* nvme sanitize command
@ 2025-01-13 10:57 Renaud Barbier
2025-01-13 11:18 ` Ahmad Fatoum
0 siblings, 1 reply; 6+ messages in thread
From: Renaud Barbier @ 2025-01-13 10:57 UTC (permalink / raw)
To: Barebox List
I would like to add a nvme sanitize command to the barebox. Something like "nvme sanitize" where at first the only option is block erase.
I have a level of understanding on how admin commands are passed to the device through the /drivers/nvme/host/[core.c|pci.c.]
Looking at the parted command, I am not sure how it goes from the command call to the partition layer support (EFI or DOS) to the driver.
I see that Linux make use of an ioctl to trigger the sanitize command.
How would you approach the introduction of this new command?
Any help is appreciated.
Renaud
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: nvme sanitize command
2025-01-13 10:57 nvme sanitize command Renaud Barbier
@ 2025-01-13 11:18 ` Ahmad Fatoum
2025-01-13 14:03 ` Renaud Barbier
0 siblings, 1 reply; 6+ messages in thread
From: Ahmad Fatoum @ 2025-01-13 11:18 UTC (permalink / raw)
To: Renaud Barbier, Barebox List
Hello Renaud,
On 13.01.25 11:57, Renaud Barbier wrote:
> I would like to add a nvme sanitize command to the barebox. Something like "nvme sanitize" where at first the only option is block erase.
That would indeed be useful to have.
> I have a level of understanding on how admin commands are passed to the device through the /drivers/nvme/host/[core.c|pci.c.]
> Looking at the parted command, I am not sure how it goes from the command call to the partition layer support (EFI or DOS) to the driver.
>
> I see that Linux make use of an ioctl to trigger the sanitize command.
We do have ioctls on cdev in barebox, but we also have an actual erase
operation, so I prefer we use that instead.
> How would you approach the introduction of this new command?
> Any help is appreciated.
I did something similar recently with SD/MMC[1], which also have special commands for
erase.
In short, I would suggest you extend nvme_block_device_ops in drivers/nvme/host/core.c
with a new .erase operation and use that instead of creating a new ioctl.
Erasure is then possible manually via the erase command.
As second step, we can then discuss if we should call it automatically before
partition table write.
Note that the erasure types supported by barebox are currently:
ERASE_TO_WRITE: Mainly applicable to raw flash
ERASE_TO_CLEAR: Reading will return a fixed pattern and not any stale data
You may want to add a third option:
ERASE_TO_DISCARD: A hint to the storage medium that we don't care for the data
in the erased region and reads from that region are allowed to
return arbitrary values until written again.
Useful for wear leveling.
I suspect that last erase type is what you are interested in (perhaps with a better
name?)
[1]: https://lore.barebox.org/barebox/20240731080510.364706-1-a.fatoum@pengutronix.de/
Cheers,
Ahmad
>
> Renaud
>
>
>
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: nvme sanitize command
2025-01-13 11:18 ` Ahmad Fatoum
@ 2025-01-13 14:03 ` Renaud Barbier
2025-01-13 14:36 ` Ahmad Fatoum
0 siblings, 1 reply; 6+ messages in thread
From: Renaud Barbier @ 2025-01-13 14:03 UTC (permalink / raw)
To: Ahmad Fatoum, Barebox List
> -----Original Message-----
> From: Ahmad Fatoum <a.fatoum@pengutronix.de>
> Sent: 13 January 2025 11:18
> To: Renaud Barbier <Renaud.Barbier@ametek.com>; Barebox List
> <barebox@lists.infradead.org>
> Subject: Re: nvme sanitize command
>
> ***NOTICE*** This came from an external source. Use caution when replying,
> clicking links, or opening attachments.
>
> Hello Renaud,
>
> On 13.01.25 11:57, Renaud Barbier wrote:
> > I would like to add a nvme sanitize command to the barebox. Something like
> "nvme sanitize" where at first the only option is block erase.
>
> That would indeed be useful to have.
>
> > I have a level of understanding on how admin commands are passed to
> > the device through the /drivers/nvme/host/[core.c|pci.c.]
> > Looking at the parted command, I am not sure how it goes from the
> command call to the partition layer support (EFI or DOS) to the driver.
> >
> > I see that Linux make use of an ioctl to trigger the sanitize command.
>
> We do have ioctls on cdev in barebox, but we also have an actual erase
> operation, so I prefer we use that instead.
Below the option for sanitize command:
# nvme sanitize --help
Usage: nvme sanitize <device> [OPTIONS]
Send a sanitize command.
Options:
[ --no-dealloc, -d ] --- No deallocate after sanitize.
[ --oipbp, -i ] --- Overwrite invert pattern between
passes.
[ --owpass=<NUM>, -n <NUM> ] --- Overwrite pass count.
[ --ause, -u ] --- Allow unrestricted sanitize exit.
[ --sanact=<NUM>, -a <NUM> ] --- Sanitize action.
[ --ovrpat=<NUM>, -p <NUM> ] --- Overwrite pattern.
Note I am talking about sanitize operation that is the whole device being erased i.e there is no start and end block to be specified.
Using erase would limit sanitisation to erasing the whole media and no possibility to use the other options such as overwrite where a pattern and a number of pass is specified.
Unless a way can be added to set features for sanitize.
At present, erase is all I need so I will add the erase entry point with the sanitisation action being NVME_SANITIZE_SANACT_START_BLOCK_ERASE as default.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: nvme sanitize command
2025-01-13 14:03 ` Renaud Barbier
@ 2025-01-13 14:36 ` Ahmad Fatoum
2025-01-13 15:04 ` Renaud Barbier
0 siblings, 1 reply; 6+ messages in thread
From: Ahmad Fatoum @ 2025-01-13 14:36 UTC (permalink / raw)
To: Renaud Barbier, Barebox List
Hi Renaud,
On 13.01.25 15:03, Renaud Barbier wrote:
>> We do have ioctls on cdev in barebox, but we also have an actual erase
>> operation, so I prefer we use that instead.
>
> Below the option for sanitize command:
> # nvme sanitize --help
> Usage: nvme sanitize <device> [OPTIONS]
>
> Send a sanitize command.
>
> Options:
> [ --no-dealloc, -d ] --- No deallocate after sanitize.
> [ --oipbp, -i ] --- Overwrite invert pattern between
> passes.
> [ --owpass=<NUM>, -n <NUM> ] --- Overwrite pass count.
> [ --ause, -u ] --- Allow unrestricted sanitize exit.
> [ --sanact=<NUM>, -a <NUM> ] --- Sanitize action.
> [ --ovrpat=<NUM>, -p <NUM> ] --- Overwrite pattern.
Thanks, I had looked in nvme(1), but I should have looked in nvme-sanitize(1)
instead.
> Note I am talking about sanitize operation that is the whole device being erased i.e there is no start and end block to be specified.
So this is a single command that erases the whole device, but doesn't take
block offsets/length as arguments? Do you know what value the erased
data can have afterwards?
> Using erase would limit sanitisation to erasing the whole media
Isn't this what you want? Erase the whole device at once?
Anyway, the erase command can be extended as needed to take offset/length
or to change erasure type.
Currently erasing only part of the device is possible by adding calling
erase on a partition (perhaps allocated via addpart).
> and no possibility to use the other options such as overwrite where a pattern and a number of pass is specified.
Generally, I prefer not to copy the Linux style of device-specific ioctl
codes unless necessary.
For such very specific use cases, ioctl makes sense, yes.
cdev already supports ioctl, but block device doesn't, so the
natural step would be to add struct block_device_ops::ioctl,
which is called from struct block_device::cdev::ioctl.
I think we don't need that yet though, see below.
