Message ID | 5ee52b6cc60fb3d4ecc3d689a3b30eabf4359dba.1724297388.git.asml.silence@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | implement async block discards/etc. via io_uring | expand |
On Thu, Aug 22, 2024 at 04:35:57AM +0100, Pavel Begunkov wrote: > Add yet another io_uring cmd implementing async secure erases. > It has same page cache races as async discards and write zeroes and > reuses the common paths in general. How did you test this? Asking because my interruption fix for secure discard is still pending because I could not find a test environment for it. And also because for a "secure" [1] erase proper invalidation of the page cache actually matters, as otherwise you can still leak data to the device. [2] LBA based "secure" erase can't actually be secure on any storage device that can write out of place. Which is all of flash, but also modern HDDs when encountering error. It's a really bad interface we should never have have started to support.
On 8/22/24 07:36, Christoph Hellwig wrote: > On Thu, Aug 22, 2024 at 04:35:57AM +0100, Pavel Begunkov wrote: >> Add yet another io_uring cmd implementing async secure erases. >> It has same page cache races as async discards and write zeroes and >> reuses the common paths in general. > > How did you test this? Asking because my interruption fix for secure In short I didn't, exactly because it's a challenge finding anything that supports it. At least the change here is minimal, but ... > discard is still pending because I could not find a test environment > for it. And also because for a "secure" [1] erase proper invalidation > of the page cache actually matters, as otherwise you can still leak > data to the device. > > [2] LBA based "secure" erase can't actually be secure on any storage > device that can write out of place. Which is all of flash, but also > modern HDDs when encountering error. It's a really bad interface > we should never have have started to support. ... I should just drop it, not like async support makes much sense.
diff --git a/block/ioctl.c b/block/ioctl.c index 6f0676f21e7b..ab8bab6ee806 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -841,6 +841,18 @@ static int blkdev_cmd_write_zeroes(struct io_uring_cmd *cmd, bdev_write_zeroes_sectors(bdev), opf); } +static int blkdev_cmd_secure_erase(struct io_uring_cmd *cmd, + struct block_device *bdev, + uint64_t start, uint64_t len, bool nowait) +{ + blk_opf_t opf = REQ_OP_SECURE_ERASE; + + if (nowait) + opf |= REQ_NOWAIT; + return blkdev_queue_cmd(cmd, bdev, start, len, + bdev_max_secure_erase_sectors(bdev), opf); +} + static int blkdev_cmd_discard(struct io_uring_cmd *cmd, struct block_device *bdev, uint64_t start, uint64_t len, bool nowait) @@ -911,6 +923,9 @@ int blkdev_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags) case BLOCK_URING_CMD_WRITE_ZEROES: return blkdev_cmd_write_zeroes(cmd, bdev, start, len, bc->nowait); + case BLOCK_URING_CMD_SECURE_ERASE: + return blkdev_cmd_secure_erase(cmd, bdev, start, len, + bc->nowait); } return -EINVAL; } diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h index b9e20ce57a28..425957589bdf 100644 --- a/include/uapi/linux/fs.h +++ b/include/uapi/linux/fs.h @@ -210,6 +210,7 @@ struct fsxattr { #define BLOCK_URING_CMD_DISCARD 0 #define BLOCK_URING_CMD_WRITE_ZEROES 1 +#define BLOCK_URING_CMD_SECURE_ERASE 2 #define BMAP_IOCTL 1 /* obsolete - kept for compatibility */ #define FIBMAP _IO(0x00,1) /* bmap access */
Add yet another io_uring cmd implementing async secure erases. It has same page cache races as async discards and write zeroes and reuses the common paths in general. Suggested-by: Conrad Meyer <conradmeyer@meta.com> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> --- block/ioctl.c | 15 +++++++++++++++ include/uapi/linux/fs.h | 1 + 2 files changed, 16 insertions(+)