NVMe write protection support

Tue Sep 13 10:17:57 PDT 2022

Hi Jonathan,

Having a look to the specs at chapter "8.12 Namespace Write Protection", I see
"Figure 430 defines the transition between write protection states. All state transitions are based on Set Features commands unless 
otherwise specified. The initial state of a namespace at the time of its creation is the No Write Protect state."
But in my case the WP pin when enabled would make the initial state of the namespace at the time of its creation be "Write Protect". 
Or I could simulate a transition from "No Write Protect" to "Write Protect" but this would be without "Set Features" command.
In both cases I would be out of specs.

Also if the implementation is correct in the NVMe, and assuming the kernel already supports this case gracefully, what king of 
kernel message would I get (in dmesg) in case of a write to a protected device ?

On 8/26/2022 9:40 PM, Jonathan Derrick wrote:
>
> On 8/26/2022 1:39 PM, Jonathan Derrick wrote:
>>
>>
>> On 8/25/2022 2:26 AM, Gilles Buloz wrote:
>>>> On Sat, Aug 06, 2022 at 10:35:00 AM +0100, Christoph Hellwig wrote:
>>>>> On Tue, Aug 02, 2022 at 09:20:02AM +0000, Gilles Buloz wrote:
>>>>> Sorry Christoph, I'm completely newbie in NVMe and don't know what
>>>>> "Namespace Write Protection Config" means.
>>>>
>>>> Take a look at
>>>> https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvmexpress.org%2Fwp-content%2Fuploads%2FNVM-Express-Base-Specification-2.0b-2021.12.18-Ratified.pdf&data=05%7C01%7CGilles.Buloz%40kontron.com%7C1d97e0a70c1c4da35b4c08da879acb89%7C8c9d3c973fd941c8a2b1646f3942daf1%7C0%7C0%7C637971396556129208%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=CUa2QovHH9%2BWJH001d3vDHrSD%2F3KyKuhigo4EuQ4GbM%3D&reserved=0 
>>>>
>>>>
>>>> and search for this term.
>>>
>>> Thank you for the specs.
>>>
>>>>> What I mean is that all the NVMe content seen by the user is write
>>>>> protected.
>>>>
>>>> And that is what this feature is abut.
>>>>
>>>>> Our NVMe manufacturer partner has dedicated a pin of the module for
>>>>> global write protection.
>>>>
>>>> There is no concept of a 'module' in NVMe.
>>>
>>> In fact this is a M.2 module : a M.2 PCIe SSD one. A M.2 GND pin has
>>> been reused for WP with a pull-up on module, so that if the module is
>>> plugged into a standard M.2 socket this pin is connected to GND and
>>> the module is not protected. And in a socket providing WP on this pin,
>>> the write protection can be enabled by setting the pin high or
>>> unconnected.
>>>
>> In other words, your firmware needs to set bit 0 in the ID-NS's NSATTR
>> field [1] in the Identify Namespace data structure(s) when WP pin is
>> grounded.
> s/grounded/set
>
>>
>>
>>>>> But if we enable this protection and attempt a write (we should
>>>>> not), we get a "critical medium error" which seems a bit brutal for
>>>>> a disk that is still valid but just write protected. So I would like
>>>>> to make sure the NVMe manufacturer has used the right method/status
>>>>> to report this write protection, and if possible get a less fatal
>>>>> error feedback.
>>>>
>>>> It seems like your manufacturer needs to read the NVMe spec and
>>>> implement the correct features.
>>>
>>> Yes, that's why I requested some tips from experts like you to be sure.
>>> And with the features implemented correctly, is a the case of a write
>>> to a protected module already handled/expected by the kernel ? and
>>> what message the kernel is expected to report in dmesg ?
>> Search for 'Write Protected'/'Write Protection' in [1] spec.
>> You will need to support certain command Status Codes in the controller
>> to convey state information on commands that may change the namespace.
>>
>> [1] NVM Express Base Spec 2.0b, Figure 280
>> https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnvmexpress.org%2Fwp-content%2Fuploads%2FNVM-Express-Base-Specification-2.0b-2021.12.18-Ratified.pdf&data=05%7C01%7CGilles.Buloz%40kontron.com%7C1d97e0a70c1c4da35b4c08da879acb89%7C8c9d3c973fd941c8a2b1646f3942daf1%7C0%7C0%7C637971396556285269%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3xwpGWKfZwzL7PAisPNw9zRJTubYQjNxtoK3jCYufYU%3D&reserved=0 
>>
>>
> .