Re: [PATCH 1/3] cxl/memdev: Improve sanitize ABI descriptions

Linux CXL
 help / color / mirror / Atom feed

From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Davidlohr Bueso <dave@stgolabs.net>
Cc: <dan.j.williams@intel.com>, <vishal.l.verma@intel.com>,
	<fan.ni@samsung.com>, <dave.jiang@intel.com>,
	<a.manzanares@samsung.com>, <linux-cxl@vger.kernel.org>
Subject: Re: [PATCH 1/3] cxl/memdev: Improve sanitize ABI descriptions
Date: Fri, 4 Aug 2023 15:02:38 +0100	[thread overview]
Message-ID: <20230804150238.00005c89@Huawei.com> (raw)
In-Reply-To: <20230726051940.3570-2-dave@stgolabs.net>

On Tue, 25 Jul 2023 22:19:38 -0700
Davidlohr Bueso <dave@stgolabs.net> wrote:

> Be more detailed about the CPU cache management situation. The same
> goes for both sanitize and secure erase.
> 
> Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
> ---
>  Documentation/ABI/testing/sysfs-bus-cxl | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/ABI/testing/sysfs-bus-cxl b/Documentation/ABI/testing/sysfs-bus-cxl
> index 6350dd82b9a9..c4c4acb1f3b3 100644
> --- a/Documentation/ABI/testing/sysfs-bus-cxl
> +++ b/Documentation/ABI/testing/sysfs-bus-cxl
> @@ -82,7 +82,11 @@ Description:
>  		whether it resides in persistent capacity, volatile capacity,
>  		or the LSA, is made permanently unavailable by whatever means
>  		is appropriate for the media type. This functionality requires
> -		the device to be not be actively decoding any HPA ranges.
> +		the device to be disabled, that is, not actively decoding any
> +		HPA ranges. This permits avoiding explicit global CPU cache
> +		management, relying instead for it to be done when a region
> +		transitions between software programmed and hardware committed
> +		states.

That worries me a bit.  Sounds like we are leaving a possible attack vector
after a user will assume that all data is definitely gone and their secrets secure.

I'm not sure what the attack would be, but I'd be happier if we didn't forgo
the cache evictions.  This is not exactly a fast path at any time.
However I though region tear down (and resulting HDM decoder disables) were followed
by a flush anyway so there should be nothing there...

>  
>  
>  What            /sys/bus/cxl/devices/memX/security/erase
> @@ -92,7 +96,12 @@ Contact:        linux-cxl@vger.kernel.org
>  Description:
>  		(WO) Write a boolean 'true' string value to this attribute to
>  		secure erase user data by changing the media encryption keys for
> -		all user data areas of the device.
> +		all user data areas of the device. This functionality requires
> +		the device to be disabled, that is, not actively decoding any
> +		HPA ranges. This permits avoiding explicit global CPU cache
> +		management, relying instead for it to be done when a region
> +		transitions between software programmed and hardware committed
> +		states.
>  
>  
>  What:		/sys/bus/cxl/devices/memX/firmware/

next prev parent reply	other threads:[~2023-08-04 14:02 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-26  5:19 [PATCH 0/3] cxl/memdev: Make sanitize interfaces conditionally available Davidlohr Bueso
2023-07-26  5:19 ` [PATCH 1/3] cxl/memdev: Improve sanitize ABI descriptions Davidlohr Bueso
2023-07-28 18:01   ` Dave Jiang
2023-08-04 14:02   ` Jonathan Cameron [this message]
2023-08-11 14:58     ` Davidlohr Bueso
2023-07-26  5:19 ` [PATCH 2/3] cxl/memdev: Document security state in kern-doc Davidlohr Bueso
2023-07-28 18:02   ` Dave Jiang
2023-07-26  5:19 ` [PATCH 3/3] cxl/memdev: Only show sanitize sysfs files when supported Davidlohr Bueso
2023-07-28 18:12   ` Dave Jiang
2023-08-04 14:16   ` Jonathan Cameron
2023-08-04 23:50     ` Davidlohr Bueso
  -- strict thread matches above, loose matches on Subject: below --
2024-04-22  7:01 [PATCH 1/3] cxl/memdev: Improve sanitize ABI descriptions Dongsheng Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230804150238.00005c89@Huawei.com \
    --to=jonathan.cameron@huawei.com \
    --cc=a.manzanares@samsung.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.jiang@intel.com \
    --cc=dave@stgolabs.net \
    --cc=fan.ni@samsung.com \
    --cc=linux-cxl@vger.kernel.org \
    --cc=vishal.l.verma@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox