Re: [PATCH 2/3] cxl/mem: Support sanitation commands

Linux CXL
 help / color / mirror / Atom feed

From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Davidlohr Bueso <dave@stgolabs.net>
Cc: <dan.j.williams@intel.com>, <ira.weiny@intel.com>,
	<dave.jiang@intel.com>, <linux-cxl@vger.kernel.org>
Subject: Re: [PATCH 2/3] cxl/mem: Support sanitation commands
Date: Tue, 20 Dec 2022 15:35:28 +0000	[thread overview]
Message-ID: <20221220153528.00000a15@Huawei.com> (raw)
In-Reply-To: <20221219204744.rna4khfjdyt4dugx@offworld>

On Mon, 19 Dec 2022 12:47:44 -0800
Davidlohr Bueso <dave@stgolabs.net> wrote:

> On Mon, 19 Dec 2022, Jonathan Cameron wrote:
> 
> >On Mon,  5 Dec 2022 17:15:00 -0800
> >Davidlohr Bueso <dave@stgolabs.net> wrote:
> >  
> >> Implement support for the non-pmem exclusive sanitize (aka overwrite)
> >> and secure erase commands, per CXL specs.
> >>
> >> To properly support this feature, create a 'security' sysfs file that
> >> when read will list the current pmem security state or overwrite, and
> >> when written to, perform the requested operation.
> >>
> >> As with ndctl-speak, the use cases here would be:
> >>  
> >> $> cxl sanitize --erase memX
> >> $> cxl sanitize --overwrite memX
> >> $> cxl sanitize --wait-overwrite memX  
> >>
> >> Where userspace can implement entirely the wait/query mechanism for
> >> waiting for the sanitize to complete (albeit no poll support for
> >> the security sysfs file).
> >>
> >> Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>  
> >
> >Hi Davidlohr,
> >
> >Given I'm late to the game and there has been lots of discussion I'll
> >focus on just the ABI.
> >  
> >> +What:		/sys/bus/cxl/devices/memX/security
> >> +Date:		December, 2022
> >> +KernelVersion:	v6.2
> >> +Contact:	linux-cxl@vger.kernel.org
> >> +Description:
> >> +		Reading this file will display the security state for that
> >> +		device. The following states are available: disabled, frozen,
> >> +		locked, unlocked and overwrite. When writing to the file, the
> >> +		following commands are supported:
> >> +		* overwrite - Sanitize the device to securely re-purpose or
> >> +		  decommission it. This is done by ensuring that all user data
> >> +		  and meta-data, whether it resides in persistent capacity,
> >> +		  volatile capacity, or the label storage area, is made
> >> +		  permanently unavailable by whatever means is appropriate for
> >> +		  the media type. This causes all CPU caches to be flushed.
> >> +		* erase - Secure Erase user data by changing the media encryption
> >> +		  keys for all user data areas of the device. This causes all
> >> +		  CPU caches to be flushed.  
> >
> >General rule of sysfs is one file, one thing.  I think this interface needs splitting.
> >RO attribute security_state
> >WO attribute security_overwrite (or maybe security_sanitize as overwriting is an
> >  implementation choice?)
> >WO attribute security_erase  
> 
> Fine by me. How about instead: security/{state, sanitize, erase}?

Sounds good.

Jonathan

next prev parent reply	other threads:[~2022-12-20 15:35 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-06  1:14 [PATCH v2 0/3] cxl: BG operations and device sanitation Davidlohr Bueso
2022-12-06  1:14 ` [PATCH 1/3] cxl/mbox: Add background operation handling machinery Davidlohr Bueso
2022-12-06 23:47   ` Dave Jiang
2022-12-07  3:42     ` Davidlohr Bueso
2022-12-07 15:26       ` Dave Jiang
2022-12-07  1:55   ` Dan Williams
2022-12-07 15:33     ` Dave Jiang
2022-12-07 19:47       ` Dan Williams
2022-12-07 16:10     ` Davidlohr Bueso
2022-12-07 19:29       ` Davidlohr Bueso
2022-12-07 21:21       ` Dan Williams
2022-12-12 17:05         ` Davidlohr Bueso
2022-12-12 22:52           ` Dan Williams
2022-12-06  1:15 ` [PATCH 2/3] cxl/mem: Support sanitation commands Davidlohr Bueso
2022-12-07  2:20   ` Dan Williams
2022-12-07 16:35     ` Davidlohr Bueso
2022-12-07 21:24       ` Dan Williams
2022-12-19 17:43   ` Jonathan Cameron
2022-12-19 20:47     ` Davidlohr Bueso
2022-12-20 15:35       ` Jonathan Cameron [this message]
2022-12-06  1:15 ` [PATCH 3/3] tools/testing/cxl: Add "Secure Erase" opcode support Davidlohr Bueso
2022-12-07  2:32   ` Dan Williams
2022-12-07  0:09 ` [PATCH v2 0/3] cxl: BG operations and device sanitation Dan Williams
2022-12-07  3:03   ` Davidlohr Bueso
2022-12-07 19:16     ` Dan Williams

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221220153528.00000a15@Huawei.com \
    --to=jonathan.cameron@huawei.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dave@stgolabs.net \
    --cc=ira.weiny@intel.com \
    --cc=linux-cxl@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox