From: Gollu Appalanaidu Date: Thu, 9 Sep 2021 09:22:03 +0000 (+0530) Subject: add lockdown command support X-Git-Tag: v2.0-rc0~53^2~14 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=5e372d620e0ec9dd7f5fd2f9ef0e2623a91ff0d9;p=users%2Fsagi%2Fnvme-cli.git add lockdown command support Signed-off-by: Karthik Balan karthik.b82@samsung.com Signed-off-by: Gollu Appalanaidu [dwagner: dropped nvme-ioctl.c changes, part of libnvme] Signed-off-by: Daniel Wagner --- diff --git a/Documentation/nvme-lockdown.1 b/Documentation/nvme-lockdown.1 new file mode 100644 index 00000000..0c93229a --- /dev/null +++ b/Documentation/nvme-lockdown.1 @@ -0,0 +1,75 @@ +'\" t +.\" Title: nvme-lockdown +.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] +.\" Generator: DocBook XSL Stylesheets v1.79.1 +.\" Date: 09/09/2021 +.\" Manual: NVMe Manual +.\" Source: NVMe +.\" Language: English +.\" +.TH "NVME\-LOCKDOWN" "1" "09/09/2021" "NVMe" "NVMe Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +nvme-lockdown \- Send an NVMe Lockdown command to prohibit or allow the execution of command +.SH "SYNOPSIS" +.sp +.nf +\fInvme\-lockdown\fR [\-\-ofi= | \-o ] + [\-\-ifc= | \-f ] + [\-\-prhbt= | \-p ] + [\-\-scp= | \-s ] + [\-\-uuid= | \-U ] +.fi +.SH "DESCRIPTION" +.sp +The Lockdown command is used to control the Command and Feature Lockdown capability which configures the prohibition or allowance of execution of the specified commandor Set Features command targeting a specific Feature Identifier\&. +.SH "OPTIONS" +.PP +\-\-ofi=, \-o +.RS 4 +Opcode or Feature Identifier(OFI) specifies the command opcode or Set Features Feature Identifier identified by the Scope field\&. +.RE +.PP +\-\-ifc=, \-f +.RS 4 +Interface (INF) field identifies the interfaces affected by this command\&. +.RE +.PP +\-\-prhbt=, \-p +.RS 4 +Prohibit(PRHBT) bit specifies whether to prohibit or allow the command opcode or Set Features Feature Identifier specified by this command\&. +.RE +.PP +\-\-scp=, \-s +.RS 4 +Scope(SCP) field specifies the contents of the Opcode or Feature Identifier field\&. +.RE +.PP +\-\-uuid=, \-U +.RS 4 +UUID Index \- If this field is set to a non\-zerovalue, then the value of this field is the index of a UUID in the UUIDList that is used by the command\&. If this field is cleared to 0h,then no UUID index is specified\&. +.RE +.SH "EXAMPLES" +.sp +No examples yet\&. +.SH "NVME" +.sp +Part of the nvme\-user suite diff --git a/Documentation/nvme-lockdown.html b/Documentation/nvme-lockdown.html new file mode 100644 index 00000000..cb2e86c0 --- /dev/null +++ b/Documentation/nvme-lockdown.html @@ -0,0 +1,857 @@ + + + + + + +nvme-lockdown(1) + + + + + +
+
+

SYNOPSIS

+
+
+
nvme-lockdown <device> [--ofi=<ofi> | -o <ofi>]
+                        [--ifc=<ifc> | -f <ifc>]
+                        [--prhbt=<prhbt> | -p <prhbt>]
+                        [--scp=<scp> | -s <scp>]
+                        [--uuid=<UUID_Index> | -U <UUID_Index>]
+
+
+
+
+
+

DESCRIPTION

+
+

The Lockdown command is used to control the Command and Feature Lockdown +capability which configures the prohibition or allowance of execution of the +specified commandor Set Features command targeting a specific Feature +Identifier.

+
+
+
+

OPTIONS

+
+
+
+--ofi=<ofi> +
+
+-o <ofi> +
+
+

+ Opcode or Feature Identifier(OFI) specifies the command opcode or Set + Features Feature Identifier identified by the Scope field. +

+
+
+--ifc=<ifc> +
+
+-f <ifc> +
+
+

+ Interface (INF) field identifies the interfaces affected by this command. +

+
+
+--prhbt=<prhbt> +
+
+-p <prhbt> +
+
+

+ Prohibit(PRHBT) bit specifies whether to prohibit or allow the command + opcode or Set Features Feature Identifier specified by this command. +

+
+
+--scp=<scp> +
+
+-s <scp> +
+
+

+ Scope(SCP) field specifies the contents of the Opcode or Feature Identifier field. +

+
+
+--uuid=<UUID_Index> +
+
+-U <UUID_Index> +
+
+

+ UUID Index - If this field is set to a non-zerovalue, then the value of + this field is the index of a UUID in the UUIDList that is used by the command. + If this field is cleared to 0h,then no UUID index is specified. +

+
+
+
+
+
+

EXAMPLES

+
+

No examples yet.

+
+
+
+

NVME

+
+

Part of the nvme-user suite

+
+
+
+
+ + + diff --git a/Documentation/nvme-lockdown.txt b/Documentation/nvme-lockdown.txt new file mode 100644 index 00000000..e9ba86c2 --- /dev/null +++ b/Documentation/nvme-lockdown.txt @@ -0,0 +1,56 @@ +nvme-lockdown(1) +================ + +NAME +---- +nvme-lockdown - Send an NVMe Lockdown command to prohibit or allow the execution of command + +SYNOPSIS +-------- +[verse] +'nvme-lockdown' [--ofi= | -o ] + [--ifc= | -f ] + [--prhbt= | -p ] + [--scp= | -s ] + [--uuid= | -U ] + +DESCRIPTION +----------- +The Lockdown command is used to control the Command and Feature Lockdown +capability which configures the prohibition or allowance of execution of the +specified commandor Set Features command targeting a specific Feature +Identifier. + +OPTIONS +------- +--ofi=:: +-o :: + Opcode or Feature Identifier(OFI) specifies the command opcode or Set + Features Feature Identifier identified by the Scope field. + +--ifc=:: +-f :: + Interface (INF) field identifies the interfaces affected by this command. + +--prhbt=:: +-p :: + Prohibit(PRHBT) bit specifies whether to prohibit or allow the command + opcode or Set Features Feature Identifier specified by this command. + +--scp=:: +-s :: + Scope(SCP) field specifies the contents of the Opcode or Feature Identifier field. + +--uuid=:: +-U :: + UUID Index - If this field is set to a non-zerovalue, then the value of + this field is the index of a UUID in the UUIDList that is used by the command. + If this field is cleared to 0h,then no UUID index is specified. + +EXAMPLES +-------- +No examples yet. + +NVME +---- +Part of the nvme-user suite \ No newline at end of file diff --git a/completions/_nvme b/completions/_nvme index 17fc994c..3ce202fd 100644 --- a/completions/_nvme +++ b/completions/_nvme @@ -54,6 +54,7 @@ _nvme () { 'boot-part-log: retrieve boot partition log' 'fid-support-effects-log:retrieve fid support and effects log' 'supported-log-pages: retrieve support log pages details' + 'lockdown:submit a lockdown command' 'help:print brief descriptions of all nvme commands' ) @@ -394,6 +395,24 @@ _nvme () { _arguments '*:: :->subcmds' _describe -t commands "nvme get-feature options" _getf ;; + (lockdown) + local _lockdown + _lockdown=( + /dev/nvme':supply a device to use (required)' + --ofi=': Opcode or Feature Identifier(OFI) (required)' + -o':alias of --ofi' + --ifc=':Interface (INF) field Information (required)' + -f':alias of --ifc' + --prhbt=':Prohibit(PRHBT) bit field (required)' + -p':alias of --prhbt' + --scp=':Scope(SCP) field for identifying opcode or feature id (required)' + -s':alias of --scp' + --uuid=':UUID Index field required aligned with Scope' + -U':alias of --uuid' + ) + _arguments '*:: :->subcmds' + _describe -t commands "nvme lockdown options" _lockdown + ;; (set-feature) local _setf _setf=( @@ -871,7 +890,7 @@ _nvme () { resv-report flush compare read write copy show-regs persistent-event-log pred-lat-event-agg-log nvm-id-ctrl endurance-event-agg-log lba-status-log resv-notif-log capacity-mgmt id-domain boot-part-log fid-support-effects-log - supported-log-pages + supported-log-pages lockdown ) _arguments '*:: :->subcmds' _describe -t commands "help: infos on a specific nvme command, or provide no option to see a synopsis of all nvme commands" _h diff --git a/completions/bash-nvme-completion.sh b/completions/bash-nvme-completion.sh index ba219e35..76088d5b 100644 --- a/completions/bash-nvme-completion.sh +++ b/completions/bash-nvme-completion.sh @@ -101,7 +101,7 @@ _cmds="list list-subsys id-ctrl id-ns \ connect disconnect disconnect-all gen-hostnqn \ show-hostnqn dir-receive dir-send virt-mgmt \ rpmb boot-part-log fid-support-effects-log \ - supported-log-pages" + supported-log-pages lockdown" # Add plugins: for plugin in "${!_plugin_subcmds[@]}"; do @@ -301,6 +301,10 @@ nvme_list_opts () { opts+=" --operation= -f --element-id= -i --cap-lower= -l \ --cap-upper= -u" ;; + "lockdown") + opts+=" --ofi= -O --ifc= -F --prhbt= -P \ + -scp= -S --uuid -U" + ;; "admin-passthru") opts+=" --opcode= -o --flags= -f --prefil= -p --rsvd= -R \ --namespace-id= -n --data-len= -l --metadata-len= -m \ @@ -584,7 +588,7 @@ plugin_amzn_opts () { "id-ctrl") opts+=" --raw-binary -b --human-readable -H \ --vendor-specific -v --output-format= -o" - ;; + ;; "help") opts+=$NO_OPTS ;; @@ -636,7 +640,7 @@ plugin_lnvm_opts () { opts+=" --target-name= -n" ;; "factory") - opts+=" --device-name= -d --erase-only-marked -e + opts+=" --device-name= -d --erase-only-marked -e --clear-host-side-blks -s --clear-bb-blks -b" ;; "diag-bbtbl") @@ -848,7 +852,7 @@ plugin_huawei_opts () { "id-ctrl") opts+=" --raw-binary -b --human-readable -H \ --vendor-specific -v --output-format= -o" - ;; + ;; "help") opts+=$NO_OPTS ;; @@ -890,7 +894,7 @@ plugin_toshiba_opts () { opts+=$NO_OPTS ;; esac - + COMPREPLY+=( $( compgen $compargs -W "$opts" -- $cur ) ) return 0 @@ -1093,12 +1097,12 @@ plugin_shannon_opts () { "id-ctrl") opts+=" --raw-binary -b --human-readable -H \ --vendor-specific -v --output-format= -o" - ;; + ;; "help") opts+=$NO_OPTS ;; esac - + COMPREPLY+=( $( compgen $compargs -W "$opts" -- $cur ) ) return 0 @@ -1124,12 +1128,12 @@ plugin_dera_opts () { case "$1" in "smart-log-add") opts+=$NO_OPTS - ;; + ;; "help") opts+=$NO_OPTS ;; esac - + COMPREPLY+=( $( compgen $compargs -W "$opts" -- $cur ) ) return 0 @@ -1178,7 +1182,7 @@ plugin_sfx_opts () { opts+=$NO_OPTS ;; esac - + COMPREPLY+=( $( compgen $compargs -W "$opts" -- $cur ) ) return 0 @@ -1324,7 +1328,7 @@ plugin_nvidia_opts () { "id-ctrl") opts+=" --raw-binary -b --human-readable -H \ --vendor-specific -v --output-format= -o" - ;; + ;; "help") opts+=$NO_OPTS ;; @@ -1355,12 +1359,12 @@ plugin_ymtc_opts () { case "$1" in "smart-log-add") opts+=" --namespace-id= -n --raw-binary -b" - ;; + ;; "help") opts+=NO_OPTS ;; esac - + COMPREPLY+=( $( compgen $compargs -W "$opts" -- $cur ) ) return 0 diff --git a/nvme-builtin.h b/nvme-builtin.h index a4954886..72f64cf2 100644 --- a/nvme-builtin.h +++ b/nvme-builtin.h @@ -91,6 +91,7 @@ COMMAND_LIST( ENTRY("virt-mgmt", "Manage Flexible Resources between Primary and Secondary Controller ", virtual_mgmt) ENTRY("rpmb", "Replay Protection Memory Block commands", rpmb_cmd) ENTRY("fid-support-effects-log", "Submit Feature ID Support and Effects Log, Return result", get_fid_support_effects_log) + ENTRY("lockdown", "Submit a Lockdown command,return result", lockdown_cmd) ); #endif diff --git a/nvme.c b/nvme.c index 2c91362f..9f3aaab4 100644 --- a/nvme.c +++ b/nvme.c @@ -6170,6 +6170,100 @@ static int rpmb_cmd(int argc, char **argv, struct command *cmd, struct plugin *p return rpmb_cmd_option(argc, argv, cmd, plugin); } +static int lockdown_cmd(int argc, char **argv, struct command *cmd, struct plugin *plugin) +{ + const char *desc = "The Lockdown command is used to control the "\ + "Command and Feature Lockdown capability which configures the "\ + "prohibition or allowance of execution of the specified command "\ + "or Set Features command targeting a specific Feature Identifier."; + const char *ofi_desc = "Opcode or Feature Identifier(OFI) "\ + "specifies the command opcode or Set Features Feature Identifier "\ + "identified by the Scope field."; + const char *ifc_desc = "[0-3] Interface (INF) field identifies the "\ + "interfaces affected by this command."; + const char *prhbt_desc = "[0-1]Prohibit(PRHBT) bit specifies whether "\ + "to prohibit or allow the command opcode or Set Features Feature "\ + "Identifier specified by this command."; + const char *scp_desc = "[0-15]Scope(SCP) field specifies the contents "\ + "of the Opcode or Feature Identifier field."; + const char *uuid_desc = "UUID Index - If this field is set to a non-zero "\ + "value, then the value of this field is the index of a UUID in the UUID "\ + "List that is used by the command.If this field is cleared to 0h,"\ + "then no UUID index is specified"; + + int fd, err = -1; + + struct config { + __u8 ofi; + __u8 ifc; + __u8 prhbt; + __u8 scp; + __u8 uuid; + }; + + struct config cfg = { + .ofi = 0, + .ifc = 0, + .prhbt = 0, + .scp = 0, + .uuid = 0, + }; + + OPT_ARGS(opts) = { + OPT_BYTE("ofi", 'o', &cfg.ofi, ofi_desc), + OPT_BYTE("ifc", 'f', &cfg.ifc, ifc_desc), + OPT_BYTE("prhbt", 'p', &cfg.prhbt, prhbt_desc), + OPT_BYTE("scp", 's', &cfg.scp, scp_desc), + OPT_BYTE("uuid", 'U', &cfg.uuid, uuid_desc), + OPT_END() + }; + + err = fd = parse_and_open(argc, argv, desc, opts); + if (fd < 0) + goto ret; + + /* check for input arguement limit */ + if (cfg.ifc > 3) { + fprintf(stderr, "invalid interface settings:%d\n", cfg.ifc); + errno = EINVAL; + err = -1; + goto close_fd; + } + if (cfg.prhbt > 1) { + fprintf(stderr, "invalid prohibit settings:%d\n", cfg.prhbt); + errno = EINVAL; + err = -1; + goto close_fd; + } + if (cfg.scp > 15) { + fprintf(stderr, "invalid scope settings:%d\n", cfg.scp); + errno = EINVAL; + err = -1; + goto close_fd; + } + if (cfg.uuid > 127) { + fprintf(stderr, "invalid UUID index settings:%d\n", cfg.uuid); + errno = EINVAL; + err = -1; + goto close_fd; + } + + err = nvme_lockdown(fd, cfg.scp,cfg.prhbt,cfg.ifc,cfg.ofi, + cfg.uuid); + + if (err < 0) + perror("lockdown"); + else if (err > 0) + nvme_show_status(err); + else + printf("Lockdown Command is Successful\n"); + +close_fd: + close(fd); +ret: + return nvme_status_to_errno(err, false); +} + static int passthru(int argc, char **argv, bool admin, const char *desc, struct command *cmd) {