From: Dave Jiang <dave.jiang@intel.com>
To: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: linux-cxl@vger.kernel.org, nvdimm@lists.linux.dev,
dan.j.williams@intel.com, bwidawsk@kernel.org,
ira.weiny@intel.com, vishal.l.verma@intel.com,
alison.schofield@intel.com, dave@stgolabs.net
Subject: Re: [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support
Date: Tue, 9 Aug 2022 15:31:35 -0700 [thread overview]
Message-ID: <14d33af5-e8c7-c30d-7cd9-08f55a270992@intel.com> (raw)
In-Reply-To: <20220804141901.00005a2a@huawei.com>
On 8/4/2022 6:19 AM, Jonathan Cameron wrote:
> On Fri, 15 Jul 2022 14:09:36 -0700
> Dave Jiang <dave.jiang@intel.com> wrote:
>
>> Create callback function to support the nvdimm_security_ops() ->unlock()
>> callback. Translate the operation to send "Unlock" security command for CXL
>> mem device.
>>
>> When the mem device is unlocked, arch_invalidate_nvdimm_cache() is called
>> in order to invalidate all CPU caches before attempting to access the mem
>> device.
>>
>> See CXL 2.0 spec section 8.2.9.5.6.4 for reference.
>>
>> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> Hi Dave,
>
> One trivial thing inline.
>
> Thanks,
>
> Jonathan
>
>> ---
>> drivers/cxl/cxlmem.h | 1 +
>> drivers/cxl/security.c | 21 +++++++++++++++++++++
>> 2 files changed, 22 insertions(+)
>>
>> diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
>> index ced85be291f3..ae8ccd484491 100644
>> --- a/drivers/cxl/cxlmem.h
>> +++ b/drivers/cxl/cxlmem.h
>> @@ -253,6 +253,7 @@ enum cxl_opcode {
>> CXL_MBOX_OP_GET_SECURITY_STATE = 0x4500,
>> CXL_MBOX_OP_SET_PASSPHRASE = 0x4501,
>> CXL_MBOX_OP_DISABLE_PASSPHRASE = 0x4502,
>> + CXL_MBOX_OP_UNLOCK = 0x4503,
>> CXL_MBOX_OP_FREEZE_SECURITY = 0x4504,
>> CXL_MBOX_OP_MAX = 0x10000
>> };
>> diff --git a/drivers/cxl/security.c b/drivers/cxl/security.c
>> index 6399266a5908..d15520f280f0 100644
>> --- a/drivers/cxl/security.c
>> +++ b/drivers/cxl/security.c
>> @@ -114,11 +114,32 @@ static int cxl_pmem_security_freeze(struct nvdimm *nvdimm)
>> return cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_FREEZE_SECURITY, NULL, 0, NULL, 0);
>> }
>>
>> +static int cxl_pmem_security_unlock(struct nvdimm *nvdimm,
>> + const struct nvdimm_key_data *key_data)
>> +{
>> + struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
>> + struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
>> + struct cxl_dev_state *cxlds = cxlmd->cxlds;
>> + u8 pass[NVDIMM_PASSPHRASE_LEN];
>> + int rc;
>> +
>> + memcpy(pass, key_data->data, NVDIMM_PASSPHRASE_LEN);
> Why do we need a local copy? I'd have thought we could just
> pass keydata->data in as the payload for cxl_mbox_send_cmd()
> There might be some value in making it easier to check by
> having a structure defined for this payload (obviously trivial)
> but given we are using an array of length defined by a non CXL
> define, I'm not sure there is any point in the copy.
We end up hitting a compile warning if we just directly pass in because key_data->data has const qualifier.
