mbox series

[v2,0/3] cxl: BG operations and device sanitation

Message ID 20221206011501.464916-1-dave@stgolabs.net
Headers show
Series cxl: BG operations and device sanitation | expand

Message

Davidlohr Bueso Dec. 6, 2022, 1:14 a.m. UTC
Hi,

This series adds support for the rest of the security related cxl operation
which are not strictly dependent on PMEM.

Patch 1 adds the required background cmd handling bits. While this is currently
only polling support, the idea is to follow up with an irq support once the
bits land in Ira's event work. All polling-specific code has been marked
as __maybe_unused.

Patch 2 implements the sanitation commands (overwrite and secure erase).

Patch 3 adds a support for secure erase mocking.

As for testing, while I used the mock device to test the secure erase command, I
ended up hacking up a prototype[0] for qemu to support overwrite and bg commands.
So while the some of the paths this series introduces have been exercised, there
is of course a lot more to do.

Applies on top of the 'for-6.2/cxl-security' in cxl.git.

Changes from rfc (https://lore.kernel.org/linux-cxl/20220804045029.2905056-1-dave@stgolabs.net/):

* Patch 1:
 - Added a cxlds->mbox_irq flag in order to separate the polling-specific requirements.
 - Made bg workqueue concurrent.
 - Address iteration mem commands style (Jonathan). Now just rely on cxl_mem_find_command + check
   bg flag + callback.
 - Don't error in cxl_mbox_check_cmd_bgcmd() if conflicts() callback is not defined (Jonathan).
 - Error out in cxl_mbox_send_cmd() upon corruption in cxl_mbox_bgcmd_begin() (Jonathan).
 - Do not prematurely add all bg capable opcodes (Jonathan).

* Patch 2:
  - Rework polling delay hinting (Dave).
  - Rely on CEL to see if command is supported instead of unconditionally sending it (Jonathan).

* Added patch 3.

[0]: https://github.com/davidlohr/qemu/commit/64a93a5b824b59d3b547f06f7fbb1269fb4790ce

Thanks!

Davidlohr Bueso (3):
  cxl/mbox: Add background operation handling machinery
  cxl/mem: Support sanitation commands
  tools/testing/cxl: Add "Secure Erase" opcode support

 Documentation/ABI/testing/sysfs-bus-cxl |  19 ++
 drivers/cxl/core/core.h                 |   3 +-
 drivers/cxl/core/mbox.c                 | 317 +++++++++++++++++++++++-
 drivers/cxl/core/memdev.c               |  54 ++++
 drivers/cxl/core/port.c                 |   1 +
 drivers/cxl/cxl.h                       |   8 +
 drivers/cxl/cxlmem.h                    |  65 ++++-
 drivers/cxl/pci.c                       |   4 +
 drivers/cxl/pmem.c                      |   5 +-
 drivers/cxl/security.c                  |  13 +-
 include/uapi/linux/cxl_mem.h            |   2 +
 tools/testing/cxl/test/mem.c            |  27 ++
 12 files changed, 497 insertions(+), 21 deletions(-)

--
2.38.1

Comments

Dan Williams Dec. 7, 2022, 12:09 a.m. UTC | #1
Davidlohr Bueso wrote:
> Hi,
> 
> This series adds support for the rest of the security related cxl operation
> which are not strictly dependent on PMEM.
> 
> Patch 1 adds the required background cmd handling bits. While this is currently
> only polling support, the idea is to follow up with an irq support once the
> bits land in Ira's event work. All polling-specific code has been marked
> as __maybe_unused.

I will take a look, but this tends to put me in the mindset of this is
v6.3 material that should wait for its user. Was that your intent?

> Patch 2 implements the sanitation commands (overwrite and secure erase).

My concern with landing non-PMEM secure erase is that it is not scoped
by partition type, and there is no existing appartus like there is on
the nvdimm side to make sure an erase event does not collide with a
device in active use.

However, this is just my reaction to the cover letter, maybe you covered
that aspect in the patches.

