Merge tag 'cxl-fixes-6.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull cxl fixes from Vishal Verma:

- Fixup the Sanitixe device ABI that was merged for v6.5 to hide some
sysfs files when the necessary support is missing. Update the ABI
documentation around this as well.

* tag 'cxl-fixes-6.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
cxl/memdev: Only show sanitize sysfs files when supported
cxl/memdev: Document security state in kern-doc
cxl/memdev: Improve sanitize ABI descriptions

Linus Torvalds 2 years ago 638c1913 999f6631

+92 -3

4 changed files

expand all

Documentation

ABI

testing

sysfs-bus-cxl

drivers

cxl

core

mbox.c

memdev.c

cxlmem.h

+13 -2

Documentation/ABI/testing/sysfs-bus-cxl

··· 82 82 whether it resides in persistent capacity, volatile capacity, 83 83 or the LSA, is made permanently unavailable by whatever means 84 84 is appropriate for the media type. This functionality requires 85 - the device to be not be actively decoding any HPA ranges. 85 + the device to be disabled, that is, not actively decoding any 86 + HPA ranges. This permits avoiding explicit global CPU cache 87 + management, relying instead for it to be done when a region 88 + transitions between software programmed and hardware committed 89 + states. If this file is not present, then there is no hardware 90 + support for the operation. 86 91 87 92 88 93 What /sys/bus/cxl/devices/memX/security/erase ··· 97 92 Description: 98 93 (WO) Write a boolean 'true' string value to this attribute to 99 94 secure erase user data by changing the media encryption keys for 100 - all user data areas of the device. 95 + all user data areas of the device. This functionality requires 96 + the device to be disabled, that is, not actively decoding any 97 + HPA ranges. This permits avoiding explicit global CPU cache 98 + management, relying instead for it to be done when a region 99 + transitions between software programmed and hardware committed 100 + states. If this file is not present, then there is no hardware 101 + support for the operation. 101 102 102 103 103 104 What: /sys/bus/cxl/devices/memX/firmware/

+44 -1

drivers/cxl/core/mbox.c

··· 121 121 return false; 122 122 } 123 123 124 + static void cxl_set_security_cmd_enabled(struct cxl_security_state *security, 125 + u16 opcode) 126 + { 127 + switch (opcode) { 128 + case CXL_MBOX_OP_SANITIZE: 129 + set_bit(CXL_SEC_ENABLED_SANITIZE, security->enabled_cmds); 130 + break; 131 + case CXL_MBOX_OP_SECURE_ERASE: 132 + set_bit(CXL_SEC_ENABLED_SECURE_ERASE, 133 + security->enabled_cmds); 134 + break; 135 + case CXL_MBOX_OP_GET_SECURITY_STATE: 136 + set_bit(CXL_SEC_ENABLED_GET_SECURITY_STATE, 137 + security->enabled_cmds); 138 + break; 139 + case CXL_MBOX_OP_SET_PASSPHRASE: 140 + set_bit(CXL_SEC_ENABLED_SET_PASSPHRASE, 141 + security->enabled_cmds); 142 + break; 143 + case CXL_MBOX_OP_DISABLE_PASSPHRASE: 144 + set_bit(CXL_SEC_ENABLED_DISABLE_PASSPHRASE, 145 + security->enabled_cmds); 146 + break; 147 + case CXL_MBOX_OP_UNLOCK: 148 + set_bit(CXL_SEC_ENABLED_UNLOCK, security->enabled_cmds); 149 + break; 150 + case CXL_MBOX_OP_FREEZE_SECURITY: 151 + set_bit(CXL_SEC_ENABLED_FREEZE_SECURITY, 152 + security->enabled_cmds); 153 + break; 154 + case CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE: 155 + set_bit(CXL_SEC_ENABLED_PASSPHRASE_SECURE_ERASE, 156 + security->enabled_cmds); 157 + break; 158 + default: 159 + break; 160 + } 161 + } 162 + 124 163 static bool cxl_is_poison_command(u16 opcode) 125 164 { 126 165 #define CXL_MBOX_OP_POISON_CMDS 0x43 ··· 716 677 u16 opcode = le16_to_cpu(cel_entry[i].opcode); 717 678 struct cxl_mem_command *cmd = cxl_mem_find_command(opcode); 718 679 719 - if (!cmd && !cxl_is_poison_command(opcode)) { 680 + if (!cmd && (!cxl_is_poison_command(opcode) || 681 + !cxl_is_security_command(opcode))) { 720 682 dev_dbg(dev, 721 683 "Opcode 0x%04x unsupported by driver\n", opcode); 722 684 continue; ··· 728 688 729 689 if (cxl_is_poison_command(opcode)) 730 690 cxl_set_poison_cmd_enabled(&mds->poison, opcode); 691 + 692 + if (cxl_is_security_command(opcode)) 693 + cxl_set_security_cmd_enabled(&mds->security, opcode); 731 694 732 695 dev_dbg(dev, "Opcode 0x%04x enabled\n", opcode); 733 696 }

+19

drivers/cxl/core/memdev.c

··· 477 477 .attrs = cxl_memdev_pmem_attributes, 478 478 }; 479 479 480 + static umode_t cxl_memdev_security_visible(struct kobject *kobj, 481 + struct attribute *a, int n) 482 + { 483 + struct device *dev = kobj_to_dev(kobj); 484 + struct cxl_memdev *cxlmd = to_cxl_memdev(dev); 485 + struct cxl_memdev_state *mds = to_cxl_memdev_state(cxlmd->cxlds); 486 + 487 + if (a == &dev_attr_security_sanitize.attr && 488 + !test_bit(CXL_SEC_ENABLED_SANITIZE, mds->security.enabled_cmds)) 489 + return 0; 490 + 491 + if (a == &dev_attr_security_erase.attr && 492 + !test_bit(CXL_SEC_ENABLED_SECURE_ERASE, mds->security.enabled_cmds)) 493 + return 0; 494 + 495 + return a->mode; 496 + } 497 + 480 498 static struct attribute_group cxl_memdev_security_attribute_group = { 481 499 .name = "security", 482 500 .attrs = cxl_memdev_security_attributes, 501 + .is_visible = cxl_memdev_security_visible, 483 502 }; 484 503 485 504 static const struct attribute_group *cxl_memdev_attribute_groups[] = {

+16

drivers/cxl/cxlmem.h

··· 244 244 CXL_POISON_ENABLED_MAX 245 245 }; 246 246 247 + /* Device enabled security commands */ 248 + enum security_cmd_enabled_bits { 249 + CXL_SEC_ENABLED_SANITIZE, 250 + CXL_SEC_ENABLED_SECURE_ERASE, 251 + CXL_SEC_ENABLED_GET_SECURITY_STATE, 252 + CXL_SEC_ENABLED_SET_PASSPHRASE, 253 + CXL_SEC_ENABLED_DISABLE_PASSPHRASE, 254 + CXL_SEC_ENABLED_UNLOCK, 255 + CXL_SEC_ENABLED_FREEZE_SECURITY, 256 + CXL_SEC_ENABLED_PASSPHRASE_SECURE_ERASE, 257 + CXL_SEC_ENABLED_MAX 258 + }; 259 + 247 260 /** 248 261 * struct cxl_poison_state - Driver poison state info 249 262 * ··· 359 346 * struct cxl_security_state - Device security state 360 347 * 361 348 * @state: state of last security operation 349 + * @enabled_cmds: All security commands enabled in the CEL 362 350 * @poll: polling for sanitization is enabled, device has no mbox irq support 363 351 * @poll_tmo_secs: polling timeout 364 352 * @poll_dwork: polling work item ··· 367 353 */ 368 354 struct cxl_security_state { 369 355 unsigned long state; 356 + DECLARE_BITMAP(enabled_cmds, CXL_SEC_ENABLED_MAX); 370 357 bool poll; 371 358 int poll_tmo_secs; 372 359 struct delayed_work poll_dwork; ··· 449 434 * @next_persistent_bytes: persistent capacity change pending device reset 450 435 * @event: event log driver state 451 436 * @poison: poison driver state info 437 + * @security: security driver state info 452 438 * @fw: firmware upload / activation state 453 439 * @mbox_send: @dev specific transport for transmitting mailbox commands 454 440 *