Commit 638c1913 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'cxl-fixes-6.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl

Pull cxl fixes from Vishal Verma:

 - Fixup the Sanitixe device ABI that was merged for v6.5 to hide some
   sysfs files when the necessary support is missing. Update the ABI
   documentation around this as well.

* tag 'cxl-fixes-6.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
  cxl/memdev: Only show sanitize sysfs files when supported
  cxl/memdev: Document security state in kern-doc
  cxl/memdev: Improve sanitize ABI descriptions
parents 999f6631 ad64f595
...@@ -82,7 +82,12 @@ Description: ...@@ -82,7 +82,12 @@ Description:
whether it resides in persistent capacity, volatile capacity, whether it resides in persistent capacity, volatile capacity,
or the LSA, is made permanently unavailable by whatever means or the LSA, is made permanently unavailable by whatever means
is appropriate for the media type. This functionality requires is appropriate for the media type. This functionality requires
the device to be not be actively decoding any HPA ranges. the device to be disabled, that is, not actively decoding any
HPA ranges. This permits avoiding explicit global CPU cache
management, relying instead for it to be done when a region
transitions between software programmed and hardware committed
states. If this file is not present, then there is no hardware
support for the operation.
What /sys/bus/cxl/devices/memX/security/erase What /sys/bus/cxl/devices/memX/security/erase
...@@ -92,7 +97,13 @@ Contact: linux-cxl@vger.kernel.org ...@@ -92,7 +97,13 @@ Contact: linux-cxl@vger.kernel.org
Description: Description:
(WO) Write a boolean 'true' string value to this attribute to (WO) Write a boolean 'true' string value to this attribute to
secure erase user data by changing the media encryption keys for secure erase user data by changing the media encryption keys for
all user data areas of the device. all user data areas of the device. This functionality requires
the device to be disabled, that is, not actively decoding any
HPA ranges. This permits avoiding explicit global CPU cache
management, relying instead for it to be done when a region
transitions between software programmed and hardware committed
states. If this file is not present, then there is no hardware
support for the operation.
What: /sys/bus/cxl/devices/memX/firmware/ What: /sys/bus/cxl/devices/memX/firmware/
......
...@@ -121,6 +121,45 @@ static bool cxl_is_security_command(u16 opcode) ...@@ -121,6 +121,45 @@ static bool cxl_is_security_command(u16 opcode)
return false; return false;
} }
static void cxl_set_security_cmd_enabled(struct cxl_security_state *security,
u16 opcode)
{
switch (opcode) {
case CXL_MBOX_OP_SANITIZE:
set_bit(CXL_SEC_ENABLED_SANITIZE, security->enabled_cmds);
break;
case CXL_MBOX_OP_SECURE_ERASE:
set_bit(CXL_SEC_ENABLED_SECURE_ERASE,
security->enabled_cmds);
break;
case CXL_MBOX_OP_GET_SECURITY_STATE:
set_bit(CXL_SEC_ENABLED_GET_SECURITY_STATE,
security->enabled_cmds);
break;
case CXL_MBOX_OP_SET_PASSPHRASE:
set_bit(CXL_SEC_ENABLED_SET_PASSPHRASE,
security->enabled_cmds);
break;
case CXL_MBOX_OP_DISABLE_PASSPHRASE:
set_bit(CXL_SEC_ENABLED_DISABLE_PASSPHRASE,
security->enabled_cmds);
break;
case CXL_MBOX_OP_UNLOCK:
set_bit(CXL_SEC_ENABLED_UNLOCK, security->enabled_cmds);
break;
case CXL_MBOX_OP_FREEZE_SECURITY:
set_bit(CXL_SEC_ENABLED_FREEZE_SECURITY,
security->enabled_cmds);
break;
case CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE:
set_bit(CXL_SEC_ENABLED_PASSPHRASE_SECURE_ERASE,
security->enabled_cmds);
break;
default:
break;
}
}
static bool cxl_is_poison_command(u16 opcode) static bool cxl_is_poison_command(u16 opcode)
{ {
#define CXL_MBOX_OP_POISON_CMDS 0x43 #define CXL_MBOX_OP_POISON_CMDS 0x43
...@@ -677,7 +716,8 @@ static void cxl_walk_cel(struct cxl_memdev_state *mds, size_t size, u8 *cel) ...@@ -677,7 +716,8 @@ static void cxl_walk_cel(struct cxl_memdev_state *mds, size_t size, u8 *cel)
u16 opcode = le16_to_cpu(cel_entry[i].opcode); u16 opcode = le16_to_cpu(cel_entry[i].opcode);
struct cxl_mem_command *cmd = cxl_mem_find_command(opcode); struct cxl_mem_command *cmd = cxl_mem_find_command(opcode);
if (!cmd && !cxl_is_poison_command(opcode)) { if (!cmd && (!cxl_is_poison_command(opcode) ||
!cxl_is_security_command(opcode))) {
dev_dbg(dev, dev_dbg(dev,
"Opcode 0x%04x unsupported by driver\n", opcode); "Opcode 0x%04x unsupported by driver\n", opcode);
continue; continue;
...@@ -689,6 +729,9 @@ static void cxl_walk_cel(struct cxl_memdev_state *mds, size_t size, u8 *cel) ...@@ -689,6 +729,9 @@ static void cxl_walk_cel(struct cxl_memdev_state *mds, size_t size, u8 *cel)
if (cxl_is_poison_command(opcode)) if (cxl_is_poison_command(opcode))
cxl_set_poison_cmd_enabled(&mds->poison, opcode); cxl_set_poison_cmd_enabled(&mds->poison, opcode);
if (cxl_is_security_command(opcode))
cxl_set_security_cmd_enabled(&mds->security, opcode);
dev_dbg(dev, "Opcode 0x%04x enabled\n", opcode); dev_dbg(dev, "Opcode 0x%04x enabled\n", opcode);
} }
} }
......
...@@ -477,9 +477,28 @@ static struct attribute_group cxl_memdev_pmem_attribute_group = { ...@@ -477,9 +477,28 @@ static struct attribute_group cxl_memdev_pmem_attribute_group = {
.attrs = cxl_memdev_pmem_attributes, .attrs = cxl_memdev_pmem_attributes,
}; };
static umode_t cxl_memdev_security_visible(struct kobject *kobj,
struct attribute *a, int n)
{
struct device *dev = kobj_to_dev(kobj);
struct cxl_memdev *cxlmd = to_cxl_memdev(dev);
struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds);
if (a == &dev_attr_security_sanitize.attr &&
!test_bit(CXL_SEC_ENABLED_SANITIZE, mds->security.enabled_cmds))
return 0;
if (a == &dev_attr_security_erase.attr &&
!test_bit(CXL_SEC_ENABLED_SECURE_ERASE, mds->security.enabled_cmds))
return 0;
return a->mode;
}
static struct attribute_group cxl_memdev_security_attribute_group = { static struct attribute_group cxl_memdev_security_attribute_group = {
.name = "security", .name = "security",
.attrs = cxl_memdev_security_attributes, .attrs = cxl_memdev_security_attributes,
.is_visible = cxl_memdev_security_visible,
}; };
static const struct attribute_group *cxl_memdev_attribute_groups[] = { static const struct attribute_group *cxl_memdev_attribute_groups[] = {
......
...@@ -244,6 +244,19 @@ enum poison_cmd_enabled_bits { ...@@ -244,6 +244,19 @@ enum poison_cmd_enabled_bits {
CXL_POISON_ENABLED_MAX CXL_POISON_ENABLED_MAX
}; };
/* Device enabled security commands */
enum security_cmd_enabled_bits {
CXL_SEC_ENABLED_SANITIZE,
CXL_SEC_ENABLED_SECURE_ERASE,
CXL_SEC_ENABLED_GET_SECURITY_STATE,
CXL_SEC_ENABLED_SET_PASSPHRASE,
CXL_SEC_ENABLED_DISABLE_PASSPHRASE,
CXL_SEC_ENABLED_UNLOCK,
CXL_SEC_ENABLED_FREEZE_SECURITY,
CXL_SEC_ENABLED_PASSPHRASE_SECURE_ERASE,
CXL_SEC_ENABLED_MAX
};
/** /**
* struct cxl_poison_state - Driver poison state info * struct cxl_poison_state - Driver poison state info
* *
...@@ -346,6 +359,7 @@ struct cxl_fw_state { ...@@ -346,6 +359,7 @@ struct cxl_fw_state {
* struct cxl_security_state - Device security state * struct cxl_security_state - Device security state
* *
* @state: state of last security operation * @state: state of last security operation
* @enabled_cmds: All security commands enabled in the CEL
* @poll: polling for sanitization is enabled, device has no mbox irq support * @poll: polling for sanitization is enabled, device has no mbox irq support
* @poll_tmo_secs: polling timeout * @poll_tmo_secs: polling timeout
* @poll_dwork: polling work item * @poll_dwork: polling work item
...@@ -353,6 +367,7 @@ struct cxl_fw_state { ...@@ -353,6 +367,7 @@ struct cxl_fw_state {
*/ */
struct cxl_security_state { struct cxl_security_state {
unsigned long state; unsigned long state;
DECLARE_BITMAP(enabled_cmds, CXL_SEC_ENABLED_MAX);
bool poll; bool poll;
int poll_tmo_secs; int poll_tmo_secs;
struct delayed_work poll_dwork; struct delayed_work poll_dwork;
...@@ -434,6 +449,7 @@ struct cxl_dev_state { ...@@ -434,6 +449,7 @@ struct cxl_dev_state {
* @next_persistent_bytes: persistent capacity change pending device reset * @next_persistent_bytes: persistent capacity change pending device reset
* @event: event log driver state * @event: event log driver state
* @poison: poison driver state info * @poison: poison driver state info
* @security: security driver state info
* @fw: firmware upload / activation state * @fw: firmware upload / activation state
* @mbox_send: @dev specific transport for transmitting mailbox commands * @mbox_send: @dev specific transport for transmitting mailbox commands
* *
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment