diff options
| author | Davidlohr Bueso <dave@stgolabs.net> | 2023-06-12 11:10:35 -0700 |
|---|---|---|
| committer | Dan Williams <dan.j.williams@intel.com> | 2023-06-25 15:21:16 -0700 |
| commit | 48dcdbb16e5dc0947f949ce17bc2d09a625a0d5c (patch) | |
| tree | 2efe734b220cec7d3122913813509f199ef0ccdd /Documentation/ABI/testing/sysfs-bus-cxl | |
| parent | 0c36b6ad436a38b167af16e6c690c890b8b2df62 (diff) | |
cxl/mem: Wire up Sanitization support
Implement support for CXL 3.0 8.2.9.8.5.1 Sanitize. This is done by
adding a security/sanitize' memdev sysfs file to trigger the operation
and extend the status file to make it poll(2)-capable for completion.
Unlike all other background commands, this is the only operation that
is special and monopolizes the device for long periods of time.
In addition to the traditional pmem security requirements, all regions
must also be offline in order to perform the operation. This permits
avoiding explicit global CPU cache management, relying instead on the
implict cache management when a region transitions between
CXL_CONFIG_ACTIVE and CXL_CONFIG_COMMIT.
The expectation is that userspace can use it such as:
cxl disable-memdev memX
echo 1 > /sys/bus/cxl/devices/memX/security/sanitize
cxl wait-sanitize memX
cxl enable-memdev memX
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
Link: https://lore.kernel.org/r/20230612181038.14421-5-dave@stgolabs.net
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'Documentation/ABI/testing/sysfs-bus-cxl')
| -rw-r--r-- | Documentation/ABI/testing/sysfs-bus-cxl | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/Documentation/ABI/testing/sysfs-bus-cxl b/Documentation/ABI/testing/sysfs-bus-cxl index 721a44d8a482..f86fe3671375 100644 --- a/Documentation/ABI/testing/sysfs-bus-cxl +++ b/Documentation/ABI/testing/sysfs-bus-cxl @@ -64,8 +64,25 @@ KernelVersion: v6.5 Contact: linux-cxl@vger.kernel.org Description: (RO) Reading this file will display the CXL security state for - that device. Such states can be: 'disabled', or those available - only for persistent memory: 'locked', 'unlocked' or 'frozen'. + that device. Such states can be: 'disabled', 'sanitize', when + a sanitization is currently underway; or those available only + for persistent memory: 'locked', 'unlocked' or 'frozen'. This + sysfs entry is select/poll capable from userspace to notify + upon completion of a sanitize operation. + + +What: /sys/bus/cxl/devices/memX/security/sanitize +Date: June, 2023 +KernelVersion: v6.5 +Contact: linux-cxl@vger.kernel.org +Description: + (WO) Write a boolean 'true' string value to this attribute to + sanitize the device to securely re-purpose or decommission it. + This is done by ensuring that all user data and meta-data, + whether it resides in persistent capacity, volatile capacity, + or the LSA, is made permanently unavailable by whatever means + is appropriate for the media type. This functionality requires + the device to be not be actively decoding any HPA ranges. What: /sys/bus/cxl/devices/*/devtype |