only
> /* Copyright(c) 2020 Intel Corporation. All rights reserved. */
> #include <linux/io-64-nonatomic-lo-hi.h>
> +#include <linux/memregion.h>
> #include <linux/security.h>
> #include <linux/debugfs.h>
> #include <linux/ktime.h>
> @@ -1021,6 +1022,66 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> }
> EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, CXL);
>
> +/**
> + * cxl_mem_sanitize() - Send sanitation (aka overwrite) command to the device.
> + * @cxlds: The device data for the operation
> + *
> + * Return: 0 if the command was executed successfully, regardless of
> + * whether or not the actual security operation is done in the background.
> + * Upon error, return the result of the mailbox command or -EINVAL if
> + * security requirements are not met. CPU caches are flushed before and
> + * after succesful completion of each command.
> + *
> + * See CXL 3.0 @8.2.9.8.5.1 Sanitize.
> + */
> +int cxl_mem_sanitize(struct cxl_dev_state *cxlds)
> +{
> + int rc;
> + u32 sec_out = 0;
> + struct cxl_get_security_output {
> + __le32 flags;
> + } out;
> + struct cxl_mbox_cmd sec_cmd = {
> + .opcode = CXL_MBOX_OP_GET_SECURITY_STATE,
> + .payload_out = &out,
> + .size_out = sizeof(out),
> + };
> + struct cxl_mbox_cmd mbox_cmd = {
> + .opcode = CXL_MBOX_OP_SANITIZE,
> + .poll_interval = 10000UL,
> + };
> +
> + if (!cpu_cache_has_invalidate_memregion())
> + return -EINVAL;
> +
> + rc = cxl_internal_send_cmd(cxlds, &sec_cmd);
> + if (rc < 0) {
> + dev_err(cxlds->dev, "Failed to get security state : %d", rc);
> + return rc;
> + }
> +
> + /*
> + * Prior to using these commands, any security applied to
> + * the user data areas of the device shall be DISABLED (or
> + * UNLOCKED for secure erase case).
> + */
> + sec_out = le32_to_cpu(out.flags);
> + if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET)
> + return -EINVAL;
> +
> + cpu_cache_invalidate_memregion(IORES_DESC_CXL);
> +
> + rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
> + if (rc < 0) {
> + dev_err(cxlds->dev, "Failed to sanitize device : %d", rc);
> + return rc;
> + }
> +
> + cpu_cache_invalidate_memregion(IORES_DESC_CXL);
> + return 0;
> +}
> +EXPORT_SYMBOL_NS_GPL(cxl_mem_sanitize, CXL);
> +
> static int add_dpa_res(struct device *dev, struct resource *parent,
> struct resource *res, resource_size_t start,
> resource_size_t size, const char *type)
> diff --git a/drivers/cxl/core/memdev.c b/drivers/cxl/core/memdev.c
> index 68c0ab06b999..a1bb095d081c 100644
> --- a/drivers/cxl/core/memdev.c
> +++ b/drivers/cxl/core/memdev.c
> @@ -127,6 +127,34 @@ static ssize_t security_state_show(struct device *dev,
> static struct device_attribute dev_attr_security_state =
> __ATTR(state, 0444, security_state_show, NULL);
>
> +static ssize_t security_sanitize_store(struct device *dev,
> + struct device_attribute *attr,
> + const char *buf, size_t len)
> +{
> + struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
> + struct cxl_dev_state *cxlds = cxlmd->cxlds;
> + ssize_t rc;
> + bool sanitize;
> +
> + rc = kstrtobool(buf, &sanitize);
> + if (rc)
> + return rc;
> +
> + if (sanitize) {
> + if (cxl_memdev_active_region(cxlmd))
> + return -EBUSY;
> +
> + rc = cxl_mem_sanitize(cxlds);
> + }
> +
> + if (rc == 0)
> + rc = len;
> + return rc;
> +}
> +
> +static struct device_attribute dev_attr_security_sanitize =
> + __ATTR(sanitize, 0200, NULL, security_sanitize_store);
> +
> static ssize_t serial_show(struct device *dev, struct device_attribute *attr,
> char *buf)
> {
> @@ -188,11 +216,22 @@ static struct attribute_group cxl_memdev_pmem_attribute_group = {
>
> static struct attribute *cxl_memdev_security_attributes[] = {
> &dev_attr_security_state.attr,
> + &dev_attr_security_sanitize.attr,
> NULL,
> };
>
> +static umode_t cxl_security_visible(struct kobject *kobj,
> + struct attribute *a, int n)
> +{
> + if (!cpu_cache_has_invalidate_memregion() &&
> + a == &dev_attr_security_sanitize.attr)
> + return 0;
> + return a->mode;
> +}
> +
> static struct attribute_group cxl_memdev_security_attribute_group = {
> .name = "security",
> + .is_visible = cxl_security_visible,
> .attrs = cxl_memdev_security_attributes,
> };
>
> diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
> index 4e31f3234519..0d2009b36933 100644
> --- a/drivers/cxl/cxlmem.h
> +++ b/drivers/cxl/cxlmem.h
> @@ -631,6 +631,8 @@ static inline void cxl_mem_active_dec(void)
> }
> #endif
>
> +int cxl_mem_sanitize(struct cxl_dev_state *cxlds);
> +
> struct cxl_hdm {
> struct cxl_component_regs regs;
> unsigned int decoder_count;
next prev parent reply other threads:[~2023-02-28 17:28 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-24 19:46 [PATCH v3 0/7] cxl: Background cmds and device sanitation Davidlohr Bueso
2023-02-24 19:25 ` Davidlohr Bueso
2023-02-24 19:46 ` [PATCH 1/7] cxl/mbox: Add background cmd handling machinery Davidlohr Bueso
2023-02-28 16:27 ` Dave Jiang
2023-02-28 20:18 ` Davidlohr Bueso
2023-02-28 23:35 ` Dave Jiang
2023-03-27 21:57 ` Dan Williams
2023-02-24 19:46 ` [PATCH 2/7] cxl/security: Add security state sysfs ABI Davidlohr Bueso
2023-02-28 16:47 ` Dave Jiang
2023-03-28 1:11 ` Dan Williams
2023-02-24 19:46 ` [PATCH 3/7] cxl/region: Add cxl_memdev_active_region() Davidlohr Bueso
2023-02-27 3:46 ` Alison Schofield
2023-02-28 20:26 ` Davidlohr Bueso
2023-02-28 23:20 ` Fan Ni
2023-03-28 1:15 ` Dan Williams
2023-02-24 19:46 ` [PATCH 4/7] cxl/mem: Support Sanitation Davidlohr Bueso
2023-02-28 17:28 ` Dave Jiang [this message]
2023-02-28 20:22 ` Davidlohr Bueso
2023-03-28 6:26 ` Dan Williams
2023-04-05 21:06 ` Davidlohr Bueso
2023-04-05 22:24 ` Dan Williams
2023-02-24 19:46 ` [PATCH 5/7] cxl/test: Add "Sanitize" opcode support Davidlohr Bueso
2023-02-28 18:03 ` Dave Jiang
2023-02-24 19:46 ` [PATCH 6/7] cxl/mem: Support Secure Erase Davidlohr Bueso
2023-02-28 18:31 ` Dave Jiang
2023-02-24 19:46 ` [PATCH 7/7] cxl/test: Add "Secure Erase" opcode support Davidlohr Bueso
2023-02-28 18:36 ` Dave Jiang
2023-03-22 0:05 ` [PATCH v3 0/7] cxl: Background cmds and device sanitation Davidlohr Bueso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7333903c-4ef9-6f1f-9767-e32f228149b3@intel.com \
--to=dave.jiang@intel.com \
--cc=a.manzanares@samsung.com \
--cc=dan.j.williams@intel.com \
--cc=dave@stgolabs.net \
--cc=fan.ni@samsung.com \
--cc=ira.weiny@intel.com \
--cc=jonathan.cameron@huawei.com \
--cc=linux-cxl@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.