NVMe write protection support
Jonathan Derrick
jonathan.derrick at linux.dev
Fri Aug 26 12:40:10 PDT 2022
On 8/26/2022 1:39 PM, Jonathan Derrick wrote:
>
>
> On 8/25/2022 2:26 AM, Gilles Buloz wrote:
>>> On Sat, Aug 06, 2022 at 10:35:00 AM +0100, Christoph Hellwig wrote:
>>>> On Tue, Aug 02, 2022 at 09:20:02AM +0000, Gilles Buloz wrote:
>>>> Sorry Christoph, I'm completely newbie in NVMe and don't know what
>>>> "Namespace Write Protection Config" means.
>>>
>>> Take a look at
>>> https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0b-2021.12.18-Ratified.pdf
>>>
>>> and search for this term.
>>
>> Thank you for the specs.
>>
>>>> What I mean is that all the NVMe content seen by the user is write
>>>> protected.
>>>
>>> And that is what this feature is abut.
>>>
>>>> Our NVMe manufacturer partner has dedicated a pin of the module for
>>>> global write protection.
>>>
>>> There is no concept of a 'module' in NVMe.
>>
>> In fact this is a M.2 module : a M.2 PCIe SSD one. A M.2 GND pin has
>> been reused for WP with a pull-up on module, so that if the module is
>> plugged into a standard M.2 socket this pin is connected to GND and
>> the module is not protected. And in a socket providing WP on this pin,
>> the write protection can be enabled by setting the pin high or
>> unconnected.
>>
> In other words, your firmware needs to set bit 0 in the ID-NS's NSATTR
> field [1] in the Identify Namespace data structure(s) when WP pin is
> grounded.
s/grounded/set
>
>
>>>> But if we enable this protection and attempt a write (we should
>>>> not), we get a "critical medium error" which seems a bit brutal for
>>>> a disk that is still valid but just write protected. So I would like
>>>> to make sure the NVMe manufacturer has used the right method/status
>>>> to report this write protection, and if possible get a less fatal
>>>> error feedback.
>>>
>>> It seems like your manufacturer needs to read the NVMe spec and
>>> implement the correct features.
>>
>> Yes, that's why I requested some tips from experts like you to be sure.
>> And with the features implemented correctly, is a the case of a write
>> to a protected module already handled/expected by the kernel ? and
>> what message the kernel is expected to report in dmesg ?
> Search for 'Write Protected'/'Write Protection' in [1] spec.
> You will need to support certain command Status Codes in the controller
> to convey state information on commands that may change the namespace.
>
> [1] NVM Express Base Spec 2.0b, Figure 280
> https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0b-2021.12.18-Ratified.pdf
>
More information about the Linux-nvme
mailing list