tools/testing/cxl/../../../drivers/cxl/security.c: In function ‘cxl_pmem_security_unlock’:
tools/testing/cxl/../../../drivers/cxl/security.c:116:40: warning: passing argument 3 of ‘cxl_mbox_send_cmd’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
116 | key_data->data, NVDIMM_PASSPHRASE_LEN, NULL, 0);
| ~~~~~~~~^~~~~~
In file included from tools/testing/cxl/../../../drivers/cxl/security.c:8:
tools/testing/cxl/../../../drivers/cxl/cxlmem.h:408:70: note: expected ‘void *’ but argument is of type ‘const u8 *’ {aka ‘const unsigned char *’}
408 | int cxl_mbox_send_cmd(struct cxl_dev_state *cxlds, u16 opcode, void *in,
| ~~~~~~^~
>
>> + rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_UNLOCK,
>> + pass, NVDIMM_PASSPHRASE_LEN, NULL, 0);
>> + if (rc < 0)
>> + return rc;
>> +
>> + /* DIMM unlocked, invalidate all CPU caches before we read it */
>> + arch_invalidate_nvdimm_cache();
>> + return 0;
>> +}
>> +
>> static const struct nvdimm_security_ops __cxl_security_ops = {
>> .get_flags = cxl_pmem_get_security_flags,
>> .change_key = cxl_pmem_security_change_key,
>> .disable = cxl_pmem_security_disable,
>> .freeze = cxl_pmem_security_freeze,
>> + .unlock = cxl_pmem_security_unlock,
>> };
>>
>> const struct nvdimm_security_ops *cxl_security_ops = &__cxl_security_ops;
>>
>>
next prev parent reply other threads:[~2022-08-09 22:31 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 21:08 [PATCH RFC 00/15] Introduce security commands for CXL pmem device Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 01/15] cxl/pmem: Introduce nvdimm_security_ops with ->get_flags() operation Dave Jiang
2022-07-15 21:09 ` Davidlohr Bueso
2022-08-03 16:29 ` Jonathan Cameron
2022-07-18 5:34 ` [PATCH RFC 1/15] " Davidlohr Bueso
2022-07-15 21:08 ` [PATCH RFC 02/15] tools/testing/cxl: Create context for cxl mock device Dave Jiang
2022-07-18 6:29 ` [PATCH RFC 2/15] " Davidlohr Bueso
2022-08-03 16:36 ` [PATCH RFC 02/15] " Jonathan Cameron
2022-08-09 20:30 ` Dave Jiang
2022-07-15 21:08 ` [PATCH RFC 03/15] tools/testing/cxl: Add "Get Security State" opcode support Dave Jiang
2022-08-03 16:51 ` Jonathan Cameron
2022-07-15 21:08 ` [PATCH RFC 04/15] cxl/pmem: Add "Set Passphrase" security command support Dave Jiang
2022-07-18 6:36 ` [PATCH RFC 4/15] " Davidlohr Bueso
2022-07-19 18:55 ` Dave Jiang
2022-08-03 17:01 ` [PATCH RFC 04/15] " Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 05/15] tools/testing/cxl: Add "Set Passphrase" opcode support Dave Jiang
2022-08-03 17:15 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 06/15] cxl/pmem: Add Disable Passphrase security command support Dave Jiang
2022-08-03 17:21 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 07/15] tools/testing/cxl: Add "Disable" security opcode support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 08/15] cxl/pmem: Add "Freeze Security State" security command support Dave Jiang
2022-08-03 17:23 ` Jonathan Cameron
2022-07-15 21:09 ` [PATCH RFC 09/15] tools/testing/cxl: Add "Freeze Security State" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 10/15] x86: add an arch helper function to invalidate all cache for nvdimm Dave Jiang
2022-07-18 5:30 ` Davidlohr Bueso
2022-07-19 19:07 ` Dave Jiang
2022-08-03 17:37 ` Jonathan Cameron
2022-08-09 21:47 ` Dave Jiang
2022-08-10 14:15 ` Mark Rutland
2022-08-10 14:31 ` Eliot Moss
2022-08-10 18:09 ` Mark Rutland
2022-08-10 18:11 ` Eliot Moss
2022-08-10 20:06 ` Dan Williams
2022-08-10 21:13 ` Davidlohr Bueso
2022-08-10 21:30 ` Dan Williams
2022-08-10 21:31 ` Davidlohr Bueso
2022-08-15 16:07 ` [PATCH] arch/cacheflush: Introduce flush_all_caches() Davidlohr Bueso
2022-08-16 9:01 ` Peter Zijlstra
2022-08-16 16:50 ` Dan Williams
2022-08-16 16:53 ` Davidlohr Bueso
2022-08-16 17:42 ` Dan Williams
2022-08-16 17:52 ` Davidlohr Bueso
2022-08-16 18:49 ` Dan Williams
2022-08-17 7:53 ` Peter Zijlstra
2022-08-17 7:49 ` Peter Zijlstra
2022-07-15 21:09 ` [PATCH RFC 11/15] cxl/pmem: Add "Unlock" security command support Dave Jiang
2022-08-04 13:19 ` Jonathan Cameron
2022-08-09 22:31 ` Dave Jiang [this message]
2022-07-15 21:09 ` [PATCH RFC 12/15] tools/testing/cxl: Add "Unlock" security opcode support Dave Jiang
2022-07-15 21:09 ` [PATCH RFC 13/15] cxl/pmem: Add "Passphrase Secure Erase" security command support Dave Jiang
2022-07-20 6:17 ` Davidlohr Bueso
2022-07-20 17:38 ` Dave Jiang
2022-07-20 18:02 ` Davidlohr Bueso
2022-07-15 21:09 ` [PATCH RFC 14/15] tools/testing/cxl: Add "passphrase secure erase" opcode support Dave Jiang
2022-07-15 21:10 ` [PATCH RFC 15/15] nvdimm/cxl/pmem: Add support for master passphrase disable security command Dave Jiang
2022-07-15 21:29 ` [PATCH RFC 00/15] Introduce security commands for CXL pmem device Davidlohr Bueso
2022-07-19 18:53 ` Dave Jiang
2022-08-03 17:03 ` Jonathan Cameron
2022-08-08 22:18 ` Dave Jiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14d33af5-e8c7-c30d-7cd9-08f55a270992@intel.com \
--to=dave.jiang@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=alison.schofield@intel.com \
--cc=bwidawsk@kernel.org \
--cc=dan.j.williams@intel.com \
--cc=dave@stgolabs.net \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox