[RFC workqueue/driver-core PATCH 0/5] Add NUMA aware async_schedule calls
by Alexander Duyck
This patch set provides functionality that will help to improve the
locality of the async_schedule calls used to provide deferred
initialization.
This patch set originally started out with me focused on just the one call
to async_schedule_domain in the nvdimm tree that was being used to
defer the device_add call however after doing some digging I realized the
scope of this was much broader than I had originally planned. As such I
went through and reworked the underlying infrastructure down to replacing
the queue_work call itself with a function of my own and opted to try and
provide a NUMA aware solution that would work for a broader audience.
I am submitting this an RFC to figure out just how far off I am from where
I need to be on this patch set and to determine which tree I should
ultimately be submitting this to.
---
Alexander Duyck (5):
workqueue: Provide queue_work_near to queue work near a given NUMA node
async: Add support for queueing on specific NUMA node
driver core: Probe devices asynchronously instead of the driver
driver core: Use new async_schedule_dev command
nvdimm: Schedule device registration on node local to the device
drivers/base/bus.c | 23 +-------
drivers/base/dd.c | 44 +++++++++++++++
drivers/base/power/main.c | 12 ++--
drivers/nvdimm/bus.c | 11 +++-
include/linux/async.h | 27 ++++++++-
include/linux/workqueue.h | 2 +
kernel/async.c | 62 ++++++++++++++++------
kernel/workqueue.c | 129 ++++++++++++++++++++++++++++++++++++++++++++-
8 files changed, 258 insertions(+), 52 deletions(-)
--
2 years
[PATCH v8 00/13] Copy Offload in NVMe Fabrics with P2P PCI Memory
by Logan Gunthorpe
Hi Everyone,
Here is version 6 of the PCI P2PDMA patch set. This version makes
a few minor changes from v6 and is based on v4.19-rc5. A git repo is here:
https://github.com/sbates130272/linux-p2pmem pci-p2p-v7
Now that we have Bjorn's Acks, I'd preferably like to get Jens's Ack for
Patch 7 and then I'd like to propose merging this series through the NVME
tree.
Thanks,
Logan
--
Changes in v8:
* Added a couple of comments to address Bart's feedback and
removed the bogus call to percpu_ref_switch_to_atomic_sync()
Changes in v7:
* Rebased on v4.19-rc5
* Fixed up commit message of patch 7 that was no longer accurate. (as
pointed out by Jens)
* Change the configfs to not use "auto" or "none" and instead just
use a 0/1/<pci_dev> (or boolean). This matches the existing
nvme-target configfs booleans. (Per Bjorn)
* A handful of other minor changes and edits that were noticed by Bjorn
* Collected Acks from Bjorn
Changes in v6:
* Rebased on v4.19-rc3
* Remove the changes to the common submit_bio() path and instead
set REQ_NOMERGE in the NVME target driver, when appropriate.
Per discussions with Jens and Christoph.
* Some minor grammar changes in the documentation as spotted by Randy.
Changes in v5:
* Rebased on v4.19-rc1
* Drop changing ACS settings in this patchset. Now, the code
will only allow P2P transactions between devices whos
downstream ports do not restrict P2P TLPs.
* Drop the REQ_PCI_P2PDMA block flag and instead use
is_pci_p2pdma_page() to tell if a request is P2P or not. In that
case we check for queue support and enforce using REQ_NOMERGE.
Per feedback from Christoph.
* Drop the pci_p2pdma_unmap_sg() function as it was empty and only
there for symmetry and compatibility with dma_unmap_sg. Per feedback
from Christoph.
* Split off the logic to handle enabling P2P in NVMe fabrics' configfs
into specific helpers in the p2pdma code. Per feedback from Christoph.
* A number of other minor cleanups and fixes as pointed out by
Christoph and others.
Changes in v4:
* Change the original upstream_bridges_match() function to
upstream_bridge_distance() which calculates the distance between two
devices as long as they are behind the same root port. This should
address Bjorn's concerns that the code was to focused on
being behind a single switch.
* The disable ACS function now disables ACS for all bridge ports instead
of switch ports (ie. those that had two upstream_bridge ports).
* Change the pci_p2pmem_alloc_sgl() and pci_p2pmem_free_sgl()
API to be more like sgl_alloc() in that the alloc function returns
the allocated scatterlist and nents is not required bythe free
function.
* Moved the new documentation into the driver-api tree as requested
by Jonathan
* Add SGL alloc and free helpers in the nvmet code so that the
individual drivers can share the code that allocates P2P memory.
As requested by Christoph.
* Cleanup the nvmet_p2pmem_store() function as Christoph
thought my first attempt was ugly.
* Numerous commit message and comment fix-ups
Changes in v3:
* Many more fixes and minor cleanups that were spotted by Bjorn
* Additional explanation of the ACS change in both the commit message
and Kconfig doc. Also, the code that disables the ACS bits is surrounded
explicitly by an #ifdef
* Removed the flag we added to rdma_rw_ctx() in favour of using
is_pci_p2pdma_page(), as suggested by Sagi.
* Adjust pci_p2pmem_find() so that it prefers P2P providers that
are closest to (or the same as) the clients using them. In cases
of ties, the provider is randomly chosen.
* Modify the NVMe Target code so that the PCI device name of the provider
may be explicitly specified, bypassing the logic in pci_p2pmem_find().
(Note: it's still enforced that the provider must be behind the
same switch as the clients).
* As requested by Bjorn, added documentation for driver writers.
Changes in v2:
* Renamed everything to 'p2pdma' per the suggestion from Bjorn as well
as a bunch of cleanup and spelling fixes he pointed out in the last
series.
* To address Alex's ACS concerns, we change to a simpler method of
just disabling ACS behind switches for any kernel that has
CONFIG_PCI_P2PDMA.
* We also reject using devices that employ 'dma_virt_ops' which should
fairly simply handle Jason's concerns that this work might break with
the HFI, QIB and rxe drivers that use the virtual ops to implement
their own special DMA operations.
--
This is a continuation of our work to enable using Peer-to-Peer PCI
memory in the kernel with initial support for the NVMe fabrics target
subsystem. Many thanks go to Christoph Hellwig who provided valuable
feedback to get these patches to where they are today.
The concept here is to use memory that's exposed on a PCI BAR as
data buffers in the NVMe target code such that data can be transferred
from an RDMA NIC to the special memory and then directly to an NVMe
device avoiding system memory entirely. The upside of this is better
QoS for applications running on the CPU utilizing memory and lower
PCI bandwidth required to the CPU (such that systems could be designed
with fewer lanes connected to the CPU).
Due to these trade-offs we've designed the system to only enable using
the PCI memory in cases where the NIC, NVMe devices and memory are all
behind the same PCI switch hierarchy. This will mean many setups that
could likely work well will not be supported so that we can be more
confident it will work and not place any responsibility on the user to
understand their topology. (We chose to go this route based on feedback
we received at the last LSF). Future work may enable these transfers
using a white list of known good root complexes. However, at this time,
there is no reliable way to ensure that Peer-to-Peer transactions are
permitted between PCI Root Ports.
For PCI P2P DMA transfers to work in this situation the ACS bits
must be disabled on the downstream ports (DSPs) for all devices
involved in the transfer. This can be done using the "disable_acs_redir"
PCI kernel command line option which was introduced in v4.19.
In order to enable PCI P2P functionality, we introduce a few new PCI
functions such that a driver can register P2P memory with the system.
Struct pages are created for this memory using devm_memremap_pages()
and the PCI bus offset is stored in the corresponding pagemap structure.
Another set of functions allow a client driver to create a list of
client devices that will be used in a given P2P transactions and then
use that list to find any P2P memory that is supported by all the
client devices.
In the block layer, we also introduce a flag for a request queue
to indicate a given queue supports targeting P2P memory. The driver
submitting bios must ensure that the queue supports P2P before
attempting to submit BIOs backed by P2P memory. Also, P2P requests
are marked to not be merged seeing a non-homogenous request would
complicate the DMA mapping requirements.
In the PCI NVMe driver, we modify the existing CMB support to utilize
the new PCI P2P memory infrastructure and also add support for P2P
memory in its request queue. When a P2P request is received it uses the
pci_p2pmem_map_sg() function which applies the necessary transformation
to get the corrent pci_bus_addr_t for the DMA transactions.
In the RDMA core, we also adjust rdma_rw_ctx_init() and
rdma_rw_ctx_destroy() to take a flags argument which indicates whether
to use the PCI P2P mapping functions or not. To avoid odd RDMA devices
that don't use the proper DMA infrastructure this code rejects using
any device that employs the virt_dma_ops implementation.
Finally, in the NVMe fabrics target port we introduce a new
configuration attribute: 'p2pmem'. When set to a true boolean, the port
will attempt to find P2P memory supported by the RDMA NIC and all namespaces.
It may also be set to a PCI device name to select a specific P2P
memory to use. If supported memory is found, it will be used in all IO
transfers. And if a port is using P2P memory, adding new namespaces that
are not supported by that memory will fail.
These patches have been tested on a number of Intel based systems and
for a variety of RDMA NICs (Mellanox, Broadcomm, Chelsio) and NVMe
SSDs (Intel, Seagate, Samsung) and p2pdma devices (Eideticom,
Microsemi, Chelsio and Everspin) using switches from both Microsemi
and Broadcomm.
--
Logan Gunthorpe (13):
PCI/P2PDMA: Support peer-to-peer memory
PCI/P2PDMA: Add sysfs group to display p2pmem stats
PCI/P2PDMA: Add PCI p2pmem DMA mappings to adjust the bus offset
PCI/P2PDMA: Introduce configfs/sysfs enable attribute helpers
docs-rst: Add a new directory for PCI documentation
PCI/P2PDMA: Add P2P DMA driver writer's documentation
block: Add PCI P2P flag for request queue and check support for
requests
IB/core: Ensure we map P2P memory correctly in
rdma_rw_ctx_[init|destroy]()
nvme-pci: Use PCI p2pmem subsystem to manage the CMB
nvme-pci: Add support for P2P memory in requests
nvme-pci: Add a quirk for a pseudo CMB
nvmet: Introduce helper functions to allocate and free request SGLs
nvmet: Optionally use PCI P2P memory
Documentation/ABI/testing/sysfs-bus-pci | 24 +
Documentation/driver-api/index.rst | 2 +-
Documentation/driver-api/pci/index.rst | 21 +
Documentation/driver-api/pci/p2pdma.rst | 170 ++++
Documentation/driver-api/{ => pci}/pci.rst | 0
drivers/infiniband/core/rw.c | 11 +-
drivers/nvme/host/core.c | 4 +
drivers/nvme/host/nvme.h | 8 +
drivers/nvme/host/pci.c | 121 ++-
drivers/nvme/target/configfs.c | 36 +
drivers/nvme/target/core.c | 154 ++++
drivers/nvme/target/io-cmd-bdev.c | 3 +
drivers/nvme/target/nvmet.h | 15 +
drivers/nvme/target/rdma.c | 22 +-
drivers/pci/Kconfig | 17 +
drivers/pci/Makefile | 1 +
drivers/pci/p2pdma.c | 952 +++++++++++++++++++++
include/linux/blkdev.h | 3 +
include/linux/memremap.h | 6 +
include/linux/mm.h | 18 +
include/linux/pci-p2pdma.h | 123 +++
include/linux/pci.h | 4 +
22 files changed, 1661 insertions(+), 54 deletions(-)
create mode 100644 Documentation/driver-api/pci/index.rst
create mode 100644 Documentation/driver-api/pci/p2pdma.rst
rename Documentation/driver-api/{ => pci}/pci.rst (100%)
create mode 100644 drivers/pci/p2pdma.c
create mode 100644 include/linux/pci-p2pdma.h
--
2.19.0
2 years
[PATCH] libnvdimm, dimm: Maximize label transfer size
by Dan Williams
Use kvzalloc() to bypass the arbitrary PAGE_SIZE limit of label transfer
operations. Given the expense of calling into firmware, maximize the
amount of label data we transfer per call to be up to the total label
space if allowed by the firmware.