> Unless a way can be added to set features for sanitize.
> At present, erase is all I need so I will add the erase entry point with the sanitisation action being NVME_SANITIZE_SANACT_START_BLOCK_ERASE as default.
How about you implement erase in nvme, but check that size arguments indeed describe
the whole device: If it does, you do your sanitize operation and if it doesn't,
return -ENOSYS.
Would that work for you?
Cheers,
Ahmad
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: nvme sanitize command
2025-01-13 14:36 ` Ahmad Fatoum
@ 2025-01-13 15:04 ` Renaud Barbier
2025-01-13 15:36 ` Ahmad Fatoum
0 siblings, 1 reply; 6+ messages in thread
From: Renaud Barbier @ 2025-01-13 15:04 UTC (permalink / raw)
To: Ahmad Fatoum, Barebox List
> Hi Renaud,
>
> On 13.01.25 15:03, Renaud Barbier wrote:
> >> We do have ioctls on cdev in barebox, but we also have an actual
> >> erase operation, so I prefer we use that instead.
> >
> > Below the option for sanitize command:
> > # nvme sanitize --help
> > Usage: nvme sanitize <device> [OPTIONS]
> >
> > Send a sanitize command.
> >
> > Options:
> > [ --no-dealloc, -d ] --- No deallocate after sanitize.
> > [ --oipbp, -i ] --- Overwrite invert pattern between
> > passes.
> > [ --owpass=<NUM>, -n <NUM> ] --- Overwrite pass count.
> > [ --ause, -u ] --- Allow unrestricted sanitize exit.
> > [ --sanact=<NUM>, -a <NUM> ] --- Sanitize action.
> > [ --ovrpat=<NUM>, -p <NUM> ] --- Overwrite pattern.
>
> Thanks, I had looked in nvme(1), but I should have looked in nvme-sanitize(1)
> instead.
>
> > Note I am talking about sanitize operation that is the whole device being
> erased i.e there is no start and end block to be specified.
>
> So this is a single command that erases the whole device, but doesn't take
> block offsets/length as arguments? Do you know what value the erased data
> can have afterwards?
Indeed. No block offset/length as far as I can see from libnvme and nvme-cli Linux commands
I have added the erase entry point and ran the sanitize block erase command. This wiped out the whole device
barebox@LS1046A RDB Board:/ md -s /dev/nvme0n1
00000000: 00000000 00000000 00000000 00000000 ................
00000010: 00000000 00000000 00000000 00000000 ................
00000020: 00000000 00000000 00000000 00000000 ................
00000030: 00000000 00000000 00000000 00000000 ................
00000040: 00000000 00000000 00000000 00000000 ................
00000050: 00000000 00000000 00000000 00000000 ................
...
Whatever the offset I give, I get 0.
>
> > Using erase would limit sanitisation to erasing the whole media
>
> Isn't this what you want? Erase the whole device at once?
Yes. My number one goal is reached.
There maybe a requirement for pattern writing with several passes later.
> Anyway, the erase command can be extended as needed to take offset/length
> or to change erasure type.
>
> Currently erasing only part of the device is possible by adding calling erase on a
> partition (perhaps allocated via addpart).
>
> > and no possibility to use the other options such as overwrite where a pattern
> and a number of pass is specified.
>
> Generally, I prefer not to copy the Linux style of device-specific ioctl codes
> unless necessary.
>
> For such very specific use cases, ioctl makes sense, yes.
>
> cdev already supports ioctl, but block device doesn't, so the natural step
> would be to add struct block_device_ops::ioctl, which is called from struct
> block_device::cdev::ioctl.
>
> I think we don't need that yet though, see below.
>
> > Unless a way can be added to set features for sanitize.
> > At present, erase is all I need so I will add the erase entry point with the
> sanitisation action being NVME_SANITIZE_SANACT_START_BLOCK_ERASE as
> default.
>
> How about you implement erase in nvme, but check that size arguments
> indeed describe the whole device: If it does, you do your sanitize operation
> and if it doesn't, return -ENOSYS.
>
> Would that work for you?
Perfect. Thanks.
>
> Cheers,
> Ahmad
>
>
> >
> >
>
>
> --
> Pengutronix e.K. | |
> Steuerwalder Str. 21 |
> https://urldefense.com/v3/__http://www.pengutronix.de/__;!!HKOSU0g!AUi
> 6RmEZIZYR-
> U1OlElGWJEdi0g1ZCeRGBk5zYyXFu6ifUk_2PdDAdTfmpe_cMMuA4dN5J9hJ3
> bQtQzKggqYiqQvkqc$ |
> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: nvme sanitize command
2025-01-13 15:04 ` Renaud Barbier
@ 2025-01-13 15:36 ` Ahmad Fatoum
0 siblings, 0 replies; 6+ messages in thread
From: Ahmad Fatoum @ 2025-01-13 15:36 UTC (permalink / raw)
To: Renaud Barbier, Barebox List
Hello Renaud,
On 13.01.25 16:04, Renaud Barbier wrote:
>> On 13.01.25 15:03, Renaud Barbier wrote:
>> So this is a single command that erases the whole device, but doesn't take
>> block offsets/length as arguments? Do you know what value the erased data
>> can have afterwards?
>
> Indeed. No block offset/length as far as I can see from libnvme and nvme-cli Linux commands
>
> I have added the erase entry point and ran the sanitize block erase command. This wiped out the whole device
> barebox@LS1046A RDB Board:/ md -s /dev/nvme0n1
> 00000000: 00000000 00000000 00000000 00000000 ................
> 00000010: 00000000 00000000 00000000 00000000 ................
> 00000020: 00000000 00000000 00000000 00000000 ................
> 00000030: 00000000 00000000 00000000 00000000 ................
> 00000040: 00000000 00000000 00000000 00000000 ................
> 00000050: 00000000 00000000 00000000 00000000 ................
> ...
>
> Whatever the offset I give, I get 0.
Nice, assuming that's guaranteed by the standard, we don't need
to add a new ERASE_TO_DISCARD or similar yet.
>> Isn't this what you want? Erase the whole device at once?
> Yes. My number one goal is reached.
> There maybe a requirement for pattern writing with several passes later.
For that, ioctl is the way to go IMO as described in my last mail.
>>> Unless a way can be added to set features for sanitize.
>>> At present, erase is all I need so I will add the erase entry point with the
>> sanitisation action being NVME_SANITIZE_SANACT_START_BLOCK_ERASE as
>> default.
>>
>> How about you implement erase in nvme, but check that size arguments
>> indeed describe the whole device: If it does, you do your sanitize operation
>> and if it doesn't, return -ENOSYS.
>>
>> Would that work for you?
>
> Perfect. Thanks.
Cool. Send patches. :-)
Cheers,
Ahmad
>>
>> Cheers,
>> Ahmad
>>
>>
>>>
>>>
>>
>>
>> --
>> Pengutronix e.K. | |
>> Steuerwalder Str. 21 |
>> https://urldefense.com/v3/__http://www.pengutronix.de/__;!!HKOSU0g!AUi
>> 6RmEZIZYR-
>> U1OlElGWJEdi0g1ZCeRGBk5zYyXFu6ifUk_2PdDAdTfmpe_cMMuA4dN5J9hJ3
>> bQtQzKggqYiqQvkqc$ |
>> 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
>> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-01-13 16:07 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-13 10:57 nvme sanitize command Renaud Barbier
2025-01-13 11:18 ` Ahmad Fatoum
2025-01-13 14:03 ` Renaud Barbier
2025-01-13 14:36 ` Ahmad Fatoum
2025-01-13 15:04 ` Renaud Barbier
2025-01-13 15:36 ` Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox