From patchwork Wed Nov 30 19:22:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Jiang X-Patchwork-Id: 13060299 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 252ECC4708A for ; Wed, 30 Nov 2022 19:23:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229591AbiK3TWr (ORCPT ); Wed, 30 Nov 2022 14:22:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229719AbiK3TWY (ORCPT ); Wed, 30 Nov 2022 14:22:24 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 770B0837F2 for ; Wed, 30 Nov 2022 11:22:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1669836142; x=1701372142; h=subject:from:to:cc:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=biPIcOJurmACP5RPlUrLdAg9UUu9VL3Wg39YPwriexI=; b=QfFY4OEO9k8MAXuLtjHekRsVIbDtUiQ6dPHh2Egpgxi9z7kB95H22zOD cq+bDTU5viD/GEMFnM3+b28YCC3guv9wd+pcRr3d/b6RlDtOe9lUiHgp7 iu8hwPaIWF2MDs+6MyaBuOOVv/2KbYbtYvfTCkOrPoDU61hNgfLyc1T1a ywUe4wXM4OS/z/9Y6aAPrFSKI0jtWQn8DbVeJXn6U/wzmjJanB/I5h0qN jPjtqmukaqwZR67tHeEWD7XuuE87xotRkJVWRcxKrikLu773SeRDfUyVR qDViWDbb3vzjEZsGfnoGUesmMEdo2jRFpDfyCL1tDpJShJTP0GYO0CLQO Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10547"; a="295853964" X-IronPort-AV: E=Sophos;i="5.96,207,1665471600"; d="scan'208";a="295853964" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Nov 2022 11:22:22 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10547"; a="707769001" X-IronPort-AV: E=Sophos;i="5.96,207,1665471600"; d="scan'208";a="707769001" Received: from djiang5-desk3.ch.intel.com ([143.182.136.137]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Nov 2022 11:22:21 -0800 Subject: [PATCH v7 09/20] cxl/pmem: Add "Unlock" security command support From: Dave Jiang To: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev Cc: dan.j.williams@intel.com, ira.weiny@intel.com, vishal.l.verma@intel.com, alison.schofield@intel.com, Jonathan.Cameron@huawei.com, dave@stgolabs.net Date: Wed, 30 Nov 2022 12:22:21 -0700 Message-ID: <166983614167.2734609.15124543712487741176.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <166983606451.2734609.4050644229630259452.stgit@djiang5-desk3.ch.intel.com> References: <166983606451.2734609.4050644229630259452.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/1.4 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org Create callback function to support the nvdimm_security_ops() ->unlock() callback. Translate the operation to send "Unlock" security command for CXL mem device. When the mem device is unlocked, cpu_cache_invalidate_memregion() is called in order to invalidate all CPU caches before attempting to access the mem device. See CXL rev3.0 spec section 8.2.9.8.6.4 for reference. Reviewed-by: Davidlohr Bueso Reviewed-by: Jonathan Cameron Signed-off-by: Dave Jiang Link: https://lore.kernel.org/r/166863351691.80269.1807184712107466778.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dan Williams --- drivers/cxl/core/mbox.c | 1 + drivers/cxl/cxlmem.h | 1 + drivers/cxl/security.c | 27 +++++++++++++++++++++++++++ include/uapi/linux/cxl_mem.h | 1 + 4 files changed, 30 insertions(+) diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index 20bceb9e78bc..4f84d3962fb1 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -69,6 +69,7 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = { CXL_CMD(SET_PASSPHRASE, 0x60, 0, 0), CXL_CMD(DISABLE_PASSPHRASE, 0x40, 0, 0), CXL_CMD(FREEZE_SECURITY, 0, 0, 0), + CXL_CMD(UNLOCK, 0x20, 0, 0), }; /* diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h index 9007158969fe..4e6897e8eb7d 100644 --- a/drivers/cxl/cxlmem.h +++ b/drivers/cxl/cxlmem.h @@ -276,6 +276,7 @@ enum cxl_opcode { CXL_MBOX_OP_GET_SECURITY_STATE = 0x4500, CXL_MBOX_OP_SET_PASSPHRASE = 0x4501, CXL_MBOX_OP_DISABLE_PASSPHRASE = 0x4502, + CXL_MBOX_OP_UNLOCK = 0x4503, CXL_MBOX_OP_FREEZE_SECURITY = 0x4504, CXL_MBOX_OP_MAX = 0x10000 }; diff --git a/drivers/cxl/security.c b/drivers/cxl/security.c index f323a1593cfc..32b9e279e74b 100644 --- a/drivers/cxl/security.c +++ b/drivers/cxl/security.c @@ -5,6 +5,7 @@ #include #include #include +#include #include "cxlmem.h" #include "cxl.h" @@ -96,11 +97,37 @@ static int cxl_pmem_security_freeze(struct nvdimm *nvdimm) return cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_FREEZE_SECURITY, NULL, 0, NULL, 0); } +static int cxl_pmem_security_unlock(struct nvdimm *nvdimm, + const struct nvdimm_key_data *key_data) +{ + struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm); + struct cxl_memdev *cxlmd = cxl_nvd->cxlmd; + struct cxl_dev_state *cxlds = cxlmd->cxlds; + u8 pass[NVDIMM_PASSPHRASE_LEN]; + int rc; + + if (!cpu_cache_has_invalidate_memregion()) + return -EINVAL; + + memcpy(pass, key_data->data, NVDIMM_PASSPHRASE_LEN); + rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_UNLOCK, + pass, NVDIMM_PASSPHRASE_LEN, NULL, 0); + if (rc < 0) + return rc; + + /* DIMM unlocked, invalidate all CPU caches before we read it */ + cpu_cache_invalidate_memregion(IORES_DESC_PERSISTENT_MEMORY); + return 0; +} + static const struct nvdimm_security_ops __cxl_security_ops = { .get_flags = cxl_pmem_get_security_flags, .change_key = cxl_pmem_security_change_key, .disable = cxl_pmem_security_disable, .freeze = cxl_pmem_security_freeze, + .unlock = cxl_pmem_security_unlock, }; const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops; + +MODULE_IMPORT_NS(DEVMEM); diff --git a/include/uapi/linux/cxl_mem.h b/include/uapi/linux/cxl_mem.h index 7c0adcd68f4c..95dca8d4584f 100644 --- a/include/uapi/linux/cxl_mem.h +++ b/include/uapi/linux/cxl_mem.h @@ -45,6 +45,7 @@ ___C(SET_PASSPHRASE, "Set Passphrase"), \ ___C(DISABLE_PASSPHRASE, "Disable Passphrase"), \ ___C(FREEZE_SECURITY, "Freeze Security"), \ + ___C(UNLOCK, "Unlock"), \ ___C(MAX, "invalid / last command") #define ___C(a, b) CXL_MEM_COMMAND_ID_##a