Cc: Alexander Duyck <alexander.h.duyck(a)linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
---
drivers/nvdimm/dimm_devs.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c
index 863cabc35215..82ab96a9f560 100644
--- a/drivers/nvdimm/dimm_devs.c
+++ b/drivers/nvdimm/dimm_devs.c
@@ -111,8 +111,8 @@ int nvdimm_init_config_data(struct nvdimm_drvdata *ndd)
if (!ndd->data)
return -ENOMEM;
- max_cmd_size = min_t(u32, PAGE_SIZE, ndd->nsarea.max_xfer);
- cmd = kzalloc(max_cmd_size + sizeof(*cmd), GFP_KERNEL);
+ max_cmd_size = min_t(u32, ndd->nsarea.config_size, ndd->nsarea.max_xfer);
+ cmd = kvzalloc(max_cmd_size + sizeof(*cmd), GFP_KERNEL);
if (!cmd)
return -ENOMEM;
@@ -134,7 +134,7 @@ int nvdimm_init_config_data(struct nvdimm_drvdata *ndd)
memcpy(ndd->data + offset, cmd->out_buf, cmd->in_length);
}
dev_dbg(ndd->dev, "len: %zu rc: %d\n", offset, rc);
- kfree(cmd);
+ kvfree(cmd);
return rc;
}
@@ -157,9 +157,9 @@ int nvdimm_set_config_data(struct nvdimm_drvdata *ndd, size_t offset,
if (offset + len > ndd->nsarea.config_size)
return -ENXIO;
- max_cmd_size = min_t(u32, PAGE_SIZE, len);
+ max_cmd_size = min_t(u32, ndd->nsarea.config_size, len);
max_cmd_size = min_t(u32, max_cmd_size, ndd->nsarea.max_xfer);
- cmd = kzalloc(max_cmd_size + sizeof(*cmd) + sizeof(u32), GFP_KERNEL);
+ cmd = kvzalloc(max_cmd_size + sizeof(*cmd) + sizeof(u32), GFP_KERNEL);
if (!cmd)
return -ENOMEM;
@@ -183,7 +183,7 @@ int nvdimm_set_config_data(struct nvdimm_drvdata *ndd, size_t offset,
break;
}
}
- kfree(cmd);
+ kvfree(cmd);
return rc;
}
2 years
[PATCH] libnvdimm, region: Fail badblocks listing for inactive regions
by Dan Williams
While experimenting with region driver loading the following backtrace
was triggered:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
[..]
Call Trace:
dump_stack+0x85/0xcb
register_lock_class+0x571/0x580
? __lock_acquire+0x2ba/0x1310
? kernfs_seq_start+0x2a/0x80
__lock_acquire+0xd4/0x1310
? dev_attr_show+0x1c/0x50
? __lock_acquire+0x2ba/0x1310
? kernfs_seq_start+0x2a/0x80
? lock_acquire+0x9e/0x1a0
lock_acquire+0x9e/0x1a0
? dev_attr_show+0x1c/0x50
badblocks_show+0x70/0x190
? dev_attr_show+0x1c/0x50
dev_attr_show+0x1c/0x50
This results from a missing successful call to devm_init_badblocks()
from nd_region_probe(). Block attempts to show badblocks while the
region is not enabled.
Fixes: 6a6bef90425e ("libnvdimm: add mechanism to publish badblocks...")
Cc: <stable(a)vger.kernel.org>
Cc: Dave Jiang <dave.jiang(a)intel.com>
Cc: Johannes Thumshirn <jthumshirn(a)suse.de>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
---
drivers/nvdimm/region_devs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c
index fa37afcd43ff..174a418cb171 100644
--- a/drivers/nvdimm/region_devs.c
+++ b/drivers/nvdimm/region_devs.c
@@ -560,10 +560,17 @@ static ssize_t region_badblocks_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
struct nd_region *nd_region = to_nd_region(dev);
+ ssize_t rc;
- return badblocks_show(&nd_region->bb, buf, 0);
-}
+ device_lock(dev);
+ if (dev->driver)
+ rc = badblocks_show(&nd_region->bb, buf, 0);
+ else
+ rc = -ENXIO;
+ device_unlock(dev);
+ return rc;
+}
static DEVICE_ATTR(badblocks, 0444, region_badblocks_show, NULL);
static ssize_t resource_show(struct device *dev,
2 years
[GIT PULL] filesystem-dax fix for 4.19-rc6
by Williams, Dan J
Hi Greg, please pull from...
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm tags/libnvdimm-fixes2-4.19-rc6
...to receive one more urgent fix for 4.19-rc6.
---
The following changes since commit 6bf4ca7fbc85d80446ac01c0d1d77db4d91a6d84:
Linux 4.19-rc5 (2018-09-23 19:15:18 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm tags/libnvdimm-fixes2-4.19-rc6
for you to fetch changes up to f52afc93cd018fe6910133a05d44671192d1aeb0:
dax: Fix deadlock in dax_lock_mapping_entry() (2018-09-27 10:56:15 -0700)
----------------------------------------------------------------
filesystem-dax for 4.19-rc6
Fix a deadlock in the new for 4.19 dax_lock_mapping_entry() routine.
----------------------------------------------------------------
Jan Kara (1):
dax: Fix deadlock in dax_lock_mapping_entry()
fs/dax.c | 1 +
1 file changed, 1 insertion(+)
commit f52afc93cd018fe6910133a05d44671192d1aeb0
Author: Jan Kara <jack(a)suse.cz>
Date: Thu Sep 27 13:23:32 2018 +0200
dax: Fix deadlock in dax_lock_mapping_entry()
When dax_lock_mapping_entry() has to sleep to obtain entry lock, it will
fail to unlock mapping->i_pages spinlock and thus immediately deadlock
against itself when retrying to grab the entry lock again. Fix the
problem by unlocking mapping->i_pages before retrying.
Fixes: c2a7d2a11552 ("filesystem-dax: Introduce dax_lock_mapping_entry()")
Reported-by: Barret Rhoden <brho(a)google.com>
Signed-off-by: Jan Kara <jack(a)suse.cz>
Signed-off-by: Dan Williams <dan.j.williams(a)intel.com>
diff --git a/fs/dax.c b/fs/dax.c
index f32d7125ad0f..e4ef8af31aa6 100644
--- a/fs/dax.c
+++ b/fs/dax.c
@@ -447,6 +447,7 @@ bool dax_lock_mapping_entry(struct page *page)
xa_unlock_irq(&mapping->i_pages);
break;
} else if (IS_ERR(entry)) {
+ xa_unlock_irq(&mapping->i_pages);
WARN_ON_ONCE(PTR_ERR(entry) != -EAGAIN);
continue;
}
2 years
[PATCH v4 0/5] Address issues slowing persistent memory initialization
by Alexander Duyck
This patch set is meant to be a v4 to my earlier patch set "Address issues
slowing memory init"[1], and a follow-up to my earlier patch set "Address
issues slowing persistent memory initialization"[2].
Excluding any gains seen from using the vm_debug option to disable page
init poisoning I see a total reduction in file-system init time of about
two and a half minutes, or 65%, for a system initializing btrfs on a 12TB
block of persistent memory split evenly over 4 NUMA nodes.
Since the last patch set I have reworked the first patch to provide a more
generic disable implementation that can be extended in the future.
I tweaked the commit message for the second patch slightly to reflect why
we might want to use a non-atomic __set_bit versus the atomic set_bit.
I have modified the third patch to make it so that it can merge onto either
the linux git tree or the linux-next git tree. The patch set that Dan
Williams has outstanding may end up conflicting with this patch depending
on the merge order. If his are merged first I believe the code I changed
in mm/hmm.c could be dropped entirely.
The fourth patch has been split into two and focused more on the async
scheduling portion of the nvdimm code. The result is much cleaner than the
original approach in that instead of having two threads running we are now
getting the thread running where we wanted it to be.
The last change for all patches is that I have updated my email address to
alexander.h.duyck(a)linux.intel.com to reflect the fact that I have changed
teams within Intel. I will be trying to use that for correspondence going
forward instead of my gmail account.
[1]: https://lkml.org/lkml/2018/9/5/924
[2]: https://lkml.org/lkml/2018/9/11/10
[3]: https://lkml.org/lkml/2018/9/13/104
---
Alexander Duyck (5):
mm: Provide kernel parameter to allow disabling page init poisoning
mm: Create non-atomic version of SetPageReserved for init use
mm: Defer ZONE_DEVICE page initialization to the point where we init pgmap
async: Add support for queueing on specific node
nvdimm: Schedule device registration on node local to the device
Documentation/admin-guide/kernel-parameters.txt | 12 +++
drivers/nvdimm/bus.c | 19 ++++
include/linux/async.h | 20 ++++-
include/linux/mm.h | 2
include/linux/page-flags.h | 9 ++
kernel/async.c | 36 ++++++--
kernel/memremap.c | 24 ++---
mm/debug.c | 46 ++++++++++
mm/hmm.c | 12 ++-
mm/memblock.c | 5 -
mm/page_alloc.c | 101 ++++++++++++++++++++++-
mm/sparse.c | 4 -
12 files changed, 243 insertions(+), 47 deletions(-)
--
2 years
I want you. Write me
by anatie@leedsindustrialpark.com
Whazap pretty. I’ve seen, found your profile and liked your appearence sooo much. I can not stop thinking of you . I want to learn you better. Find me on that website
2 years
[PATCH v11 00/12] Adding security support for nvdimm
by Dave Jiang
The following series implements security support for nvdimm. Mostly adding
new security DSM support from the Intel NVDIMM DSM spec v1.7, but also
adding generic support libnvdimm for other vendors. The most important
security features are unlocking locked nvdimms, and updating/setting security
passphrase to nvdimms.