> Patch 3 adds a support for secure erase mocking.
> 
> As for testing, while I used the mock device to test the secure erase command, I
> ended up hacking up a prototype[0] for qemu to support overwrite and bg commands.
> So while the some of the paths this series introduces have been exercised, there
> is of course a lot more to do.
> 
> Applies on top of the 'for-6.2/cxl-security' in cxl.git.
> 
> Changes from rfc (https://lore.kernel.org/linux-cxl/20220804045029.2905056-1-dave@stgolabs.net/):
> 
> * Patch 1:
>  - Added a cxlds->mbox_irq flag in order to separate the polling-specific requirements.
>  - Made bg workqueue concurrent.
>  - Address iteration mem commands style (Jonathan). Now just rely on cxl_mem_find_command + check
>    bg flag + callback.
>  - Don't error in cxl_mbox_check_cmd_bgcmd() if conflicts() callback is not defined (Jonathan).
>  - Error out in cxl_mbox_send_cmd() upon corruption in cxl_mbox_bgcmd_begin() (Jonathan).
>  - Do not prematurely add all bg capable opcodes (Jonathan).
> 
> * Patch 2:
>   - Rework polling delay hinting (Dave).
>   - Rely on CEL to see if command is supported instead of unconditionally sending it (Jonathan).
> 
> * Added patch 3.
> 
> [0]: https://github.com/davidlohr/qemu/commit/64a93a5b824b59d3b547f06f7fbb1269fb4790ce
> 
> Thanks!
> 
> Davidlohr Bueso (3):
>   cxl/mbox: Add background operation handling machinery
>   cxl/mem: Support sanitation commands
>   tools/testing/cxl: Add "Secure Erase" opcode support
> 
>  Documentation/ABI/testing/sysfs-bus-cxl |  19 ++
>  drivers/cxl/core/core.h                 |   3 +-
>  drivers/cxl/core/mbox.c                 | 317 +++++++++++++++++++++++-
>  drivers/cxl/core/memdev.c               |  54 ++++
>  drivers/cxl/core/port.c                 |   1 +
>  drivers/cxl/cxl.h                       |   8 +
>  drivers/cxl/cxlmem.h                    |  65 ++++-
>  drivers/cxl/pci.c                       |   4 +
>  drivers/cxl/pmem.c                      |   5 +-
>  drivers/cxl/security.c                  |  13 +-
>  include/uapi/linux/cxl_mem.h            |   2 +
>  tools/testing/cxl/test/mem.c            |  27 ++
>  12 files changed, 497 insertions(+), 21 deletions(-)
> 
> --
> 2.38.1
>
Davidlohr Bueso Dec. 7, 2022, 3:03 a.m. UTC | #2
On Tue, 06 Dec 2022, Dan Williams wrote:

>Davidlohr Bueso wrote:
>> Hi,
>>
>> This series adds support for the rest of the security related cxl operation
>> which are not strictly dependent on PMEM.
>>
>> Patch 1 adds the required background cmd handling bits. While this is currently
>> only polling support, the idea is to follow up with an irq support once the
>> bits land in Ira's event work. All polling-specific code has been marked
>> as __maybe_unused.
>
>I will take a look, but this tends to put me in the mindset of this is
>v6.3 material that should wait for its user. Was that your intent?

Thanks for having a look. My intent was for 6.3, yes.

>
>> Patch 2 implements the sanitation commands (overwrite and secure erase).
>
>My concern with landing non-PMEM secure erase is that it is not scoped
>by partition type, and there is no existing appartus like there is on
>the nvdimm side to make sure an erase event does not collide with a
>device in active use.

I can drop the secure erase part of patch 2 and just leave overwrite.

Thanks,
Davidlohr
Dan Williams Dec. 7, 2022, 7:16 p.m. UTC | #3
Davidlohr Bueso wrote:
> On Tue, 06 Dec 2022, Dan Williams wrote:
> 
> >Davidlohr Bueso wrote:
> >> Hi,
> >>
> >> This series adds support for the rest of the security related cxl operation
> >> which are not strictly dependent on PMEM.
> >>
> >> Patch 1 adds the required background cmd handling bits. While this is currently
> >> only polling support, the idea is to follow up with an irq support once the
> >> bits land in Ira's event work. All polling-specific code has been marked
> >> as __maybe_unused.
> >
> >I will take a look, but this tends to put me in the mindset of this is
> >v6.3 material that should wait for its user. Was that your intent?
> 
> Thanks for having a look. My intent was for 6.3, yes.
> 
> >
> >> Patch 2 implements the sanitation commands (overwrite and secure erase).
> >
> >My concern with landing non-PMEM secure erase is that it is not scoped
> >by partition type, and there is no existing appartus like there is on
> >the nvdimm side to make sure an erase event does not collide with a
> >device in active use.
> 
> I can drop the secure erase part of patch 2 and just leave overwrite.

They both have the same problem, they need extra safety to make
sure that the device is not in active usage during the operation.