NVMe write protection support

Jonathan Derrick jonathan.derrick at linux.dev
Fri Aug 26 12:40:10 PDT 2022 


On 8/26/2022 1:39 PM, Jonathan Derrick wrote:
> 
> 
> On 8/25/2022 2:26 AM, Gilles Buloz wrote:
>>> On Sat, Aug 06, 2022 at 10:35:00 AM +0100, Christoph Hellwig wrote:
>>>> On Tue, Aug 02, 2022 at 09:20:02AM +0000, Gilles Buloz wrote:
>>>> Sorry Christoph, I'm completely newbie in NVMe and don't know what 
>>>> "Namespace Write Protection Config" means.
>>>
>>> Take a look at
>>> https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0b-2021.12.18-Ratified.pdf 
>>>
>>> and search for this term.
>>
>> Thank you for the specs.
>>
>>>> What I mean is that all the NVMe content seen by the user is write 
>>>> protected.
>>>
>>> And that is what this feature is abut.
>>>
>>>> Our NVMe manufacturer partner has dedicated a pin of the module for 
>>>> global write protection.
>>>
>>> There is no concept of a 'module' in NVMe.
>>
>> In fact this is a M.2 module : a M.2 PCIe SSD one. A M.2 GND pin has 
>> been reused for WP with a pull-up on module, so that if the module is 
>> plugged into a standard M.2 socket this pin is connected to GND and 
>> the module is not protected. And in a socket providing WP on this pin, 
>> the write protection can be enabled by setting the pin high or 
>> unconnected.
>>
> In other words, your firmware needs to set bit 0 in the ID-NS's NSATTR 
> field [1] in the Identify Namespace data structure(s) when WP pin is 
> grounded.
s/grounded/set

> 
> 
>>>> But if we enable this protection and attempt a write (we should 
>>>> not), we get a "critical medium error" which seems a bit brutal for 
>>>> a disk that is still valid but just write protected. So I would like 
>>>> to make sure the NVMe manufacturer has used the right method/status 
>>>> to report this write protection, and if possible get a less fatal 
>>>> error feedback.
>>>
>>> It seems like your manufacturer needs to read the NVMe spec and 
>>> implement the correct features.
>>
>> Yes, that's why I requested some tips from experts like you to be sure.
>> And with the features implemented correctly, is a the case of a write 
>> to a protected module already handled/expected by the kernel ? and 
>> what message the kernel is expected to report in dmesg ?
> Search for 'Write Protected'/'Write Protection' in [1] spec.
> You will need to support certain command Status Codes in the controller 
> to convey state information on commands that may change the namespace.
> 
> [1] NVM Express Base Spec 2.0b, Figure 280
> https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0b-2021.12.18-Ratified.pdf 
>

More information about the Linux-nvme mailing list