diff options
author | Davidlohr Bueso <dave@stgolabs.net> | 2023-06-12 21:10:37 +0300 |
---|---|---|
committer | Dan Williams <dan.j.williams@intel.com> | 2023-06-26 01:34:41 +0300 |
commit | 180ffd338c35057c3e8521d55555ae3b36b67fa6 (patch) | |
tree | 5fbbde3ee1b018ebaa16b52696b117763bec9d3d /drivers/cxl | |
parent | c5c39217ff49ffb8494a671c9521c43006f87f1a (diff) | |
download | linux-180ffd338c35057c3e8521d55555ae3b36b67fa6.tar.xz |
cxl/mem: Support Secure Erase
Implement support for the non-pmem exclusive secure erase, per
CXL specs. Create a write-only 'security/erase' sysfs file to
perform the requested operation.
As with the sanitation this requires the device being offline
and thus no active HPA-DPA decoding.
The expectation is that userspace can use it such as:
cxl disable-memdev memX
echo 1 > /sys/bus/cxl/devices/memX/security/erase
cxl enable-memdev memX
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
Link: https://lore.kernel.org/r/20230612181038.14421-7-dave@stgolabs.net
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'drivers/cxl')
-rw-r--r-- | drivers/cxl/core/mbox.c | 6 | ||||
-rw-r--r-- | drivers/cxl/core/memdev.c | 28 | ||||
-rw-r--r-- | drivers/cxl/cxlmem.h | 1 |
3 files changed, 34 insertions, 1 deletions
diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c index e6e60c8b606e..c86d0b3159b0 100644 --- a/drivers/cxl/core/mbox.c +++ b/drivers/cxl/core/mbox.c @@ -1102,7 +1102,7 @@ int cxl_mem_sanitize(struct cxl_dev_state *cxlds, u16 cmd) }; struct cxl_mbox_cmd mbox_cmd = { .opcode = cmd }; - if (cmd != CXL_MBOX_OP_SANITIZE) + if (cmd != CXL_MBOX_OP_SANITIZE && cmd != CXL_MBOX_OP_SECURE_ERASE) return -EINVAL; rc = cxl_internal_send_cmd(cxlds, &sec_cmd); @@ -1120,6 +1120,10 @@ int cxl_mem_sanitize(struct cxl_dev_state *cxlds, u16 cmd) if (sec_out & CXL_PMEM_SEC_STATE_USER_PASS_SET) return -EINVAL; + if (cmd == CXL_MBOX_OP_SECURE_ERASE && + sec_out & CXL_PMEM_SEC_STATE_LOCKED) + return -EINVAL; + rc = cxl_internal_send_cmd(cxlds, &mbox_cmd); if (rc < 0) { dev_err(cxlds->dev, "Failed to sanitize device : %d", rc); diff --git a/drivers/cxl/core/memdev.c b/drivers/cxl/core/memdev.c index bdd1edfd62e8..ed8de7efddef 100644 --- a/drivers/cxl/core/memdev.c +++ b/drivers/cxl/core/memdev.c @@ -163,6 +163,33 @@ static ssize_t security_sanitize_store(struct device *dev, static struct device_attribute dev_attr_security_sanitize = __ATTR(sanitize, 0200, NULL, security_sanitize_store); +static ssize_t security_erase_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t len) +{ + struct cxl_memdev *cxlmd = to_cxl_memdev(dev); + struct cxl_dev_state *cxlds = cxlmd->cxlds; + struct cxl_port *port = dev_get_drvdata(&cxlmd->dev); + ssize_t rc; + bool erase; + + if (kstrtobool(buf, &erase) || !erase) + return -EINVAL; + + if (!port || !is_cxl_endpoint(port)) + return -EINVAL; + + /* ensure no regions are mapped to this memdev */ + if (port->commit_end != -1) + return -EBUSY; + + rc = cxl_mem_sanitize(cxlds, CXL_MBOX_OP_SECURE_ERASE); + + return rc ? rc : len; +} +static struct device_attribute dev_attr_security_erase = + __ATTR(erase, 0200, NULL, security_erase_store); + static int cxl_get_poison_by_memdev(struct cxl_memdev *cxlmd) { struct cxl_dev_state *cxlds = cxlmd->cxlds; @@ -411,6 +438,7 @@ static struct attribute *cxl_memdev_ram_attributes[] = { static struct attribute *cxl_memdev_security_attributes[] = { &dev_attr_security_state.attr, &dev_attr_security_sanitize.attr, + &dev_attr_security_erase.attr, NULL, }; diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h index 5b84f27fc76a..78ff518012bf 100644 --- a/drivers/cxl/cxlmem.h +++ b/drivers/cxl/cxlmem.h @@ -388,6 +388,7 @@ enum cxl_opcode { CXL_MBOX_OP_SCAN_MEDIA = 0x4304, CXL_MBOX_OP_GET_SCAN_MEDIA = 0x4305, CXL_MBOX_OP_SANITIZE = 0x4400, + CXL_MBOX_OP_SECURE_ERASE = 0x4401, CXL_MBOX_OP_GET_SECURITY_STATE = 0x4500, CXL_MBOX_OP_SET_PASSPHRASE = 0x4501, CXL_MBOX_OP_DISABLE_PASSPHRASE = 0x4502, |