From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
To: <qemu-devel@nongnu.org>, <linux-cxl@vger.kernel.org>,
Michael Tsirkin <mst@redhat.com>
Cc: linuxarm@huawei.com, "Fan Ni" <fan.ni@samsung.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Davidlohr Bueso" <dave@stgolabs.net>,
"Gregory Price" <gregory.price@memverge.com>,
"Klaus Jensen" <its@irrelevant.dk>,
"Corey Minyard" <cminyard@mvista.com>,
"Klaus Jensen" <k.jensen@samsung.com>
Subject: [PATCH 16/19] hw/cxl: Add support for device sanitation
Date: Mon, 25 Sep 2023 17:11:21 +0100 [thread overview]
Message-ID: <20230925161124.18940-17-Jonathan.Cameron@huawei.com> (raw)
In-Reply-To: <20230925161124.18940-1-Jonathan.Cameron@huawei.com>
From: Davidlohr Bueso <dave@stgolabs.net>
Make use of the background operations through the sanitize command, per CXL
3.0 specs. Traditionally run times can be rather long, depending on the
size of the media.
Estimate times based on:
https://pmem.io/documents/NVDIMM_DSM_Interface-V1.8.pdf
Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
---
include/hw/cxl/cxl_device.h | 17 +++++
hw/cxl/cxl-mailbox-utils.c | 140 ++++++++++++++++++++++++++++++++++++
hw/mem/cxl_type3.c | 10 +++
3 files changed, 167 insertions(+)
diff --git a/include/hw/cxl/cxl_device.h b/include/hw/cxl/cxl_device.h
index b7fa57fd14..dfa25a0837 100644
--- a/include/hw/cxl/cxl_device.h
+++ b/include/hw/cxl/cxl_device.h
@@ -347,6 +347,23 @@ REG64(CXL_MEM_DEV_STS, 0)
FIELD(CXL_MEM_DEV_STS, MBOX_READY, 4, 1)
FIELD(CXL_MEM_DEV_STS, RESET_NEEDED, 5, 3)
+static inline void __toggle_media(CXLDeviceState *cxl_dstate, int val)
+{
+ uint64_t dev_status_reg;
+
+ dev_status_reg = FIELD_DP64(0, CXL_MEM_DEV_STS, MEDIA_STATUS, val);
+ cxl_dstate->mbox_reg_state64[R_CXL_MEM_DEV_STS] = dev_status_reg;
+}
+#define cxl_dev_disable_media(cxlds) \
+ do { __toggle_media((cxlds), 0x3); } while (0)
+#define cxl_dev_enable_media(cxlds) \
+ do { __toggle_media((cxlds), 0x1); } while (0)
+
+static inline bool sanitize_running(CXLCCI *cci)
+{
+ return !!cci->bg.runtime && cci->bg.opcode == 0x4400;
+}
+
typedef struct CXLError {
QTAILQ_ENTRY(CXLError) node;
int type; /* Error code as per FE definition */
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 3db86b4da7..644dd97727 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -18,6 +18,7 @@
#include "qemu/log.h"
#include "qemu/units.h"
#include "qemu/uuid.h"
+#include "sysemu/hostmem.h"
#define CXL_CAPACITY_MULTIPLIER (256 * MiB)
@@ -69,6 +70,9 @@ enum {
#define GET_PARTITION_INFO 0x0
#define GET_LSA 0x2
#define SET_LSA 0x3
+ SANITIZE = 0x44,
+ #define OVERWRITE 0x0
+ #define SECURE_ERASE 0x1
MEDIA_AND_POISON = 0x43,
#define GET_POISON_LIST 0x0
#define INJECT_POISON 0x1
@@ -763,6 +767,108 @@ static CXLRetCode cmd_ccls_set_lsa(const struct cxl_cmd *cmd,
return CXL_MBOX_SUCCESS;
}
+/* Perform the actual device zeroing */
+static void __do_sanitization(CXLType3Dev *ct3d)
+{
+ MemoryRegion *mr;
+
+ if (ct3d->hostvmem) {
+ mr = host_memory_backend_get_memory(ct3d->hostvmem);
+ if (mr) {
+ void *hostmem = memory_region_get_ram_ptr(mr);
+ memset(hostmem, 0, memory_region_size(mr));
+ }
+ }
+
+ if (ct3d->hostpmem) {
+ mr = host_memory_backend_get_memory(ct3d->hostpmem);
+ if (mr) {
+ void *hostmem = memory_region_get_ram_ptr(mr);
+ memset(hostmem, 0, memory_region_size(mr));
+ }
+ }
+ if (ct3d->lsa) {
+ mr = host_memory_backend_get_memory(ct3d->lsa);
+ if (mr) {
+ void *lsa = memory_region_get_ram_ptr(mr);
+ memset(lsa, 0, memory_region_size(mr));
+ }
+ }
+}
+
+/*
+ * CXL 3.0 spec section 8.2.9.8.5.1 - Sanitize.
+ *
+ * Once the Sanitize command has started successfully, the device shall be
+ * placed in the media disabled state. If the command fails or is interrupted
+ * by a reset or power failure, it shall remain in the media disabled state
+ * until a successful Sanitize command has been completed. During this state:
+ *
+ * 1. Memory writes to the device will have no effect, and all memory reads
+ * will return random values (no user data returned, even for locations that
+ * the failed Sanitize operation didn’t sanitize yet).
+ *
+ * 2. Mailbox commands shall still be processed in the disabled state, except
+ * that commands that access Sanitized areas shall fail with the Media Disabled
+ * error code.
+ */
+static CXLRetCode cmd_sanitize_overwrite(const struct cxl_cmd *cmd,
+ uint8_t *payload_in,
+ size_t len_in,
+ uint8_t *payload_out,
+ size_t *len_out,
+ CXLCCI *cci)
+{
+ CXLType3Dev *ct3d = CXL_TYPE3(cci->d);
+ uint64_t total_mem; /* in Mb */
+ int secs;
+
+ total_mem = (ct3d->cxl_dstate.vmem_size + ct3d->cxl_dstate.pmem_size) >> 20;
+ if (total_mem <= 512) {
+ secs = 4;
+ } else if (total_mem <= 1024) {
+ secs = 8;
+ } else if (total_mem <= 2 * 1024) {
+ secs = 15;
+ } else if (total_mem <= 4 * 1024) {
+ secs = 30;
+ } else if (total_mem <= 8 * 1024) {
+ secs = 60;
+ } else if (total_mem <= 16 * 1024) {
+ secs = 2 * 60;
+ } else if (total_mem <= 32 * 1024) {
+ secs = 4 * 60;
+ } else if (total_mem <= 64 * 1024) {
+ secs = 8 * 60;
+ } else if (total_mem <= 128 * 1024) {
+ secs = 15 * 60;
+ } else if (total_mem <= 256 * 1024) {
+ secs = 30 * 60;
+ } else if (total_mem <= 512 * 1024) {
+ secs = 60 * 60;
+ } else if (total_mem <= 1024 * 1024) {
+ secs = 120 * 60;
+ } else {
+ secs = 240 * 60; /* max 4 hrs */
+ }
+
+ /* EBUSY other bg cmds as of now */
+ cci->bg.runtime = secs * 1000UL;
+ *len_out = 0;
+
+ cxl_dev_disable_media(&ct3d->cxl_dstate);
+
+ if (secs > 2) {
+ /* sanitize when done */
+ return CXL_MBOX_BG_STARTED;
+ } else {
+ __do_sanitization(ct3d);
+ cxl_dev_enable_media(&ct3d->cxl_dstate);
+
+ return CXL_MBOX_SUCCESS;
+ }
+}
+
/*
* This is very inefficient, but good enough for now!
