lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  3 Aug 2022 21:50:27 -0700
From:   Davidlohr Bueso <dave@...olabs.net>
To:     linux-cxl@...r.kernel.org
Cc:     dan.j.williams@...el.com, bwidawsk@...nel.org,
        Jonathan.Cameron@...wei.com, ira.weiny@...el.com,
        alison.schofield@...el.com, vishal.l.verma@...el.com,
        a.manzanares@...sung.com, mcgrof@...nel.org, dave@...olabs.net,
        linux-kernel@...r.kernel.org
Subject: [RFC PATCH 0/2] cxl: BG operations and device sanitation

Hello,

The following is a followup to some of the discussions around CXL device security
and sanitation[0, 1]. It is marked as RFC mostly to see if the background handling
will satisfy all users, not just sanitize/overwrite. For example there has been ideas
to avoid command hogging the device and/or interleaving scan media regions instead
of all in one, etc. More details in each patch, but:

Patch 1 adds the required background cmd handling bits. While this is currently
only polling, it would be good to know if there are any fundamental blockers for
supporting irqs (beyond just background ops) between PCIe and CXL. For example,
are there any requirements/difficulties that is not the standard MSI/MSI-X PCI
vector allocation + devm_request_irq()? I have not looked at this into details but
it the topic has come up in the past as delicate', iirc.

Patch 2 implements the sanitation commands (overwrite and secure erase).

As for testing, while I used the mock device to test the secure erase command, I
ended up hacking up a prototype[2] for qemu to support overwrite and bg commands.
So while the some of the paths this series introduces have been exercised, there
is of course a lot more to do.

Applies against Dave's cxl-security branch[2] which deals with the pmem-only bits.

Thanks,
Davidlohr

[0]: https://lore.kernel.org/all/20220708172455.gi37dh3od4w5lqrd@offworld/ 
[1]: https://lore.kernel.org/all/165791918718.2491387.4203738301057301285.stgit@djiang5-desk3.ch.intel.com/
[2]: https://github.com/davidlohr/qemu/commit/64a93a5b824b59d3b547f06f7fbb1269fb4790ce
[3]: https://git.kernel.org/pub/scm/linux/kernel/git/djiang/linux.git/log/?h=cxl-security

Davidlohr Bueso (2):
  cxl/mbox: Add background operation handling machinery
  cxl/mem: Support sanitation commands

 Documentation/ABI/testing/sysfs-bus-cxl |  19 ++
 drivers/cxl/core/core.h                 |   2 +-
 drivers/cxl/core/mbox.c                 | 304 +++++++++++++++++++++++-
 drivers/cxl/core/memdev.c               |  58 +++++
 drivers/cxl/core/port.c                 |   9 +-
 drivers/cxl/cxl.h                       |   8 +
 drivers/cxl/cxlmem.h                    |  65 ++++-
 drivers/cxl/pci.c                       |   3 +-
 drivers/cxl/pmem.c                      |   5 +-
 drivers/cxl/security.c                  |  13 +-
 include/uapi/linux/cxl_mem.h            |   2 +
 11 files changed, 461 insertions(+), 27 deletions(-)

--
2.37.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