RE: [PATCH 4/7] cxl/mem: Wire up Sanitation support

[Dan Williams <dan.j.williams@intel.com>]

Davidlohr Bueso wrote:
> Implement support for CXL 3.0 8.2.9.8.5.1 Sanitize. This is done by
> adding a security/sanitize' memdev sysfs file to trigger the operation
> and extend the status file to make it poll(2)-capable for completion.
> Unlike all other background commands, this is the only operation that
> is special and monopolizes the device for long periods of time.
> 
> In addition to the traditional pmem security requirements, all regions
> must also be offline in order to perform the operation. This permits
> avoiding explicit global CPU cache management, relying instead on
> attach_target() setting CXL_REGION_F_INCOHERENT upon reconnect.

CXL_REGION_F_INCOHERENT is going away, but the sentiment still holds. I
will update this to:

"This permits avoiding explicit global CPU cache management, relying
instead on the implict cache management when a region transitions
between CXL_CONFIG_ACTIVE and CXL_CONFIG_COMMIT."

> 
> The expectation is that userspace can use it such as:
> 
>     cxl disable-memdev memX
>     echo 1 > /sys/bus/cxl/devices/memX/security/sanitize

I assume this will become 'cxl sanitize-memdev' and handle all the busy
reporting etc for the user?

>     cxl wait-sanitize memX
>     cxl enable-memdev memX
> 
> Reviewed-by: Dave Jiang <dave.jiang@intel.com>
> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
> ---
>  Documentation/ABI/testing/sysfs-bus-cxl | 21 +++++++-
>  drivers/cxl/core/mbox.c                 | 55 ++++++++++++++++++++
>  drivers/cxl/core/memdev.c               | 67 +++++++++++++++++++++++++
>  drivers/cxl/cxlmem.h                    |  4 ++
>  drivers/cxl/pci.c                       |  6 +++
>  5 files changed, 151 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/ABI/testing/sysfs-bus-cxl b/Documentation/ABI/testing/sysfs-bus-cxl
> index 721a44d8a482..5753cba98692 100644
> --- a/Documentation/ABI/testing/sysfs-bus-cxl
> +++ b/Documentation/ABI/testing/sysfs-bus-cxl
> @@ -64,8 +64,25 @@ KernelVersion:	v6.5
>  Contact:	linux-cxl@vger.kernel.org
>  Description:
>  		(RO) Reading this file will display the CXL security state for
> -		that device. Such states can be: 'disabled', or those available
> -		only for persistent memory: 'locked', 'unlocked' or 'frozen'.
> +		that device. Such states can be: 'disabled', 'sanitize', when
> +		a sanitation is currently underway; or those available only
> +		for persistent memory: 'locked', 'unlocked' or 'frozen'. This
> +		sysfs entry is select/poll capable from userspace to notify
> +		upon completion of a sanitize operation.
> +
> +
> +What:           /sys/bus/cxl/devices/memX/security/sanitize
> +Date:           June, 2023
> +KernelVersion:  v6.5
> +Contact:        linux-cxl@vger.kernel.org
> +Description:
> +		(WO) Write a boolean 'true' string value to this attribute to
> +		sanitize the device to securely re-purpose or decommission it.
> +		This is done by ensuring that all user data and meta-data,
> +		whether it resides in persistent capacity, volatile capacity,
> +		or the LSA, is made permanently unavailable by whatever means
> +		is appropriate for the media type. This functionality requires
> +		the device to be not be actively decoding any HPA ranges.

I notice this attribute is unconditionally available. It would be nice
to hide it on devices that do not support the optional sanitize command.

This is a minor fixup that just needs to be in place before v6.5-final.