* Also the payload will always fit, so no need to handle the MORE flag and
@@ -1007,6 +1113,8 @@ static const struct cxl_cmd cxl_cmd_set[256][256] = {
[CCLS][GET_LSA] = { "CCLS_GET_LSA", cmd_ccls_get_lsa, 8, 0 },
[CCLS][SET_LSA] = { "CCLS_SET_LSA", cmd_ccls_set_lsa,
~0, IMMEDIATE_CONFIG_CHANGE | IMMEDIATE_DATA_CHANGE },
+ [SANITIZE][OVERWRITE] = { "SANITIZE_OVERWRITE", cmd_sanitize_overwrite, 0,
+ IMMEDIATE_DATA_CHANGE | SECURITY_STATE_CHANGE | BACKGROUND_OPERATION },
[MEDIA_AND_POISON][GET_POISON_LIST] = { "MEDIA_AND_POISON_GET_POISON_LIST",
cmd_media_get_poison_list, 16, 0 },
[MEDIA_AND_POISON][INJECT_POISON] = { "MEDIA_AND_POISON_INJECT_POISON",
@@ -1066,6 +1174,21 @@ int cxl_process_cci_message(CXLCCI *cci, uint8_t set, uint8_t cmd,
return CXL_MBOX_BUSY;
}
+ /* forbid any selected commands while overwriting */
+ if (sanitize_running(cci)) {
+ if (h == cmd_events_get_records ||
+ h == cmd_ccls_get_partition_info ||
+ h == cmd_ccls_set_lsa ||
+ h == cmd_ccls_get_lsa ||
+ h == cmd_logs_get_log ||
+ h == cmd_media_get_poison_list ||
+ h == cmd_media_inject_poison ||
+ h == cmd_media_clear_poison ||
+ h == cmd_sanitize_overwrite) {
+ return CXL_MBOX_MEDIA_DISABLED;
+ }
+ }
+
ret = (*h)(cxl_cmd, pl_in, len_in, pl_out, len_out, cci);
if ((cxl_cmd->effect & BACKGROUND_OPERATION) &&
ret == CXL_MBOX_BG_STARTED) {
@@ -1104,6 +1227,23 @@ static void bg_timercb(void *opaque)
cci->bg.complete_pct = 100;
cci->bg.ret_code = ret;
+ if (ret == CXL_MBOX_SUCCESS) {
+ switch (cci->bg.opcode) {
+ case 0x4400: /* sanitize */
+ {
+ CXLType3Dev *ct3d = CXL_TYPE3(cci->d);
+
+ __do_sanitization(ct3d);
+ cxl_dev_enable_media(&ct3d->cxl_dstate);
+ }
+ break;
+ case 0x4304: /* TODO: scan media */
+ break;
+ default:
+ __builtin_unreachable();
+ break;
+ }
+ }
qemu_log("Background command %04xh finished: %s\n",
cci->bg.opcode,
diff --git a/hw/mem/cxl_type3.c b/hw/mem/cxl_type3.c
index 0529745786..cc8220592f 100644
--- a/hw/mem/cxl_type3.c
+++ b/hw/mem/cxl_type3.c
@@ -23,6 +23,7 @@
#include "qemu/pmem.h"
#include "qemu/range.h"
#include "qemu/rcu.h"
+#include "qemu/guest-random.h"
#include "sysemu/hostmem.h"
#include "sysemu/numa.h"
#include "hw/cxl/cxl.h"
@@ -897,6 +898,11 @@ MemTxResult cxl_type3_read(PCIDevice *d, hwaddr host_addr, uint64_t *data,
return MEMTX_ERROR;
}
+ if (sanitize_running(&CXL_TYPE3(d)->cci)) {
+ qemu_guest_getrandom_nofail(data, size);
+ return MEMTX_OK;
+ }
+
return address_space_read(as, dpa_offset, attrs, data, size);
}
@@ -913,6 +919,10 @@ MemTxResult cxl_type3_write(PCIDevice *d, hwaddr host_addr, uint64_t data,
return MEMTX_ERROR;
}
+ if (sanitize_running(&CXL_TYPE3(d)->cci)) {
+ return MEMTX_OK;
+ }
+
return address_space_write(as, dpa_offset, attrs, &data, size);
}
--
2.39.2
next prev parent reply other threads:[~2023-09-25 16:19 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-25 16:11 [PATCH 00/19] QEMU: CXL mailbox rework and features Jonathan Cameron