v11:
- Dropped keyring usage. (David)
- Fixed up scanf handling. (David)
- Removed callout info for request_key(). (David)
- Included Dan's patches and folded in some changes from Dan. (Dan)
- Made security_show a weak function to allow test override. (Dan)
v10:
- Change usage of strcmp to sysfs_streq. (Dan)
- Lock nvdimm bus when doing secure erase. (Dan)
- Change dev_info to dev_dbg for dimm unlocked success output. (Dan)
v9:
- Addressed various misc comments. (David, Dan)
- Removed init_cred and replaced with current_cred(). (David)
- Changed NVDIMM_PREFIX to char[] constant (David)
- Moved NVDIMM_PREFIX to include/uapi/linux/ndctl.h (Dan)
- Reworked security_update to use old user key to verify against kernel
key and then update with new user key. (David)
- Added requirement of disable and erase to require old user key for
verify. (Dan)
- Updated documentation. (Dave)
v8:
- Make the keys retained by the kernel user searchable in order to find the
key that needs to be updated for key update.
v7:
- Add CONFIG_KEYS depenency for libnvdimm. (Alison)
- Export lookup_user_key(). (David)
- Modified "update" to take two key ids and and use lookup_user_key() in
order to improve security. (David)
- Use key ptrs and key_validate() for cached keys. (David)
v6:
- Fix intel DSM data structures to use defined size for passphrase (Robert)
- Fix memcpy size to use sizeof data structure member (Robert)
- Fix defined dimm id length (Robert)
- Making intel_security_ops const (Eric)
- Remove unused var in nvdimm_key_search() (Eric)
- Added wbinvd before secure erase is issued (Robert)
- Removed key_put_sync() usage (David)
- Use init_cred instead of creating own cred (David)
- Exported init_cred symbol
- Move keyring to dedicated (David)
- Use logon_key_type and friends instead of creating custom (David)
- Use key_lookup() with stored key serial (David)
- Exported key_lookup() symbol
- Mark passed in key data as const (David)
- Added comment for change_pass_phrase to explain how it works (David)
- Unlink key when it's being removed from keyring. (David)
- Removed request_key() from all security ops except update and unlock.
- Update will now update the existing key's payload with the new key's
retrieved from userspace when the new payload is accepted by nvdimm.
v5:
- Moved dimm_id initialization (Dan)
- Added a key_put_sync() in order to run key_gc_work and cleanup old key. (Dan)
- Added check to block security state changes while DIMM is active. (Dan)
v4:
- flip payload layout for update passphrase to make it easier on userland.
v3:
- Set x86 wrappers for x86 only bits. (Dan)
- Fixed up some verbiage in commit headers.
- Put in usage of sysfs_streq() for sysfs inputs.
- 0-day build fixes for non-x86 archs.
v2:
- Move inclusion of intel.h to relevant source files and not in nfit.h. (Dan)
- Moved security ring relevant code to dimm_devs.c. (Dan)
- Added dimm_id to nfit_mem to avoid recreate per sysfs show call. (Dan)
- Added routine to return security_ops based on family supplied. (Dan)
- Added nvdimm_key_data struct to wrap raw passphrase string. (Dan)
- Allocate firmware package on stack. (Dan)
- Added missing frozen state detection when retrieving security state.
---
Dan Williams (2):
libnvdimm: Drop nvdimm_bus from security_ops interface
acpi, nfit: Move acpi_nfit_get_security_ops() to generic location
Dave Jiang (10):
nfit: add support for Intel DSM 1.7 commands
nfit/libnvdimm: store dimm id as a member to struct nvdimm
keys: export lookup_user_key to external users
nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs
nfit/libnvdimm: add set passphrase support for Intel nvdimms
nfit/libnvdimm: add disable passphrase support to Intel nvdimm.
nfit/libnvdimm: add freeze security support to Intel nvdimm
nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm
nfit_test: add test support for Intel nvdimm security DSMs
libnvdimm: add documentation for nvdimm security support
Documentation/nvdimm/security.txt | 99 +++++++
drivers/acpi/nfit/Makefile | 1
drivers/acpi/nfit/core.c | 68 ++++-
drivers/acpi/nfit/intel.c | 369 ++++++++++++++++++++++++++
drivers/acpi/nfit/intel.h | 70 +++++
drivers/acpi/nfit/nfit.h | 20 +
drivers/nvdimm/Kconfig | 1
drivers/nvdimm/bus.c | 8 -
drivers/nvdimm/dimm.c | 7
drivers/nvdimm/dimm_devs.c | 531 +++++++++++++++++++++++++++++++++++++
drivers/nvdimm/nd-core.h | 5
drivers/nvdimm/nd.h | 4
include/linux/key.h | 3
include/linux/libnvdimm.h | 46 +++
include/uapi/linux/ndctl.h | 6
security/keys/internal.h | 2
security/keys/process_keys.c | 1
tools/testing/nvdimm/Kbuild | 2
tools/testing/nvdimm/dimm_devs.c | 39 +++
tools/testing/nvdimm/test/nfit.c | 185 +++++++++++++
20 files changed, 1446 insertions(+), 21 deletions(-)
create mode 100644 Documentation/nvdimm/security.txt
create mode 100644 drivers/acpi/nfit/intel.c
create mode 100644 drivers/acpi/nfit/intel.h
create mode 100644 tools/testing/nvdimm/dimm_devs.c
--
2 years
[PATCH v2 0/5] Adding nvdimm overwrite support
by Dave Jiang
The following series implements the overwrite support for Intel nvdimm.
Overwrite DSM commands are part of Intel DSM v1.7 spec. It allows the
nvdimm to wipe all the information on the target nvdimm (including the
label area). The operation can take tens of mintues or more depending
on the size of the nvdimm.
v2:
- rebase with Dan's changes for the security code.
---
Dave Jiang (5):
libnvdimm: introduce NDD_SECURITY_BUSY flag
libnvdimm: Add security DSM overwrite support
nfit_test: Add overwrite support for nfit_test
libnvdimm: add overwrite status notification
libnvdimm: add documentation for ovewrite
Documentation/nvdimm/security.txt | 11 ++
drivers/acpi/nfit/core.c | 5 +
drivers/acpi/nfit/intel.c | 113 ++++++++++++++++++++
drivers/acpi/nfit/intel.h | 4 +
drivers/acpi/nfit/nfit.h | 1
drivers/nvdimm/core.c | 3 +
drivers/nvdimm/dimm.c | 4 +
drivers/nvdimm/dimm_devs.c | 204 +++++++++++++++++++++++++++++++++++++
drivers/nvdimm/nd-core.h | 4 +
drivers/nvdimm/nd.h | 3 +
drivers/nvdimm/region_devs.c | 7 +
include/linux/libnvdimm.h | 7 +
tools/testing/nvdimm/test/nfit.c | 55 ++++++++++
13 files changed, 419 insertions(+), 2 deletions(-)
--
2 years
[PATCH v10 00/12] Adding security support for nvdimm
by Dave Jiang
The following series implements security support for nvdimm. Mostly adding
new security DSM support from the Intel NVDIMM DSM spec v1.7, but also
adding generic support libnvdimm for other vendors. The most important
security features are unlocking locked nvdimms, and updating/setting security
passphrase to nvdimms.
v10:
- Change usage of strcmp to sysfs_streq. (Dan)
- Lock nvdimm bus when doing secure erase. (Dan)
- Change dev_info to dev_dbg for dimm unlocked success output. (Dan)
v9:
- Addressed various misc comments. (David, Dan)
- Removed init_cred and replaced with current_cred(). (David)
- Changed NVDIMM_PREFIX to char[] constant (David)
- Moved NVDIMM_PREFIX to include/uapi/linux/ndctl.h (Dan)
- Reworked security_update to use old user key to verify against kernel
key and then update with new user key. (David)
- Added requirement of disable and erase to require old user key for
verify. (Dan)
- Updated documentation. (Dave)
v8:
- Make the keys retained by the kernel user searchable in order to find the
key that needs to be updated for key update.
v7:
- Add CONFIG_KEYS depenency for libnvdimm. (Alison)
- Export lookup_user_key(). (David)
- Modified "update" to take two key ids and and use lookup_user_key() in
order to improve security. (David)
- Use key ptrs and key_validate() for cached keys. (David)
v6:
- Fix intel DSM data structures to use defined size for passphrase (Robert)
- Fix memcpy size to use sizeof data structure member (Robert)
- Fix defined dimm id length (Robert)
- Making intel_security_ops const (Eric)
- Remove unused var in nvdimm_key_search() (Eric)
- Added wbinvd before secure erase is issued (Robert)
- Removed key_put_sync() usage (David)
- Use init_cred instead of creating own cred (David)
- Exported init_cred symbol
- Move keyring to dedicated (David)
- Use logon_key_type and friends instead of creating custom (David)
- Use key_lookup() with stored key serial (David)
- Exported key_lookup() symbol
- Mark passed in key data as const (David)
- Added comment for change_pass_phrase to explain how it works (David)
- Unlink key when it's being removed from keyring. (David)
- Removed request_key() from all security ops except update and unlock.
- Update will now update the existing key's payload with the new key's
retrieved from userspace when the new payload is accepted by nvdimm.
v5:
- Moved dimm_id initialization (Dan)
- Added a key_put_sync() in order to run key_gc_work and cleanup old key. (Dan)
- Added check to block security state changes while DIMM is active. (Dan)
v4:
- flip payload layout for update passphrase to make it easier on userland.
v3:
- Set x86 wrappers for x86 only bits. (Dan)
- Fixed up some verbiage in commit headers.
- Put in usage of sysfs_streq() for sysfs inputs.
- 0-day build fixes for non-x86 archs.
v2:
- Move inclusion of intel.h to relevant source files and not in nfit.h. (Dan)
- Moved security ring relevant code to dimm_devs.c. (Dan)
- Added dimm_id to nfit_mem to avoid recreate per sysfs show call. (Dan)
- Added routine to return security_ops based on family supplied. (Dan)
- Added nvdimm_key_data struct to wrap raw passphrase string. (Dan)
- Allocate firmware package on stack. (Dan)
- Added missing frozen state detection when retrieving security state.
---
Dave Jiang (12):
nfit: add support for Intel DSM 1.7 commands
libnvdimm: create keyring to store security keys
nfit/libnvdimm: store dimm id as a member to struct nvdimm
keys: export lookup_user_key to external users
nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs
nfit/libnvdimm: add set passphrase support for Intel nvdimms
nfit/libnvdimm: add disable passphrase support to Intel nvdimm.
nfit/libnvdimm: add freeze security support to Intel nvdimm
nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm
nfit_test: add context to dimm_dev for nfit_test
nfit_test: add test support for Intel nvdimm security DSMs
libnvdimm: add documentation for nvdimm security support
Documentation/nvdimm/security.txt | 99 +++++++
drivers/acpi/nfit/Makefile | 1
drivers/acpi/nfit/core.c | 58 +++-
drivers/acpi/nfit/intel.c | 382 ++++++++++++++++++++++++++
drivers/acpi/nfit/intel.h | 82 +++++
drivers/acpi/nfit/nfit.h | 20 +
drivers/nvdimm/Kconfig | 1
drivers/nvdimm/bus.c | 2
drivers/nvdimm/core.c | 7
drivers/nvdimm/dimm.c | 7
drivers/nvdimm/dimm_devs.c | 552 +++++++++++++++++++++++++++++++++++++
drivers/nvdimm/nd-core.h | 6
drivers/nvdimm/nd.h | 2
include/linux/key.h | 3
include/linux/libnvdimm.h | 42 +++
include/uapi/linux/ndctl.h | 6
security/keys/internal.h | 2
security/keys/process_keys.c | 1
tools/testing/nvdimm/Kbuild | 1
tools/testing/nvdimm/test/nfit.c | 227 ++++++++++++++-
20 files changed, 1465 insertions(+), 36 deletions(-)
create mode 100644 Documentation/nvdimm/security.txt
create mode 100644 drivers/acpi/nfit/intel.c
create mode 100644 drivers/acpi/nfit/intel.h
--
2 years