2023-09-25 16:11 ` [PATCH 01/19] hw/cxl/mbox: Pull the payload out of struct cxl_cmd and make instances constant Jonathan Cameron
2023-09-27 19:27 ` Fan Ni
2023-09-25 16:11 ` [PATCH 02/19] hw/cxl/mbox: Split mailbox command payload into separate input and output Jonathan Cameron
2023-09-27 22:58 ` Fan Ni
2023-09-25 16:11 ` [PATCH 03/19] hw/cxl/mbox: Pull the CCI definition out of the CXLDeviceState Jonathan Cameron
2023-09-28 17:44 ` Fan Ni
2023-10-16 15:59 ` Jonathan Cameron
2023-09-25 16:11 ` [PATCH 04/19] hw/cxl/mbox: Generalize the CCI command processing Jonathan Cameron
2023-09-28 18:21 ` Fan Ni
2023-10-13 16:17 ` Jonathan Cameron
2023-09-25 16:11 ` [PATCH 05/19] hw/pci-bridge/cxl_upstream: Move defintion of device to header Jonathan Cameron
2023-09-28 18:26 ` Fan Ni
2023-09-25 16:11 ` [PATCH 06/19] hw/cxl/i2c_mctp_cxl: Initial device emulation Jonathan Cameron
2023-09-25 16:11 ` [PATCH 07/19] hw/cxl/mbox: Add Information and Status / Identify command Jonathan Cameron
2023-09-25 16:11 ` [PATCH 08/19] docs: cxl: Add example commandline for MCTP CXL CCIs Jonathan Cameron
2023-09-25 16:11 ` [PATCH 09/19] hw/cxl/mbox: Add Physical Switch Identify command Jonathan Cameron
2023-09-25 16:11 ` [PATCH 10/19] hw/cxl: Add a switch mailbox CCI function Jonathan Cameron
2023-09-25 16:11 ` [PATCH 11/19] hw/pci-bridge/cxl_downstream: Set default link width and link speed Jonathan Cameron
2023-09-25 16:11 ` [PATCH 12/19] hw/cxl: Implement Physical Ports status retrieval Jonathan Cameron
2023-09-27 13:55 ` Jonathan Cameron
2023-09-25 16:11 ` [PATCH 13/19] hw/cxl/mbox: Add Get Background Operation Status Command Jonathan Cameron
2023-09-25 16:11 ` [PATCH 14/19] hw/cxl/mbox: Add support for background operations Jonathan Cameron
2023-09-25 16:11 ` [PATCH 15/19] hw/cxl/mbox: Wire up interrupts for background completion Jonathan Cameron
2023-09-25 16:11 ` Jonathan Cameron [this message]
2023-09-25 16:11 ` [PATCH 17/19] hw/cxl/type3: Cleanup multiple CXL_TYPE3() calls in read/write functions Jonathan Cameron
2023-09-25 16:11 ` [PATCH 18/19] hw/cxl: Add dummy security state get Jonathan Cameron
2023-09-25 16:11 ` [PATCH 19/19] hw/cxl: Add tunneled command support to mailbox for switch cci/mctp Jonathan Cameron
2023-09-25 16:50 ` [PATCH 00/19] QEMU: CXL mailbox rework and features Jonathan Cameron
2023-09-28 18:12 ` Gregory Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230925161124.18940-17-Jonathan.Cameron@huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=cminyard@mvista.com \
--cc=dave@stgolabs.net \
--cc=fan.ni@samsung.com \
--cc=gregory.price@memverge.com \
--cc=its@irrelevant.dk \
--cc=k.jensen@samsung.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=mst@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox